Recovering encrypted files after video hardware failure

  • Thread starter Thread starter Bill Fuller
  • Start date Start date
B

Bill Fuller

I have a rather unique problem... I have a Toshiba laptop that had a video
card failure... and this card is no longer manufactured or available.
Meaning, the laptop is useless. Unfortunately, I had some files/folders on
that system that had been encrypted using Windows encryption. Now it seems
that, even though the drive itself is undamaged, I have no way of
decrypting/moving them to another system.

Does anyone have any knowledge on rather or not these files can be
recovered? If so, how (copy the encryption key, etc.?)?
 
"Bill Fuller" <someone@nospam.com> wrote in message
news:erHgj3p2HHA.5832@TK2MSFTNGP02.phx.gbl...
>I have a rather unique problem... I have a Toshiba laptop that had a video
>card failure... and this card is no longer manufactured or available.
>Meaning, the laptop is useless. Unfortunately, I had some files/folders on
>that system that had been encrypted using Windows encryption. Now it seems
>that, even though the drive itself is undamaged, I have no way of
>decrypting/moving them to another system.
>
> Does anyone have any knowledge on rather or not these files can be
> recovered? If so, how (copy the encryption key, etc.?)?

1. Slave the drive to another computer.
2. Start | Help and Support
3. In the "Search" bar type the word
encryption
4. Click on the link that fits your situation and follow the step-by-step
instructions:

Recover an encrypted file or folder if you are a designated
recovery agent
Recover an encrypted file or folder without the file encryption
certificate

Steve
 
Bill Fuller wrote:
> I have a rather unique problem... I have a Toshiba laptop that had a
> video card failure... and this card is no longer manufactured or
> available. Meaning, the laptop is useless. Unfortunately, I had some
> files/folders on that system that had been encrypted using Windows
> encryption. Now it seems that, even though the drive itself is
> undamaged, I have no way of decrypting/moving them to another system.
>
> Does anyone have any knowledge on rather or not these files can be
> recovered? If so, how (copy the encryption key, etc.?)?

Some light reading for you

The Encrypting File System
http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx

Best practices for the Encrypting File System
http://support.microsoft.com/kb/223316/en-us

How to back up the recovery agent Encrypting File System (EFS) private key
in Windows Server 2003, in Windows 2000, and in Windows XP
http://support.microsoft.com/kb/241201

How To Encrypt a Folder in Windows XP
http://support.microsoft.com/?id=308989

How To Remove File Encryption in Windows XP
http://support.microsoft.com/?id=308993

How To Encrypt a File in Windows XP
http://support.microsoft.com/?id=307877

HOW TO: Share Access to an Encrypted File in Windows XP
http://support.microsoft.com/?id=308991

Good luck
 
Og wrote:
> "Bill Fuller" <someone@nospam.com> wrote in message
> news:erHgj3p2HHA.5832@TK2MSFTNGP02.phx.gbl...
>> I have a rather unique problem... I have a Toshiba laptop that had a video
>> card failure... and this card is no longer manufactured or available.
>> Meaning, the laptop is useless. Unfortunately, I had some files/folders on
>> that system that had been encrypted using Windows encryption. Now it seems
>> that, even though the drive itself is undamaged, I have no way of
>> decrypting/moving them to another system.
>>
>> Does anyone have any knowledge on rather or not these files can be
>> recovered? If so, how (copy the encryption key, etc.?)?
>
> 1. Slave the drive to another computer.
> 2. Start | Help and Support
> 3. In the "Search" bar type the word
> encryption
> 4. Click on the link that fits your situation and follow the step-by-step
> instructions:
>
> Recover an encrypted file or folder if you are a designated
> recovery agent
> Recover an encrypted file or folder without the file encryption
> certificate
>
> Steve
>
>
I'm not an expert enough wrt Windows Encrypting File System. However,
the solution Og proposes -- which is probably the OP's best hope --
probably will only work if the OP was astute enough to export his
private key to some portable media that he now has available.

As I understand it, there are two -- and only two -- ways to recover
files secured by EFS: using the user's key or using a Designated
Recovery Agent. Although Designated Recovery Agents primarily are used
in Domains, you can have a DRA on a stand-alone computer as well. See
http://technet2.microsoft.com/windo...f709-49e7-97f8-5ad1c3c74f8c1033.mspx?mfr=true
(or type "recovery agent" in Help & Support). The catch is (and this is
the part I'm not certain of), you have to create the DRA for the given
user using the user's Certificate. So, even if the OP created a DRA on
his laptop, he can't use it (no video), and he can't create a DRA for
the old files on a new computer without the Certificate that was used to
encrypt the old files.

I could be wrong, and Og's solution may work. If so, great. If not,
the OP should Google for methods to copy his old profile -- including
the SID, the ACLs, and and passwords -- from his old disk. It is
important that the new profile have the identical password to the old one.

There is also the brute force approach: On a working computer, go
through the process of booting up, accessing, and decrypting the folders
in which the data is stored (you did encrypt folders rather than files,
right?). Keep meticulous track of all key presses, and use arrow keys
and the tab key instead of the mouse. Then follow this procedure exactly
on the laptop. Then pull the disk out of the laptop, slave it to
another computer and copy the files, which hopefully will now be
unencrypted.

Good luck. You'll need it. Microsoft should never have made EFS as
easy to (mis)use as it is.
--
Lem -- MS-MVP - Networking

To the moon and back with 64 Kbits of RAM and 512 Kbits of ROM.
http://en.wikipedia.org/wiki/Apollo_Guidance_Computer
 
Back
Top