ELCOMSOFT.COM » Advanced EFS Data Recovery

 

About EFS (Encryption File System)

 

Top  Previous  Next

The Encrypting File System (EFS) that is included with the Windows 2000 (Professional, all Server editions), Windows XP (Professional), Windows Server 2003/2008/2012, Windows Vista (Business, Ultimate, Enterprise), Windows 7 (Professional, Enterprise, Ultimate), Windows 8 operating systems provides the core file encryption technology to store NTFS files encrypted on disk. EFS particularly addresses security concerns raised by tools available on other operating systems that allow users to physically access files from an NTFS volume without an access check.

 

More information is available in Microsoft TechNet documentation:

 

Security features such as logon authentication or file permissions protect network resources from unauthorized access. However, anyone with physical access to a computer such as a stolen laptop can install a new operating system on that computer and bypass the existing operating system's security. In this way, sensitive data can be exposed. Encrypting sensitive files by means of EFS adds another layer of security. When files are encrypted, their data is protected even if an attacker has full access to the computer's data storage.

 

Only authorized users and designated data recovery agents can decrypt encrypted files. Other system accounts that have permissions for a file even the Take Ownership permission cannot open the file without authorization. Even the administrator account cannot open the file if that account is not designated as a data recovery agent. If an unauthorized user tries to open an encrypted file, access is denied.

 

Benefits of EFS

 

EFS allows users to store confidential information about a computer when people who have physical access to your computer could otherwise compromise that information, intentionally or unintentionally. EFS is especially useful for securing sensitive data on portable computers or on computers shared by several users. Both kinds of systems are susceptible to attack by techniques that circumvent the restrictions of access control lists (ACLs). In a shared system, an attacker can gain access by starting up a different operating system. An attacker can also steal a computer, remove the hard drive(s), place the drive(s) in another system, and gain access to the stored files. Files encrypted by EFS, however, appear as unintelligible characters when the attacker does not have the decryption key.

 

Because EFS is tightly integrated with NTFS, file encryption and decryption are transparent. When users open a file, it is decrypted by EFS as data is read from disk. When they save the file, EFS encrypts the data as it is written to disk. Authorized users might not even realize that the files are encrypted because they can work with the files as they normally do.

 

In its default configuration, EFS enables users to start encrypting files from My Computer with no administrative effort. From the user's point of view, encrypting a file is simply a matter of setting a file attribute. The encryption attribute can also be set for a file folder. This means that any file created in or added to the folder is automatically encrypted.

 

How EFS Works

 

1.EFS uses a public-private key pair and a per-file encryption key to encrypt and decrypt data. When a user encrypts a file, EFS generates a file encryption key (FEK) to encrypt the data. The FEK is encrypted with the user's public key, and the encrypted FEK is then stored with the file.
2.Files can be marked for encryption in a variety of ways. The user can set the encryption attribute for a file by using Advanced Properties for the file in My Computer, by storing the file in a file folder set for encryption, or by using the Cipher.exe command-line utility. EFS can also be configured so that users can encrypt or decrypt a file from the shortcut menu accessed by right- clicking the file.
3.To decrypt files, the user opens the file, removes the encryption attribute, or decrypts the file by using the cipher command. EFS decrypts the FEK by using the user's private key, and then decrypts the data by using the FEK.

 

[...]

 

Additional information is available at Microsoft site:

 

The Encrypting File System
Encrypting File System overview
Encrypting File System in Windows XP and Windows Server 2003
Protecting Data by Using EFS to Encrypt Hard Drives
Encrypting File System best practices
Encrypting File System How To ...
Encrypting File System Concepts
Encrypting File System Troubleshooting

 

And here is a (partial) list of Microsoft Knowledge Base articles related to the EFS:

 

Best Practice Methods for Windows 2000 Domain Controller Setup
Cannot Gain Access to Previously Encrypted Files on Windows 2000
Disabling EFS for All Computers in a Windows 2000-Based Domain
Encrypting Files in Windows 2000
Encrypted Files Cannot Be Compressed
Transferring Encrypted Files That Need to Be Recovered
Best Practices for Encrypting File System
Using a Certificate Authority for the Encrypting File Service
Cannot Use Shared Encrypted Files in Windows 2000
Default Behavior for Group Policy Extensions with Slow Link
Error Message When Attempting to Encrypt Files or Folders
Backup Tool Backs Up Files to Which You Do Not Have Read Access
The Encrypted Data Recovery Policy for Encrypting File System
How to enable the encryption command on the Shortcut menu
How to back up the recovery agent Encrypting File System (EFS) private key in Windows Server 2003, in Windows 2000, and in Windows XP
Using Efsinfo.exe to Determine Information About Encrypted Files
How to Disable/Enable EFS on a Standalone Windows 2000 Computer
HOWTO: Use Encrypting File System (EFS) with IIS
Cannot Gain Access to Microsoft Encrypted File Systems
"Warning: The Restore Destination Device..." During Restore
INFO: Understanding Encrypted Directories
"Access Is Denied" Error Message Appears w/ Correct Permissions
Encrypted Files Made Available Offline Not Encrypted on Client
The Local Administrator Is Not Always the Default Encrypting File System Recovery Agent
Selecting Encrypted File Over Network Hangs Client Window
Methods for Recovering Encrypted Data Files
Cannot Open Encrypted Files with Multiple Windows Installations
How to Reinitialize the EDRP on a Workgroup Computer
EFS Recovery Agent Cannot Export Private Keys
Software Inventory on Encrypted Vol Degrades Performance
"Access is Denied" When Encrypting/Decrypting Files or Folders
Description of the Windows 2000 Resource Kit Security Tools
Logon Process Hangs After Encrypting Files on Windows 2000
How to Troubleshoot FRS and DFS
Error Message "Access Denied" When Starting a Program\
Third-Party Certificate Authority Support for EFS
Unable to Recover Encrypted Files After the Domain Controller Is Demoted
Recovery of Encrypted Files on a Server
Unable to Access Encrypted Files After Using Sysprep.exe
Need to Turn Off EFS on a Windows 2000-Based Computer in Windows NT 4.0-Based Domain
EFS, Credentials, and Private Keys from Certificates Are Unavailable After a Password Is Reset
Sysprep.exe May Re-Enable the Encrypting File System
Using the Cipher.exe utility to migrate self-signed certificates to certification authority-issued certificates
Cipher.exe Security Tool for the Encrypting File System
HOW TO: Prevent Files from Being Encrypted When Copied to a Server
How To Encrypt a File in Windows XP
How To Encrypt a Folder in Windows XP
HOW TO: Share Access to an Encrypted File in Windows XP
How To Remove File Encryption in Windows XP
Users with Roaming Profiles Cannot Use EFS On Domain Controllers
HOW TO: Use Ntbackup to Recover an Encrypted File or Folder in Windows 2000
How To Use Cipher.exe to Overwrite Deleted Data in Windows
How to encrypt files and folders on a remote Windows 2000 Server
HOW TO: Identify Encrypted Files in Windows XP
You Cannot Access Protected Data After You Change Your Password
Encrypting File System (EFS) files appear corrupted when you open them
User cannot gain access to certificate functionality after password change or when using a roaming profile
HOW TO: Use Cipher.exe to Overwrite Deleted Data in Windows Server 2003
You cannot restore encrypted files to a remote computer in Windows 2000
A user who has permissions to change the folder attributes can now change the folder encryption attribute
The "Encrypt Contents to Secure Data" Check Box Is Unavailable
New functionality is available for Cipher.exe in Windows 2000 and Windows XP
Computer Stops Responding (Hangs) When It Writes Encrypted Data to an NTFS Partition
Information about the storage of data files on an encrypted volume in Exchange Server
How to add an EFS recovery agent in Windows XP Professional

 

 


Get more information about Advanced EFS Data Recovery
Get full version of Advanced EFS Data Recovery

(c) 2014 ElcomSoft Co.Ltd.