i have a external hard disk that was secured via windows efs. The computer that has the initialized the encryption is not available any more but i have a full drive clone (clonezilla) from the hard drive.
So i am trying to rebuild the certificate and private key to decrypt the external drive.
The user that encrypted the external drive is a active directory user, the certificate was not published by our internal ca tough. So maybe the user encrypted the files before we set up internal ca.
Hello everyone,
i have a external hard disk that was secured via windows efs. The computer that has the initialized the encryption is not available any more but i have a full drive clone (clonezilla) from the hard drive.
So i am trying to rebuild the certificate and private key to decrypt the external drive.
The user that encrypted the external drive is a active directory user, the certificate was not published by our internal ca tough. So maybe the user encrypted the files before we set up internal ca.
I am following this guide https://github.com/gentilkiwi/mimikatz/wiki/howto-%7E-decrypt-EFS-files but got stock at decrypting the masterkey.
I am aware of the users passwords so that should be easy, but instead of the masterkey i receive this error:
Does that mean it won't work with password and do I have to go for the NTLM domain account option?