No backup of Vista EFS certificate from system that won't boot -recovering file

Discussion in 'Windows Vista Security' started by baby1212, Apr 30, 2009.

    Thank you in advance for any guidance! :)

    Vista Ultimate (32bit SP1) system is corrupted enough to not boot but
    accessing the HD from another system seems to have virtually
    everything intact. One single file was encrypted using EFS on the
    system. I'm wondering if there is a way to manually transfer over the
    certificate/s from the old hard drive into the new system.

    I am aware of ElcomSoft's Advanced EFS Data Recovery software but the
    problem is that the file that is encrypted is actually another file
    that is encrypted using another encrypted software (basically the file
    is encrypted twice, the outside container is Vista EFS and the inside
    container is TrueCrypt). So I can't see if ElcomSoft's Advanced EFS
    Data Recovery software will work in the demo/trial as I still have yet
    another step to proceed to decrypt the file in TrueCrypt.

    I've found manual recovery processes for XP (
    )but the registry structure is different enough in Vista that I can't
    find the same place in Vista.

    Does anyone know the comparable location in Vista for hklm\sam\sam
    \domains\account\users\%usernumbers% (which is XP)?

    Any other ideas?
    baby1212, Apr 30, 2009
    same problem....

    I am dealing with the exact same issue. I have my hd installed as a second drive in a new computer. It is about to fail on me. I'm working on a solution... nothing yet.
    cragsdale, May 7, 2009
