I’ve noticed that Windows XP has been running pretty sluggishly for the last month or so, and it’s been a while since I reinstalled the OS, so I decided to do that today. My computer has two hard drives, HDD1 and HDD2. On HDD1 I keep my OS and programs, and HDD2 is used as storage for my files. Both are formated with NTFS.
So this afternoon I backed up all the data I still need off HDD1… my address book, various instant messenger archives, stuff like that. Then I reformatted it, and reinstalled XP and SP2. HDD2 didn’t get changed in any way. So far, so good.
The problem is that I had previously encryped some of the folders on HDD2 using XP’s encryption methods (i.e. right-click > Properties > Encrypt Contents). I had completely forgotten about the encryption, so I didn’t bother to back up my Security Certificates. Now I can’t access those folders at all.
Damn. I have some really important stuff on there… nothing that’s going to destroy my life if I don’t get it back, but still…
Does anyone know of any recovery techniques for a situation like this? Or did I just destroy any chance of recovering these files?
I think that if you copy your files to a non NTFS storage medium then you will be able to access them. Try copying them to a FAT formatted drive, a USB memory stick or burn them onto a CD.
Oh, and a follow-up question. If no one knows of any way to recover my files, is there any way to delete them? As it stands right now, Windows won’t even let me do that.
I think that would have worked if I’d done that before wiping and reinstalling XP, but I doubt it’ll work now. Worth a shot though, I’ll give it a try and let you know what happens.
Well, thanks for your suggestions Q.E.D. and Imasquare, but no luck so far. I also tried booting up with a Linux LiveCD (Ubuntu flavor, if anyone’s interested), and it couldn’t even read any of the files on HDD2, not even the unencrypted ones. I think that’s because it’s set up as a Windows ‘Dynamic disk’.
Sigh.
I think they’re just gone.
Still not sure how I can just delete the folder once I give up. Any other takers?
Blow out the partition after removing the non-encrypted files. This should let you re-partition and re-format. Most disk install CDs have partitoning software you can download from the drive manuf’s website. Partition Magic is also good.
Due to the way my system has evolved over the years, HDD2 is split into three partitions. I’ve set Windows to see it as one logical drive. Screenshot here.
When I boot into Linux, it sees all three partitions as seperate drives (hdb1, hdb2 and hdb3). If I try to open hdb1, I get an error message that says “The folder contents could not be displayed. Sorry, couldn’t display all the contents of ‘hdb1’”, and it shows an empty directory. No files listed at all, not even the regular unencrypted ones. If I try to open hdb2 or hdb3, I get “Unable to mount the selected volume. Could not determine the filesystem type, and none was specified”. Even when I specify that it’s NTFS, it still won’t mount.
First of all, that’s a great idea astro, thanks for posting it! Looks like I won’t need it though… I followed Imasquare’s link and turned off Simple File Sharing. That let me take ownership of the encrypted folder and its contents. So I can now browse through it, and copy and delete files as I please. Still can’t unencrypt them though.
Nope, still no luck. I’ve tried both of them, and they both say that they can’t find the key that would be needed to do the decryption. Which makes sense, since I formated the drive where that key would have been.
I’m pretty much resigned to the fact that I won’t be recovering anything… I’m not going to be able to bring myself to delete anything for a while though, so if anyone has any other thoughts, I’d really like to hear them! Also, thanks for all the suggestions so far, I appriciate all the help.
True, it is just the trial version of Advanced EFS Data Recovery I’ve been using… but the only limitation imposed is supposed to be a 30-day time limit. Upon further investigation, I’ve found some information in the readme file:
So, it looks like the program needs at least a part of the key(s) to be there. It also looks like it may not have been able to do anything anyway, because HDD2 is set up as Dynamic (see my screenshot above).
I guess I’m not all that surprised that these files are so hard to decrypt… I mean, there wouldn’t be much point to encrytion if just anyone could undo it.
