Windows「加密檔案系統」Encrypting File System (EFS)



贊助商連結


FYI
2006-06-14, 01:07 AM
建議您在使用Windows「加密檔案系統」(EFS) 之前, 務必先做好功課, 以免後悔莫及

Guide: Windows XP Pro: Using File Encryption – part 1 (http://www.practicalpc.co.uk/computing/windows/xpencrypt1.htm)
Guide: Windows XP Pro: Using File Encryption – part 2 (http://www.practicalpc.co.uk/computing/windows/xpencrypt2.htm)
Guide: Windows XP Pro: Using File Encryption – part 3 (http://www.practicalpc.co.uk/computing/windows/xpencrypt3.htm)
Guide: Windows XP Pro: Using File Encryption – part 4 (http://www.practicalpc.co.uk/computing/windows/xpencrypt4.htm)
Guide: Windows XP Pro: Using File Encryption – part 5 (http://www.practicalpc.co.uk/computing/windows/xpencrypt5.htm)

如何在 Windows Server 2003、Windows 2000 和 Windows XP 中備份修復代理加密檔案系統 (EFS) 的私密金鑰 (http://support.microsoft.com/kb/241201)
HOW TO:在 Windows XP 中共用加密檔案的存取 (http://support.microsoft.com/kb/308991)
如何在 Windows XP 中移除檔案加密 (http://support.microsoft.com/kb/308993)

補充:
加密檔案系統的最佳作法 (http://support.microsoft.com/kb/223316)
復原加密資料檔的方法 (http://support.microsoft.com/kb/255742)

加密檔案系統 (http://www.microsoft.com/taiwan/technet/security/topics/crypto/efs.aspx)
Windows XP 中的資料保護與修復 (http://www.microsoft.com/taiwan/technet/prodtechnol/winxppro/support/dataprot.aspx)
The Encrypting File System (http://www.microsoft.com/technet/security/topics/cryptographyetc/efs.mspx)
Data Protection and Recovery in Windows XP (http://www.microsoft.com/technet/prodtechnol/winxppro/support/dataprot.mspx)
Encrypting File System in Windows XP and Windows Server 2003 (http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/cryptfs.mspx)

使用 Efsinfo.exe 來判斷加密檔案的相關資訊 (http://support.microsoft.com/kb/243026)
Efsinfo Overview (http://technet2.microsoft.com/WindowsServer/en/Library/dd2b3fcd-7b86-4df0-9952-cffa2f03d6621033.mspx?mfr=true)
Efsinfo Syntax (http://technet2.microsoft.com/WindowsServer/en/Library/c115d5b3-9603-44df-b435-ecebd46491111033.mspx?mfr=true)
下載Windows XP Service Pack 2 支援工具(包含在Windows 安裝光碟之中) (http://www.microsoft.com/downloads/details.aspx?displaylang=zh-tw&FamilyID=49AE8576-9BB9-4126-9761-BA8011FABF38)

贊助商連結


mis339
2006-06-14, 03:12 PM
所以我現在新裝的電腦都會先把Administrator加入到預設的「資料修復代理」!

FYI
2006-06-14, 08:02 PM
小弟之所以會研究這個議題, 就是因為Windows XP Pro 的加密太容易上手了, 以致於使用者失去了警覺性, 而從未想要把個人憑證和修復代理的私密金鑰備份起來, 萬一又遇上了 "Corrupted Ghost Image", 造成無法恢復原來的Windows, 這下子真的會欲哭無淚, 而這件事情就發生在小弟身邊, 完全映證了所謂 "禍不單行" 的真諦

如何處理毀損的影像檔 (Corrupted Ghost Image) (http://service1.symantec.com/SUPPORT/ghost.nsf/docid/2000051614544325)

mis339
2006-06-14, 10:05 PM
這種事我也遇到過,所以我才會說……「資料修復代理」的重要!
只要你有做資料修復代理,你就可以解密天兵用戶「不小心」加密的檔案!
可以的話,記得把用來做資料修復代理的憑證備份起來!

註明一下!「資料修復代理」只有針對建立「資料修復代理」後加密的檔案才有用,建立前加密的……基本上是沒救了!所以我現在都在新裝電腦或系統時就先用Administrator建立「資料修復代理」!

FYI
2006-07-06, 12:21 AM
ELCOMSOFT: Advanced EFS Data Recovery (http://www.elcomsoft.com/aefsdr.html)
EFS Key - retrieves EFS-encrypted files from NTFS partitions (http://www.lostpassword.com/efs.htm)

拯救打不開的EFS加密檔案! (http://www.computertoday.com.hk/computing.php?gsel=10&cid=67)
詳解EFS加密 (http://www.xker.com/Html/windows/20060218620.html)
EFS加密技巧 (http://www.xker.com/Html/windows/20060218369.html)
Windows中EFS加密及解密應用 (http://big5.enet.com.cn:82/gate/big5/www.enet.com.cn/article/2005/1102/A20051102468284.shtml)
NTFS.com EFS Internals. Symmetric key encryption. Public key technology. (http://www.ntfs.com/internals-encrypted-files.htm)
How does EFS Work? (http://www.petri.co.il/how_does_efs_work.htm)

進階
encrypted file system recovery (http://www.beginningtoseethelight.org/efsrecovery/)
http://www.beginningtoseethelight.org/efsrecovery/efs01.png
http://www.beginningtoseethelight.org/efsrecovery/efs02.png

FYI
2007-06-15, 09:04 PM
Undocumented Encrypted File System APIs (http://www.bitsum.com/efsapis.htm)

One very interesting note is that there appears to be no, or very little, validation of the EFS header. By editing a raw EFS file, you can selectively remove users or recovery agents by overwriting the corresponding encrypted FEK. Oh well.