EFS brute force? Need to recover 2nd HD.

MiXdNuTs

Gawd
Joined
Aug 9, 2002
Messages
832
Long story short, my co-worker had two partitions and encrypted one with EFS. The OS partition was wiped and he reinstalled now he can't access the other partition. He doesn't have any of the public or private keys and needs to know how to try to brute force into the existing data on his 2nd parition. He apparently kinda needs this stuff, which is ironic because that is why he encrypted it.
 

stevewm

2[H]4U
Joined
Jul 18, 2001
Messages
2,277
MiXdNuTs said:
Long story short, my co-worker had two partitions and encrypted one with EFS. The OS partition was wiped and he reinstalled now he can't access the other partition. He doesn't have any of the public or private keys and needs to know how to try to brute force into the existing data on his 2nd parition. He apparently kinda needs this stuff, which is ironic because that is why he encrypted it.

The encrpytion used by EFS is quite strong and has yet to be broken. There is no brute forcing it, unless you have a few super computers and several years to spare.

Unless he can recover the EFS keys from the old OS install the data is as good as gone. There is no getting it back, ever. Thats the entire point of encryption, to prevent those without the proper credentials (encryption keys) from ever getting the data.
 

drizzt81

[H]F Junkie
Joined
Jan 21, 2004
Messages
12,361
has he tried to unformat his install partition and recover the keys from there? IIRC windows is pretty clear about "save a copy of your key on a removable media" when encrypting folders.
 

MiXdNuTs

Gawd
Joined
Aug 9, 2002
Messages
832
He has already reinstalled OVER his old install of windows. Keys = gone.
He is kicking himself alot over this one because it takes several mistakes to messup this big.
 

unhappy_mage

[H]ard|DCer of the Month - October 2005
Joined
Jun 29, 2004
Messages
11,455
If the data is worth several hundred dollars of investment, you might be able to get the key back from a data recovery company. If this is going to remain a viable option, you'll want to stop using the drive ASAP. You'll have to ask the company whether that's a feasible option, as well - I don't know if they can recover that one item or not.

 
Top