Hi Guys,
I am currently helping in a case where we have come across efs encrypted files on a few computers in the domain. These machines are remote. I was wondering if there is an inexpensive tool or free tool that can mount the remote computer drive to the analysis machine as a drive letter in windows explorer. Once the drive is mounted. I can run advanced efs recovery on the drive to recovers the keys and be able to break the encryption on the efs files.
My other question is can efs encryption be broken by exporting the SAM file and SYSTEM registry hive from the remote computers?
Hi Guys,
I am currently helping in a case where we have come across efs encrypted files on a few computers in the domain. These machines are remote. I was wondering if there is an inexpensive tool or free tool that can mount the remote computer drive to the analysis machine as a drive letter in windows explorer. Once the drive is mounted. I can run advanced efs recovery on the drive to recovers the keys and be able to break the encryption on the efs files.
My other question is can efs encryption be broken by exporting the SAM file and SYSTEM registry hive from the remote computers?
can anyone confirm if I am approaching this correctly?