LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-15-2004, 09:20 PM   #1
Skunk_Face
Member
 
Registered: Jan 2004
Posts: 54

Rep: Reputation: 15
Unhappy data recovery tool


Dont really know whether i should be asking a windows question in a linux forum...but here goes

I had another box which was running win2k pro and had some files which were encrypted using the properties > advance > encrypt options. Now some time back my windows box had some severe issues and i couldnt get the corresponding encryption key

is there any way to recover my EFS encrypted data using linux?? coz i found a couple of shareware that worked to actually recover a portion of files but required $$$ for the activation key and am flat broke now
 
Old 03-15-2004, 10:06 PM   #2
hollywoodb
Member
 
Registered: Aug 2003
Location: Minnesota, U.S.A.
Distribution: Debian, openSUSE
Posts: 400

Rep: Reputation: 30
depending on if its fat or ntfs, you can enable support for both in the kernel, built-in or as modules....

I had a similar thing happen on an ntfs partition, I mounted the partition (at the time it was /dev/hdb1 i believe) with mount -t ntfs /dev/hdb1 /mnt/win (mkdir /mnt/win), and I could read the volume as you normally would when logged in as root....

I was using winxp "encryption" also, which didn't seem to have any effect at all when reading from linux....

hope this helps. there are also some tools/recovery specific distros liveCDs out there, you should be able to find them on www.distrowatch.com (or .net or .org, i forget)
 
Old 03-18-2004, 02:29 AM   #3
larstj
LQ Newbie
 
Registered: Mar 2003
Location: Denmark
Distribution: Slackware and Gentoo
Posts: 20

Rep: Reputation: 0
OK, this really doesn't belong on LQ, but here goes anyway:

As far as I know, default recovery policy in w2k/xp/2003 is that when files/folders are encrypted with EFS, local admins public key will be used with the user public key. The list of public keys used is then encrypted once more with the recovery agent key.
The purpose of this is, that it should be possible for admins to recover encrypted files, should an employee go rogue, and delete his/hers private key.

So, create a new certificate (at least I think so), using the MMC cert. snap-in as a local admin user (if not THE local admin user), and you're now able to decrypt the files on the computer's fs.

It's been a while since i've done this, so please forgive any errors, and please use the technet website for any MS related stuff:

http://technet.microsoft.com/

Last edited by larstj; 03-18-2004 at 12:24 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Should I open source my raid recovery tool? eantoranz Programming 6 02-21-2010 02:56 AM
WinNT pwd recovery tool ??? DonNostradamus General 6 06-13-2004 11:21 AM
Data Recovery Tool PhuckFonix Linux - Security 5 06-07-2004 06:24 PM
Data Recovery Tool sniff Linux - Software 2 11-29-2003 01:10 PM
is there any file recovery tool in RH9? 286 Linux - Newbie 4 11-11-2003 10:47 AM


All times are GMT -5. The time now is 08:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration