I have a USB hard drive that has a bunch of EFS encrypted files (.msg, .zip etc).
I'm not 100% sure what OS made them but I suspect Win 7 as the data all has modified dates of November 2012. The original computer that created/encrypted the files is not available, all I have access to is the drive and the person who owns the data.
All the usual cracking tools want the certificate from the MFT to open the files but that's not possible in this case. Is there any method to simply start a brute force attempt and then leave it running?
I recommend Kali and creddump7 described here
https://
(the other alternatives I described before failed)
I recommend Kali and creddump7 described here
https://
labs.neohapsis.com/2014/07/01/cached-domain-credentials-in-vista7-aka-why-full-drive-encryption-is-important/ (the other alternatives I described before failed)
Yep, but if there is no access to the actual Windows install that created the files there is nothing to "dump".
I guess that in this case nothing but a specific tool can - maybe - manage to find a way to unencrypt
https://
jaclaz
Unfortunately for me the Elcomsoft requires access to the encryption key which is located on the original computer.
From all the digging I've done it looks like there is no way to crack these files.