Advanced EFS Data Recovery Breaks Vista and Windows Server 2008 Encryption

Share Article

ElcomSoft Co.Ltd. has released the Professional version 4.0 of Advanced EFS Data Recovery (AEFSDR Pro) for Windows, a powerful data recovery application that makes it easy to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2003, XP, 2000, Vista, and 2008. In addition to all of the capabilities of the Standard version, AEFSDR Pro can perform low-level disk scanning at the sector level, enabling data recovery and forensics specialists to find encryption keys that have been deleted, even on drives that have been reformatted.

ElcomSoft Co.Ltd. has released the Professional version 4.0 of Advanced EFS Data Recovery (AEFSDR Pro) for Windows, a powerful data recovery application that makes it easy to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2003, XP, 2000, Vista and 2008. In addition to all of the capabilities of the Standard version, AEFSDR Pro can perform low-level disk scanning at the sector level, enabling data recovery and forensics specialists to find encryption keys that have been deleted, even on drives that have been reformatted.

Microsoft EFS allows users to store confidential information on a computer when people who have physical access to a computer could otherwise compromise that information, intentionally or unintentionally. EFS is especially useful for securing sensitive data on portable computers or on computers shared by several users. Encrypting sensitive files by means of EFS adds another layer of security.

The popularity of EFS encryption has made it critical for forensics experts and anti-terrorism operatives to have tools like AEFSDR that can give them access to data files. Because the standard Windows logon password can be circumvented using widely-available software (such as Elcomsoft System Recovery), more and more people are using EFS encryption to protect their files. AEFSDR Pro is a must-have application for law enforcement officials, security specialists and military intelligence officers.

The Professional version of AEFSDR lets data experts recover files where users have set up multiple logical disks, for example. a 'C' Drive that contains Windows plus a 'D' Drive that holds data. When the system has serious problems, users will often reformat the 'C' Drive, and reinstall Windows, knowing that their data is safe on the 'D' partition. However, EFS encryption stores its encryption keys in certificates that are located on the system drive. After reinstalling Windows, encrypted data files on the D Drive are no longer accessible.

AEFSDR Pro can search all of the sectors on the 'C' Drive, one-by-one, and find the deleted certificates, even if the drive has been reformatted.

With both the Standard and Professional versions of AEFSDR, protected files can be decrypted, even when the system is not bootable so users cannot log on, or when some encryption keys (private or master) have been tampered with. In addition, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions of Windows 2000, Windows XP (including Service Pack 2), Windows 2003 and Windows Vista.

In addition to enhancing EFS security protection in Vista, Microsoft has added a new Vista facility called BitLocker. BitLocker, however, will be used to protect only a small portion of Vista users' data. BitLocker works only on the Ultimate Version of Vista. It requires special hardware in the form of a TPM chip on the motherboard. Also, BitLocker protects only the system drive, but none of the data drives. AEFSDR will continue to work effectively with the non-BitLocker portion of data stored on Vista machines.

AEFSDR makes it easier for business managers to deal with lost and destroyed encryption keys, as well as with employees who, intentionally or unintentionally, are unable to access critical files that have been encrypted. While some situations make it impossible to recover encryption keys, if the keys are somewhere on the system, and not totally corrupted, AEFSDR can usually find and restore the critical information that will make the system accessible again.

AEFSDR is also a state-of-the-art computer forensics tool that is used extensively by law enforcement, military and intelligence agencies to open secured files.

The program includes faster decryption speeds under all versions of Windows, as easy-to use Wizard that lets computer novices and experts quickly identify and decrypt files, and improved support for non-US versions of Windows including Japanese, Chinese and other versions that use UNICODE.

While Microsoft has made it easier for home users to encrypt files, it's also much easier to encrypt files, and later make changes to the computer that make these secure files impossible to open again. AEFSDR solves this problem by making these protected files usable. Business people and home users can use it to recover lost files, and law enforcement officers have found that AEFSDR can give them access to encrypted files that would otherwise not be accessible.

More Information:
Please visit the program's homepage at http://efs.elcomsoft.com.

System Requirements:
Windows NT/2000/XP/2003/Vista/2008 with Administrator privileges, 2MB free on Hard Disk.

Price:
$299(US) for the Professional version; $149(US) for the Standard version; free trial version is available.

About ElcomSoft Co.Ltd.:
Established in 1990, ElcomSoft Co.Ltd. provides state-of-the-art computer forensics tool development, computer forensics training and computer evidence consulting services. Since 1997, ElcomSoft has been providing support to businesses, law enforcement, military and intelligence agencies. ElcomSoft tools are used by most of the Fortune 500 corporations, many branches of the military all over the world, many foreign governments, and all major accounting firms. ElcomSoft and its officers are members of the Russian Cryptology Association and the Microsoft Business Connection program. ElcomSoft is a Microsoft Gold Certified Partner and an Intel Software Partner.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Olga Koksharova

Vladimir Katalov
Visit website