About EFS (Encryption File System)
|Top Previous Next|
The Encrypting File System (EFS) that is included with the Windows 2000 (Professional, all Server editions), Windows XP (Professional), Windows Server 2003/2008/2012, Windows Vista (Business, Ultimate, Enterprise), Windows 7 (Professional, Enterprise, Ultimate), Windows 8 operating systems provides the core file encryption technology to store NTFS files encrypted on disk. EFS particularly addresses security concerns raised by tools available on other operating systems that allow users to physically access files from an NTFS volume without an access check.
More information is available in Microsoft TechNet documentation:
Security features such as logon authentication or file permissions protect network resources from unauthorized access. However, anyone with physical access to a computer such as a stolen laptop can install a new operating system on that computer and bypass the existing operating system's security. In this way, sensitive data can be exposed. Encrypting sensitive files by means of EFS adds another layer of security. When files are encrypted, their data is protected even if an attacker has full access to the computer's data storage.
Only authorized users and designated data recovery agents can decrypt encrypted files. Other system accounts that have permissions for a file — even the Take Ownership permission — cannot open the file without authorization. Even the administrator account cannot open the file if that account is not designated as a data recovery agent. If an unauthorized user tries to open an encrypted file, access is denied.
Benefits of EFS
EFS allows users to store confidential information about a computer when people who have physical access to your computer could otherwise compromise that information, intentionally or unintentionally. EFS is especially useful for securing sensitive data on portable computers or on computers shared by several users. Both kinds of systems are susceptible to attack by techniques that circumvent the restrictions of access control lists (ACLs). In a shared system, an attacker can gain access by starting up a different operating system. An attacker can also steal a computer, remove the hard drive(s), place the drive(s) in another system, and gain access to the stored files. Files encrypted by EFS, however, appear as unintelligible characters when the attacker does not have the decryption key.
Because EFS is tightly integrated with NTFS, file encryption and decryption are transparent. When users open a file, it is decrypted by EFS as data is read from disk. When they save the file, EFS encrypts the data as it is written to disk. Authorized users might not even realize that the files are encrypted because they can work with the files as they normally do.
In its default configuration, EFS enables users to start encrypting files from My Computer with no administrative effort. From the user's point of view, encrypting a file is simply a matter of setting a file attribute. The encryption attribute can also be set for a file folder. This means that any file created in or added to the folder is automatically encrypted.
How EFS Works
Additional information is available at Microsoft site:
And here is a (partial) list of Microsoft Knowledge Base articles related to the EFS:
Get more information about Advanced EFS Data Recovery
Get full version of Advanced EFS Data Recovery
(c) 2014 ElcomSoft Co.Ltd.