OK, I have an administrative user who securely wiped their PC (after backing up the critical files etc…). Then they realized that they hadn’t copied the registry keys for decrypting their EFS files. (I assume that it was EFS since they were using a fully patched XP Pro and hit the right-click>Encrypt).
Anyway, to make a long story short, they have backed up files without any keys. It would appear, that I could potentially extract the DFA key (which I would assume by default is the Administrator from the old box) and use that to decrypt the file. Maybe if the file is dropped on a box with the same username/password?
I’m a little out of my league on this one. Could I get some assistance?