Although we’ve already embraced the EFS-encryption/decryption in some of our white papers and case studies, now we’d like to share a video tutorial because seeing once is better than hearing reading twice. So, in this video you will see how to decrypt EFS-encrypted data with help of Advanced EFS Data Recovery and how to recover Windows user account password with Proactive System Password Recovery (because it’s still obligatory for this type of encryption).

Advanced EFS Data Recovery (AEFSDR) is wholly dedicated to decryption of Windows EFS-encrypted files, however in order to decrypt the data the program still requires the user account password. Yeah, you might think at first that anyone can decrypt the data having user account password at hand, but no. You can’t. EFS encryption uses more than just logon password, nonetheless it’s the core ingredient in data decryption and so it must be provided.

If you forgot the logon password or didn’t know it at all Proactive System Password Recovery (PSPR) in its turn can help you acquire all system passwords once you can log into the system with administrator privileges. Exactly this example has been illustrated in our video (provide by Sethioz), here it is:

Another situation (not captured in this video) is when you are researching an offline system, for instance a drive attached to your main computer. In this case, you should, first, obtain password hash(es) using “Manual decryption” option  (check “Manual decryption” box in “Recovered hashes” tab) and then try to recover the logon password using brute-force or dictionary attacks.

And if you are fortunate to own more than one computer (or a whole network) of course you will want to crack the password hash quicker using all these recourses, which is also possible with Elcomsoft Distributed Password Recovery (EDPR) allowing you to benefit from consolidating the power of all computers in network and do the job much faster. You just need to export the hashes found by PSPR and feed them to EDPR, the tool will do its job then.

The choice is yours what to use, but of course it depends on a particular situation. Your questions and concerns are always appreciated, just add them in comments below and we’ll get back to you with answers and perhaps more helpful videos. 🙂