Windows – Recover EFS encrypted data from non-bootable Vista x64 drive


My laptop running vista x64 experienced hardware failure. The hard drive appears undamaged, and when I connect it to my win7 desktop, I can read all the files except the EFS encrypted user folder, which contains the data I would like to recover. No EFS certificate was ever backed up or exported from the vista volume. The vista install appears to be intact.

How can I access the files in the EFS partition, to copy them onto my win 7 machine (e.g., without booting into the old vista volume)? I know the vista user password, and the original EFS certificate should still be embedded in the Vista installation on the drive.

I'm aware of the Elcom recovery program, but I would rather not spend the $150 if I don't have to.

Best Answer

Here's an article on manual recovery of EFS-encrypted files (which involves heavy amounts of registry, hex editing, and black magic). The page also lists two other commercial alternatives.

Booting into Vista would be much easier, at least to export the EFS certificate/key (through certmgr.msc); is there any reason you cannot do this?