I get errors when trying to start a new post so I’ll just tag onto this one.
I’m having trouble with my EFS files that I’ve had since October 2003.
After reading some other posts, I think I know what’s wrong but before I
spend any more time on this I want to make sure. Here are the details.
In the fall of 2004 we bought a new Dell laptop and I moved/copied EFS data
from our Gateway to the Dell by network connection and USB drive. I don’t
remember if I moved any keys from the Gateway to the Dell, but I must have or
maybe just created a new key automatically when I turned on the Dell
encryption.
In October 2005 I reformatted our Gateway C partition and re-installed XP.
At the same time I exported the private key(s) from the Dell and imported
them on the Gateway. Then I created a D partition on our Dell and
“moved/copied” the data there from the C partition. I must have turned on
the encryption for the D partition folders then, but I’m not sure. Then I
reformatted and re-installed XP on the Dell C partition. I don’t remember
creating any new keys, but I think I re-imported the key(s) from the Gateway
back to the Dell (but can’t remember). All of the files that I wanted to use
opened fine after the XP install.
1-1/2 weeks ago our Dell HD stopped (I’m sending it to a data recovery
company.) I just installed XP on a new HD in the Dell. I restored my data
from backup DVDs. The data was backed up keeping EFS on it. I have three
private keys from the Gateway that I imported to the Dell with the new HD.
When I try to open the files, I get an access denied message.
Here is the key info I imported to the Dell.
name@SOLO (thumbprint starts with 48; valid from Friday, October 03, 2003
10:21:45 PM) (within a day of when I first started using EFS)
name@DELL8600 (thumbprint starts with 5d; valid from Tuesday, October 05,
2004 3:41:50 AM) (about the time I started using the new Dell)
name@@GATEWAY-SOLO (thumbprint starts with 13; valid from Monday, August 29,
2005 4:01:22 PM) (the current computer name is “GATEWAY-SOLO”, but I don’t
know what this date relates to, maybe a computer name change?)
==============================
The files on my computer (that won’t open) have encryption details as follows:
name@DELL8600 (thumbprint starts with C6). I don’t know how to get the date.
I’m assuming that in October 2005 when I moved/copied the data on the Dell
from the C partition to the D partition that it was still related to the
name@DELL8600 key with a thumbprint starting with “5d”.
1) When I installed XP after the data move, is it possible that at that time
XP created a new key “name@DELL8600” with a thumbprint of C6? Otherwise, I
don’t know why all of my restore data has that thumbprint.
2) When I send the HD to get the data recovered, is there anything special I
need to let the company know?
3) Is the private key just another data file somewhere? If they can’t get
the private key, there isn’t much sense in retrieving the data.
==============================
"Segovia" wrote:
> On Mon, 31 Oct 2005 17:09:01 -0800, Kevin wrote:
>
> > I realize that any account on this system is
> > not a recovery agent nor the account that created encrypted the files.
>
> Without the key you are totally hosed. You might as well accept that the
> data is gone...
>
> However you did say that the drive containing the key was formatted. That
> in itself does not destroy the data. If you reinstalled the OS after that,
> and all the data files, then you might be out of luck since it's likely
> that the clusters containing the key have been overwritten by now.
>
> --
> Segovia
> >> Stay informed about: Encrypted Files from a formatted drive 
FAQ
Profile
Private Messages
Log in
