Recovering EFS files after computer was securely wiped

Home Forums Security Forgot Administrator Password Recovering EFS files after computer was securely wiped

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    mtgarden
    Member
    #126034

    OK, I have an administrative user who securely wiped their PC (after backing up the critical files etc…). Then they realized that they hadn’t copied the registry keys for decrypting their EFS files. (I assume that it was EFS since they were using a fully patched XP Pro and hit the right-click>Encrypt).

    Anyway, to make a long story short, they have backed up files without any keys. It would appear, that I could potentially extract the DFA key (which I would assume by default is the Administrator from the old box) and use that to decrypt the file. Maybe if the file is dropped on a box with the same username/password?

    I’m a little out of my league on this one. Could I get some assistance?

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.