Encrypting File System (EFS) is the phenomenon which enables users to encrypt files and folders, and entire data drives on NTFS

formatted volumes. It is well suited for securing sensitive data on portable computers. It also works well for securing data when

computers are shared by multiple users.

The files that are encrypted are therefore always confidential because EFS utilizes strong encryption through industry standard

algorithms and public key cryptography.

EFS enables you to set permissions on files and folders on an NTFS formatted volume which controls access to these files and

folders.

Characteristics of EFS

• EFS is enabled by default and only users have the permission to use EFS through a public and private key pair.

• It requires a recovery agent certificate for it to work.

• It works only when the NTFS file system is being used.

• The encrypted files can be shared by multiple users

• Encryption is removed, when EFS files moves to a different file system,.

• The most important characteristic is when you copy a file to an encrypted folder, the file will be encrypted.

• Encryption is listed as a file attribute, and is therefore displayed with the remainder of the attributes of the file.

• EFS can encrypt and decrypt files on a remote computer, when offline or in roaming.

• Files that are encrypted can be stored in Web folders and take its backup.

• User cannot encrypt the System files and folders.

EFS is actually firmly integrated with NTFS, which supersedes the FAT file system as the preferred file system for Microsoft’s

Windows operating systems. The file encryption and decryption processes are transparent to the users, which means that when

users save a file, EFS encrypts data as the data is written to disk, and when users open a file, it is decrypted by EFS as data is

read from disk. If the user doesn’t possess the key, they receive an “Access denied” error message.

There are some third party technologies that can provide file encryption capabilities but these programs are not completely

transparent to users.

EFS uses the following components to perform its functions:

1. EFS service: The EFS service communicates with the EFS driver through the local procedure call (LPC) port. The EFS service

passes the file encryption key (FEK), data recovery field (DRF), and data decryption field (DDF) to the EFS driver through the EFS

File System Run-Time Library (FSRTL).

2. EFS driver: The EFS driver requests file encryption keys, DDFs and DRFs from the EFS service. It then relays these to the

EFS FSRTL.

3. EFS File System Run-Time Library (FSRTL): The EFS FSRTL carries out a set of file system functions which include

encrypting, decrypting, and recovering file data when it is read from disk or written to disk.

4. Microsoft Cryptographic Application Programming Interface (CryptoAPI): CryptoAPI is utilized by EFS for cryptographic

functions which supports encryption, decryption, hashing, digital signatures and the verification thereof, key management, secure

storage, and key exchange operations.

Inadvertent Problems with EFS

1. EFS when improperly used, sensitive files may be inadvertently exposed, which is due to improper or weak security policies

and a failure to understand EFS.

2. The problem is made all the worse because users think their data is secure and thus may not follow usual precautionary

methods. For example, users copy encrypted files to FAT volumes; the files will be decrypted and thus no longer protected.

3. If users provide other people with their passwords, these people can log on using these credentials and decrypt the user’s

encrypted files. So the user should maintain the privacy for the passwords.

4. Similarly if a person knows the recovery agent credentials can log on and transparently decrypt any encrypted files.

5. Till date the most frequent problem with EFS occurs when EFS encryption keys and/or recovery keys are not archived. It

means if keys are not backed up, they cannot be replaced and hence data can be lost.

6. Keys can be lost if the Windows is reinstalled due to a disk crash or/and a user’s profile is damaged. Therefore a new iteration

of the OS means new user accounts which mean both user and revocation keys are absent and there is no backup, resulting in lost

data.

EFS must be understood, implemented appropriately, and managed effectively to ensure that your experience and the data you wish

to protect are not harmed. EFS is a valuable addition to your information security tool chest. But it must be properly managed and

correctly used.



Thanks to surender for contributing this article to our Data Recovery blog:

Data Retrieval Software

Can you answer PET’s question about Data Recovery?:

My employer is on vacation, and gave me a SanDisk memory stick and asked me to backup his data. I put the stick in and it doesn’t do anything, and nothing comes up. How do I get step by step instructions on how to do this, please?

Emergency Data Recovery

Digital cameras and camcorders are carried by everyone on vacation, and the USB drive has become as handy and as common as a pen inside our pockets – and also just as easy to lose.

How Does Data Loss Happen on Vacations?

Given this wide use of digital devices in our lives, it really does not take too much effort to lose data while holidaying. Noted below are some of the most common ways of data loss while travelling or out on vacation.

• One may physically lose the device concerned. Laptops are being left everyday in hotel suites, on the sand, in the parking lot, on the restaurant table by happily careless people. Not just family holidays, people have actually left their laptops behind even after making presentations on a business tour. Losing a camera is slightly less common, but by no means impossible.

• The pen drive comes just after the cell phone in the list of most lost devices. This is a tribute to its immense and dramatic popularity, and to our capacity of losing things that we are supposed to value most in life. Besides, there are other portable devices like iPods left in the train, bus or plane, CDs and DVDs left behind in other people’s computer drives and other such follies.

• We may damage the device physically, though not intentionally. This includes dropping into water, getting dust or sand into it, driving over it (a surprisingly large number of people parked their cars on laptops over the past two years), dropping it from the hand or from the balcony of the hotel, packing it so badly that it is damaged by the time it arrives. There was the case of a man who had taken out his hard disk and put it in with his toilet kit, so the shampoo leaked into it! Kids and pets are also there to help and they can damage a digital device in many innovative ways.

• The device may be stolen. This is an increasing problem now.

• Mishandling of software, as usual, causes a lot of data loss.

Preventing Data Disasters

There are several ways in which data loss can be prevented, depending on the device in use, and the circumstances of the loss. Specific information on security products can be found on the net.

• There are special locks and chains available for laptops. They help the user to chain the laptop to a table or any other large piece of furniture, making it difficult for thieves and hard to forget. Some of the locks are fitted with an alarm that goes off on touching, and are very good for travellers combining business and vacation.

• It is better not to carry laptops in their typical cases as this attracts the attention of thieves.

• If you accidentally drop your laptop, get sand or dust into it, drive over it or let it fall into the sea, do not tamper with it. Get in touch with a professional data recovery expert, who will do the job for you.

• Always use the safe removal option while pulling out a USB device from its port. Try to hook it to a chain or strap; this will help you to remember that it exists.

• Carry your CDs and DVDs in cases and albums that are cushioned. That way, they will not get damaged by other luggage.

• Never plug in the laptop directly into a power point. A two-way adapter is mandatory, as it will check the voltage at the source and also the current drawn into the computer.

• Digital cameras should always be carried in their cases. You may consider buying a waterproof case for your camera. Use a strap to put a still photography camera around your neck while shooting, so that it has less chances of falling down. If damaged, once again, go for professional help.

• Take backups of all data from the laptop and of all existing photos from the camera, and keep them in a CD/ DVD / extra hard disk / USB drive at home. If you accidentally delete the older photos while shooting, or lose any of the laptops, at least, the data would be preserved somewhere.



Thanks to James Walsh for contributing this article to our Data Recovery blog:

Raid Hard Drive Data Recovery

Can you answer Robbie? [the random ho]’s question about Data Recovery?:

I am trying to find a Freeware or Open-Source Full Disk Encryption that requires authorization upon boot-up. Can anyone help me? Thank You.

Also, in addition to FDE, is there any other security measure you would perfer if it were your own computer?
By FDE, I mean inclusive of OS as well. Not just a partition or individual file/folder.

Hdd Partition Recovery

Can you answer Disgruntled’s question about Data Recovery?:

Full back up every night? or is that overdoing it..

The Best Data Recovery Software