MikeFromDenmark Posted July 13, 2011 Share Posted July 13, 2011 Hi Im trying to recover my girlfriends, tanked, Windows XP media center partition containing encrypted files. My girlfriend tells me she had 5 passwords during the time of use on that particular harddrive so i dont think i'll be needing a bruteforce approach. So here's how far i've gotten: Used knoppix with dd to get a snapshot of the tanked laptop disk. converted that to vmware and i am now able to mount the disk in any (virtual) enviroment. blanked out. Can anyone point me in the right direction recovering her data? If i succeed i probably wont have to deal with dirty dishes and diapers for quite some time. Any help would be highly appreciated. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted July 13, 2011 Share Posted July 13, 2011 Found this: http://forum.s-t-d.org/viewtopic.php?id=2828 Quote Link to comment Share on other sites More sharing options...
MikeFromDenmark Posted July 13, 2011 Author Share Posted July 13, 2011 Thanks for the quick reply :D the downloads are pretty much useless it seems but the post about ERD commander seems very promising :D Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 13, 2011 Share Posted July 13, 2011 You'd have to boot from the image made with dd, not just mount it to a running OS. And if it's XP good luck because faulty drivers will cause that thing to BSOD because drivers wont match the hardware, make sure to get into safe mode. Quote Link to comment Share on other sites More sharing options...
digip Posted July 13, 2011 Share Posted July 13, 2011 You can mount it in another machine running XP, then take ownership of the files while logged in as admin, and then remove the EFS from the files. Can also copy to a fat drive and efs will be removed, since only NTFS will do the efs. Admins have access to windows efs as where normal users wont. Must be at least professional edition of XP to take ownership, as home edition doesn't let you do it(out of box anyway). You would have to escalate yourself to system if you only have home edition, which can be done from within windows home edtion using the at command in a cmd window to relaunch explorer.exe as system after killing it. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.