EFS format

[MEHMET TEVFİK YAŞAR]

Hello, I have a 2.5-inch Seagate hard drive. The files on it are encrypted using EFS format. Is there a way to open them? Can I open them with PC3000?

[RecuperoDati299]

are talking about a crypto virus / ransomware?

Il giorno mar 10 mar 2026 alle ore 12:23 MEHMET TEVFİK YAŞAR <m.tevf...@gmail.com> ha scritto:

Hello, I have a 2.5-inch Seagate hard drive. The files on it are encrypted using EFS format. Is there a way to open them? Can I open them with PC3000?

--
Data Recovery Certification Group / for issue with google group please email sc...@myharddrivedied.com
---
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertif...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CAKFNxz6_yiKU%3DGHS2iRKdhc6NZ60%3DXip8iHYhuGNPvzjJXPekA%40mail.gmail.com.

[MEHMET TEVFİK YAŞAR]

No. The user did it themselves via the computer and formatted the computer. I only have a 2.5-inch external hard drive and encrypted files.

10 Mar 2026 Sal 14:24 tarihinde RecuperoDati299 <recuper...@gmail.com> şunu yazdı:

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CANWcfpoK9h5kKfGg9U2%2BG9Z9%3DC5o-PcRSiTg1-gzYFjEoDtNmg%40mail.gmail.com.

[MEHMET TEVFİK YAŞAR]

The files are encrypted in EFS format on a PC3000. Do you have any suggestions for decrypting them?

10 Mar 2026 Sal 14:26 tarihinde MEHMET TEVFİK YAŞAR <m.tevf...@gmail.com> şunu yazdı:

[Louis Man]

Different to bitlocker .  Without pfx key the files can't be decrypted.

https://learn.microsoft.com/en-us/answers/questions/2239717/decrypt-efs-pictures-without-pfx-certificate

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CAKFNxz5Ume6TEhCaXbYU4WYHRPSJaybLaDWWRWoiC%2BbOM4C67Q%40mail.gmail.com.

[Alandata Recovery]

You may have been able to scan the free space of the reinstalled drive to search for the .pfx keys.

However you also had bitlocker full disk encryption to all the free space would need to be decrypted first using the previous bitlocker key.

Which would also need to match the bitlocker metadata on the drive - which is probably gone too.

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CAOZ%2B%2BhDaE-DtSY8JjOt%3DF3ZGEMBA7JAjnNCMTcEz-F47X6Mrbg%40mail.gmail.com.

--

Alandata Data Recovery -  (949)287-3282  
"Cleanroom Data Recovery of RAID, VMware, NAS, Linux, Tape, Disk, Forensics"

www.alandata.com   www.alandataRecovery.com

[Eastcoast Data Recovery]

If I recall correctly, the keys to encrypt and decrypt, are tied up in the credentials store of a working system.

 Unless the customer backed up and exported them to make pfx keys before the system is nuked, then it's pretty much a lost cause.

Get a sample of a pfx key and grep search raw the reloaded drive and take a look.

The other possibility is if the system was part of a larger Windows domain or active directory. If that's the case, a system admin might be able to export the key if it was backed up centrally .   

I had that before from someone who used personal HDD on a work laptop and then left that job finding all data was encrypted.  

On a working system you import the pfx keys into the local credentials store and then in theory the drive data will be automatically decrypted 

Good luck.

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CAH-%2BjWS0YN9fiB8h_7VN1PfjpfX-ohK6DezziruAqKJ2VCeDeg%40mail.gmail.com.

[MEHMET TEVFİK YAŞAR]

Thanks for the information. Unfortunately, the computer where the disk was encrypted has been formatted.

13 Mar 2026 Cum 09:58 tarihinde 'Eastcoast Data Recovery' via DataRecoveryCertification <datarecovery...@googlegroups.com> şunu yazdı:

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CAHFkMu4-ZS6of1Cbw%2B7SNBDWpZze55t2E47U%3DhpzJsuFsta_Ug%40mail.gmail.com.

[RecuperoDati299]

I am wondering when it will happen that people will start a class action against Microsoft for this issue.

Unless the encryption was decided by the user, there are millions or even billions of people that got their PC encrypted by BitLocker and they are not aware of it.

🤦🏻‍♂️

Ottieni BlueMail per Android

[jpv...@gmail.com]

can we actually see one of the files? the actual file rather than a screeshot of them being listed?

--

Data Recovery Certification Group / for issue with google group please email sc...@myharddrivedied.com
---
You received this message because you are subscribed to the Google Groups "DataRecoveryCertification" group.
To unsubscribe from this group and stop receiving emails from it, send an email to datarecoverycertif...@googlegroups.com.

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/27eab2d5-c895-4fdb-aa92-a4cfad367b6a%40gmail.com.

[MEHMET TEVFİK YAŞAR]

I would like to send a sample file, but it doesn't allow me to copy files from the disk.

13 Mar 2026 Cum 11:14 tarihinde <jpv...@gmail.com> şunu yazdı:

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/em0f28ac8b-c15f-401b-a05e-215e9ca7336b%40desktop-8njf1hc.

[jpv...@gmail.com]

Use DMDE then

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CAKFNxz5OeRFrmRJM2Lg9JBb4u14x451tniYZdTypXjt1qyA1bA%40mail.gmail.com.

[Data Recovery Guru]

You received great advice so far.

PC3000 cannot solve this.

If you search in AI mode with these keywords "EFS encryption Windows how it works" or similar expression, you will see a great summary with reference links. I attached a snapshot for reference.

Lastly, to understand the how-to -decrypt yourself, this is an easy task to replicate in your own. On your Windows machine, create a dummy test folder and dump a few files in it. And apply this EFS encryption. See what the system is asking you to do. Remove the hard drive and try to access the files. Could you use the key generated on your Windows machine to recover the files? And how?

DATARECOVERYGURU TEAM

(617) 571-9172

www.datarecoveryguru.com

Offices are open Mon-Fri 9AM to 4:30PM. 

Available by appointment outside business hours.

Boston: 100 Massachusetts Ave, Suite 500 (5th Floor), Boston, MA 02155
Cambridge: 1 Mifflin Place, Suite 400 (4th Floor), Cambridge MA 02138
Dedham: 3 Allied Drive, Suite 303 (3rd Floor), Dedham, MA 02026

Burlington: 1500 District Ave, 1st Floor, Burlington, MA 01803

Framingham: 945 Concord St., 1st Floor, Framingham, MA 01701

Providence: 10 Dorrance St., Suite 700 (7th Floor), Providence, RI 02903

New Hampshire: One Tara Blvd., Suite 200 (2nd Floor), Nashua, NH 03062

https://www.linkedin.com/company/data-recovery-guru

https://www.facebook.com/datarecoveryguru

https://www.instagram.com/datarecoveryguru

https://www.youtube.com/c/Datarecoveryguru1

https://twitter.com/DataRecoverGuru

https://rumble.com/

To view this discussion visit https://groups.google.com/d/msgid/datarecoverycertification/CAHFkMu4-ZS6of1Cbw%2B7SNBDWpZze55t2E47U%3DhpzJsuFsta_Ug%40mail.gmail.com.