How Advanced EFS Data Recovery works

 

<< Click to Display Table of Contents >>

Navigation:  System and Data Recovery Programs > Advanced EFS Data Recovery > Working with AEFSDR >

 

How Advanced EFS Data Recovery works

 

There are several typical scenarios for using Advanced EFS Data Recovery:

You want to access files on the internal disk(s), and you have an Administrator account or administrative privileges. However, some certificates are corrupted and the standard methods available in the operating system do not work, or some files have been encrypted by other users and their passwords are not known.

The operating system fails to boot, or you don't have an account with Administrator privileges.

You are processing a disk with encrypted files from a different computer.

The system has been reinstalled.

 

In the first case, no additional steps prior to installing AEFSDR are requited. If you cannot boot from the disk that contains the encrypted files, install AEFSDR to a Windows computer on which you have Administrator privileges. In the later case, connect the disk being analyzed to the new system.

 

Note: if you start AEFSDR on Windows Vista or Windows 7 using an account with administrator privileges, but not the Administrator itself, you may see the following error message:

 

Cannot get direct access to the logical disk!

You must have Administrator rights to use this program.

 

The issue may be part of UAC (User Account Control) that does not work correctly in certain cases. As a workaround,  right-click on aefsdr.exe and select Run as Administrator from the pop-up menu. You may need to provide the Administrator account credentials.

 

The tool will do the following:

 

Search for encryption keys (at the file or sector level).

Attempt to decrypt all private keys that are available in the system.

Find decrypted files on selected partition(s), and attempt to decrypt their File Encryption Keys.

Decrypt files using the FEKs received at the previous steps.

 

If you had previously exported the recovery agent EFS private key (see KB241201 for details) but for some reason cannot import it back, AEFSDR can use it directly. If this is the case, you will not need to search for encryption keys.

 

All these steps are described in details in the following chapters: Scan for encryption keys, Scan for encrypted files, Browse for encrypted files and Decrypting files.

 

The easiest way to use the tool is by running the wizard. If the appropriate option is enabled, the wizard is shown automatically when launching the tool. Alternatively, you can invoke it at any time by pressing the Wizard button on the toolbar.