User Accounts, Encryption, and Busted Systems

[Guest]

I have a broken laptop that will not boot properly. It is a proprietary form
factor, and can no longer be fixed. I have extracted the 2.5 inch hard
drive, and purchased and external enclosure. It is possible to reach the
files on the drive, but I used NTFS encryption on some sensitive files.

I was not aware that I needed to have a backup of the user certificate file
in order to restore the files. I know the Administrative password and the
user/password of the files' owner.

I have attempted to boot the drive on other machines, to no avail. They
blue screen after boot. I have used the command line restoration to turn off
services and repaired the installation from CD to no avail. I am simply not
able to boot this drive and log in successfully to export the certificate.

I also have (somewhat dated) backups of the entire system, that should
include the certificate as well. Of course, the files I need from the backup
are still encrypted, so I can't simply restore the files.

Given this information, is it possible to extract the encryption certificate
to gain access to the files in question? Or is it possible to migrate the
entire user account, including the certificate, to another machine to gain
access to it? I want to reiterate that the drive itself is intact, I am just
unable to boot it at this time.

Any advice or help appreciated.

 

[Ben M. Schorr - MVP]

Aloha Lukas,

See if this helps: http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx#EME

-Ben-
Ben M. Schorr - MVP
Roland Schorr & Tower
http://www.rolandschorr.com
Microsoft OneNote FAQ: http://www.factplace.com/onenotefaq.htm

 

[Kerry Brown]

You could try elcomsoft's program. If the keys are on the disk it will scan
for them and decrypt the files. You can download it try it for free. The
trial will only show you the first few bytes of the file. You have to
purchase it to actually decrypt a file.

http://www.elcomsoft.com/aefsdr.html

 

[Guest]

It is possible to reach the
files on the drive, but I used NTFS encryption on some sensitive files.
I also have (somewhat dated) backups of the entire system, that should
include the certificate as well.
Given this information, is it possible to extract the encryption certificate
to gain access to the files in question?

I believe so. See www.beginningtoseethelight.org for a very technical
description of how to recover the credentials from the user profile and
decrypt the files. Once the drive is unbootable, this is the more typical
method of restoration, rather than trying to export the cert after the fact.

Microsoft PSS phone support can help you recover those files and have a
private tool to help do so, but doing so will probably cost you from $90 to
$300. Phone numbers are at www.microsoft.com/support