Help Unencyrpting Windows documents

jeremyhuson9672 · 2018-02-28T20:41:10.000Z

Hi Everyone,

Long story short, windows update stopped the computer from booting, so new HDD and reinstall. Half of the old data is encrypted via EFS on windows 10 pro. Where / how can I find the key (user does not have a backup of it)

I have access to all the old files, windows folders etc as the drive is plugged into the same PC

Thanks in advance!

mikejt · 2018-02-28T20:49:17.000Z

That’s kind of the whole point… If you don’t have the certificate, you can’t decrypt it. If the user did not back up their certificate, they have essentially lost that data.

nathm · 2018-02-28T20:49:46.000Z

if you don’t have a backup of your EFS key, your documents are gone forever.

sorry, but if there was some sort of backdoor into EFS there just would be no point in using it.

Neally · 2018-02-28T20:55:43.000Z

You need the key / certificate, otherwise you can not restore it.

That’s like losing the only key to a vault.Oops.

learn.microsoft.com

Data Recovery and Encrypting File System (EFS)

breffni · 2018-02-28T21:16:35.000Z

If someone had forgotten the combination to a safe, in theory you could get a safe cracker to break into it, the difficulty goes up or down depending on the model and the materials.

With digital, it is nigh impossible to beat encryption unless there is a flaw in the method or known exploit. (tapping into the memory of a live system, etc)

You are on a worst case scenario with this. The data is gone for good, If you had a very large bounty reward for that data then maybe a security company might take you up on that and try breaking in, as it is, the best solution is a backup plan.

jeremyhuson9672 · 2018-02-28T21:52:04.000Z

Hi there, this is a users documents data.

There is possibly a way that i could fix the windows installation i could then recover the key.

If i did a repair of windows would the key still be there when i got into it?

mikejt · 2018-02-28T21:53:46.000Z

Yes repairing the windows installation is the way to go if you want to get those files back.

jimender2 · 2018-03-01T02:47:00.000Z

You would have to repair all of the system files on the windows computer in order to boot and then you would be able to (in theory) be able to recover the documents.

nathm · 2018-03-01T22:06:55.000Z

MikeJT:

Yes repairing the windows installation is the way to go if you want to get those files back.

why? why is the encryption key for those files stored on the same volume the encrypted files are?

nathm · 2018-03-01T22:09:00.000Z

jimender2:

You would have to repair all of the system files on the windows computer in order to boot and then you would be able to (in theory) be able to recover the documents.

how? OP has the files but doesn’t have the key.

nathm · 2018-03-01T22:10:28.000Z

Jeremy5:

Hi there, this is a users documents data.

There is possibly a way that i could fix the windows installation i could then recover the key.

If i did a repair of windows would the key still be there when i got into it?

did you have a recovery policy set for your EFS?
are you even on a domain, or is this a workgroup?