Advanced EFS Data Recovery breaks Vista and Windows Server 2008 encryption

ElcomSoft has released the Professional version 4.0 of Advanced EFS Data Recovery (AEFSDR-Pro) for Windows, a powerful data recovery application that makes it easy to recover (decrypt) files encrypted on NTFS (EFS) partitions created in Windows 2003, XP, 2000, Vista, and 2008. In addition to all of the capabilities of the Standard version, AEFSDR-Pro can perform low-level disk scanning at the sector level, enabling data recovery and forensics specialists to find encryption keys that have been deleted, even on drives that have been reformatted.

 
Microsoft EFS allows users to store confidential information on a computer when people who have physical access to your computer could otherwise compromise that information, intentionally or unintentionally. EFS is especially useful for securing sensitive data on portable computers or on computers shared by several users. Encrypting sensitive files by means of EFS adds another layer of security.
 
The popularity of EFS encryption has made it critical for forensics experts and anti-terrorism operatives to have tools like AEFSDR that can give them access to data files. Because the standard Windows logon password can be circumvented using widely-available software (such as Elcomsoft System Recovery), more and more people are using EFS encryption to protect their files. AEFSDR-Pro is a must-have application for law enforcement officials, security specialists, and military intelligence officers.
 
The Professional version of AEFSDR lets data experts recover files where users have set up multiple logical disks, for example. a C Drive that contains Windows plus a D Drive that holds data. When the system has serious problems, users will often reformat the C Drive, and reinstall Windows, knowing that their data is safe on the D partition. However, EFS encryption stores its encryption keys in certificates that are located on the system drive. After reinstalling Windows, encrypted data files on the D Drive are no longer accessible.
 
AEFSDR-Pro can search all of the sectors on the C Drive, one-by-one, and find the deleted certificates, even if the drive has been reformatted.
 
With both the Standard and Professional versions of AEFSDR, protected files can be decrypted, even when the system is not bootable so you cannot log on, or when some encryption keys (private or master) have been tampered with. In addition, decryption is possible even when Windows is protected using SYSKEY. AEFSDR effectively (and instantly) decrypts the files protected under all versions of Windows 2000, Windows XP (including Service Pack 2), Windows 2003, and Windows Vista.




Share this