Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 03-15-2004, 09:20 PM   #1
Registered: Jan 2004
Posts: 54

Rep: Reputation: 15
Unhappy data recovery tool

Dont really know whether i should be asking a windows question in a linux forum...but here goes

I had another box which was running win2k pro and had some files which were encrypted using the properties > advance > encrypt options. Now some time back my windows box had some severe issues and i couldnt get the corresponding encryption key

is there any way to recover my EFS encrypted data using linux?? coz i found a couple of shareware that worked to actually recover a portion of files but required $$$ for the activation key and am flat broke now
Old 03-15-2004, 10:06 PM   #2
Registered: Aug 2003
Location: Minnesota, U.S.A.
Distribution: Debian, openSUSE
Posts: 400

Rep: Reputation: 30
depending on if its fat or ntfs, you can enable support for both in the kernel, built-in or as modules....

I had a similar thing happen on an ntfs partition, I mounted the partition (at the time it was /dev/hdb1 i believe) with mount -t ntfs /dev/hdb1 /mnt/win (mkdir /mnt/win), and I could read the volume as you normally would when logged in as root....

I was using winxp "encryption" also, which didn't seem to have any effect at all when reading from linux....

hope this helps. there are also some tools/recovery specific distros liveCDs out there, you should be able to find them on (or .net or .org, i forget)
Old 03-18-2004, 02:29 AM   #3
LQ Newbie
Registered: Mar 2003
Location: Denmark
Distribution: Slackware and Gentoo
Posts: 20

Rep: Reputation: 0
OK, this really doesn't belong on LQ, but here goes anyway:

As far as I know, default recovery policy in w2k/xp/2003 is that when files/folders are encrypted with EFS, local admins public key will be used with the user public key. The list of public keys used is then encrypted once more with the recovery agent key.
The purpose of this is, that it should be possible for admins to recover encrypted files, should an employee go rogue, and delete his/hers private key.

So, create a new certificate (at least I think so), using the MMC cert. snap-in as a local admin user (if not THE local admin user), and you're now able to decrypt the files on the computer's fs.

It's been a while since i've done this, so please forgive any errors, and please use the technet website for any MS related stuff:

Last edited by larstj; 03-18-2004 at 12:24 PM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Should I open source my raid recovery tool? eantoranz Programming 6 02-21-2010 02:56 AM
WinNT pwd recovery tool ??? DonNostradamus General 6 06-13-2004 11:21 AM
Data Recovery Tool PhuckFonix Linux - Security 5 06-07-2004 06:24 PM
Data Recovery Tool sniff Linux - Software 2 11-29-2003 01:10 PM
is there any file recovery tool in RH9? 286 Linux - Newbie 4 11-11-2003 10:47 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:21 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration