• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Please help guys! File Recovery!

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
A

Anaxagoras1986

Member
Joined
Oct 19, 2002
OK, I dont know where my Win XP CD is. Windows died on my 40 gig hard drive and all of my document files are encrypted. I have my 30 gig going with windows xp but I cant access the files on the 40, dispite having the same user name and password. Do you guys know how I can recover my files? Please help!
 
im a bit confused.... you can access the drive, but not the files??


maybe you could boot to something like knoppix, see if you can access the files then
 
I think I need soem sort of a cracking software or some other trick that would allow me to open and decrypt the files. I can see them, but not open them. They were encrypted by windows.

Whats Gentoo?
 
Last edited:
Anaxagoras1986 said:
OK, I dont know where my Win XP CD is. Windows died on my 40 gig hard drive and all of my document files are encrypted. I have my 30 gig going with windows xp but I cant access the files on the 40, dispite having the same user name and password. Do you guys know how I can recover my files? Please help!
Click to expand...

If you can see the files but not open them bc they are encrypted there may still be a way to retrieve them. XP, of course, is NT based and uses NTFS permissions. If you are in the Administrator group, you should be able to decrypt the files. (Also users from the Backup Operators group can do this). Unless of course you used some 3rd party software that doesn't encrypt them the same way Windows does.

Disclaimer: I'm not 100% sure about this, but I think I'm right. XD.
 
One way is to slave this drive to an XP drive that has the same encryption program used on the slave drive.

Then just copy needed files over and decrypt to the master drive.

If your talking EFS this should work when having the same admin name /pass on the master. Also search for EFS in the windows help, they go into recovery.
 
Try this on one of the files, if it works like it should, you could use the same method for the rest of them and then you'll be able to decrypt them.

1) Open the "Properties" dialog for one of the files.
2) Click on the "Security" tab.
3) Make sure the "Administrators" group is added to ACL of that file.
4) Click on "Advanced".
5) Click on the "Owner" tab. Since you are of the Administrators group, you have the ability to take ownership of files.
6) Note the "Current owner of this item:".
7) In the "Change owner to:" box, find either your name or the "Administrators" group.
8) Click on one of them, then click "Apply". This gives the group or you ownership over this file. If all goes well, you should be able to decrypt the file. Repeat this process for the rest of the files.

Hope that helps!
 
In the Security tab, click on the "Advanced" button. A dialog should come up and there should be an "Owner" tab in that dialog.
 
I can get to the tab. But from there I only see my computer name\ 'my user name' and 'administrators'.
 
okay, select either your name or admnistrators, then click Apply. this will make you or the group the owner of the file. you should be able to decrypt it now.
 
or you can remove all the users shown in there and add your account again to that. It'll fix your problem too. Anyway EFS recovery agent account can access those file after taking the ownership of the files and so the admin. Hope you go them.
 
I supposedly have ownership, but it still wont let me touch the file. I think the problem is because the files were encrypted with the windws installation on the 40. Now it wont allow me to de-encrypt it with the 30 gig's installation. Different certificates maybe? I dont know.

I tried using a program called Advanced EFS Data Recovery. It was able to break the encryption...but it will only do the first 512 bytes unless I buy the 99 dollar full copy! Does anyone know of a cheaper program that is similar?

Thanks for the help here!
 
Did you make yourself a file encryption certificate?...if not, you're in trouble. If you did, then just import the certificate, and you'll have access to your data again. If you didn't make a file encryption certificate, are you connected to a domain? If so, you may be in luck, as a domain administrator can decrypt it...if not, then you may have lost the data (unless you resort to using a third party program.) :(
 
Last edited:
No I didnt make a backup certificate. This is just my PC. This is really bad. Do you know of any programs that could help?
 
Is it possible to get the certificate off of the dead OS and use it on the one that is working? I didnt back up the certificate, but all of the files on that HD are intact except for one of the startup files.
 
You can try this:

Run certmgr.msc see what it finds

or

To import a certificate, run Microsoft Management Console (MMC) and add the Certificates snap-in. When prompted, select My user account. Navigate to the Personal\Certificates store, right-click the details pane, and select All tasks\ Import certificate. Then, point the wizard to your slaved disk and see what you get.

You can also run cmd: cipher /? see what that does for you

Or
here is a MS "tool" and help file that can give you some info on your EFS files: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/efsinfo-o.asp



Have you (admin) tried just removing the properties\advanced encryption atribute?

You can also search your slave drive fora .pfx file and if found drag it over and right click on it and hit "install PFX"
Next
Next then enter password from key(EFS from slave)
Next then hit "Place all certicicates in private store"
hit browse
personal, ok , yes, ok

you should then be able to open them all .

I just use the elmcomsoft advanced EFS recovery and EFS melts like butter, which is why its pretty much worthless in my eyes.

But it is $99 and you have to consider that. But if you get say $80 per hour for running that on EFS files, its worth it

Wanted to add that one thing you have going for you is that you know by using the demo that your files are in fact intact and recoverable, so that is a good thing, so keep plugging away and you should be able to get your files back.
 
Last edited:
Hey thanks alor for all of the info everyone :) ! Im going to try these latest things tomorrow when I get time.
 
You say Windows died, and then later you say it's only missing a boot file. Which boot file is it missing? I've fixed a few of those in the recovery console in my ResNet experience. What is the exact file name? ntoskrnl? I can attempt to walk you through replacing the file with a backup from the CD or from your other installation of Windows. If it's a registry file, you can slap on a clean registry and boot, but most of your applications won't work. But you can get your data off.

Z
 
You must log in or register to reply here.

Similar threads

BruceUSA
Synology NAS help Please
Replies
4
Views
107
=XAF=AfterShock
=XAF=AfterShock
don256us
FAQ: What is T32's current standing in the world?
Replies
8
Views
465
dfonda
dfonda
don256us
"Please enter a valid title."...
Replies
3
Views
417
Holdolin
Holdolin
don256us
10 billionaire! WOOT!
Replies
6
Views
365
Holdolin
Holdolin
don256us
40 BILLION!! Oh. And a mid race update.
Replies
7
Views
255
Grub
Grub
Back