-   Linux - Security (
-   -   data recovery tool (

Skunk_Face 03-15-2004 10:20 PM

data recovery tool
Dont really know whether i should be asking a windows question in a linux forum...but here goes

I had another box which was running win2k pro and had some files which were encrypted using the properties > advance > encrypt options. Now some time back my windows box had some severe issues and i couldnt get the corresponding encryption key

is there any way to recover my EFS encrypted data using linux?? coz i found a couple of shareware that worked to actually recover a portion of files but required $$$ for the activation key and am flat broke now

hollywoodb 03-15-2004 11:06 PM

depending on if its fat or ntfs, you can enable support for both in the kernel, built-in or as modules....

I had a similar thing happen on an ntfs partition, I mounted the partition (at the time it was /dev/hdb1 i believe) with mount -t ntfs /dev/hdb1 /mnt/win (mkdir /mnt/win), and I could read the volume as you normally would when logged in as root....

I was using winxp "encryption" also, which didn't seem to have any effect at all when reading from linux....

hope this helps. there are also some tools/recovery specific distros liveCDs out there, you should be able to find them on (or .net or .org, i forget)

larstj 03-18-2004 03:29 AM

OK, this really doesn't belong on LQ, but here goes anyway:

As far as I know, default recovery policy in w2k/xp/2003 is that when files/folders are encrypted with EFS, local admins public key will be used with the user public key. The list of public keys used is then encrypted once more with the recovery agent key.
The purpose of this is, that it should be possible for admins to recover encrypted files, should an employee go rogue, and delete his/hers private key.

So, create a new certificate (at least I think so), using the MMC cert. snap-in as a local admin user (if not THE local admin user), and you're now able to decrypt the files on the computer's fs.

It's been a while since i've done this, so please forgive any errors, and please use the technet website for any MS related stuff:

All times are GMT -5. The time now is 05:53 AM.