Analysis:
As we all know, the security of windows9x system is not good. Since windows2000, Microsoft has introduced the Encrypted File System (EFS). EFS can store data in the hard disk in encrypted form. Once a user encrypts a file, the file will exist in encrypted form as long as it is still stored on the hard disk.
1 Electrical field stimulation
It runs in the background and is transparent to users and applications. It only allows authenticated users to access encrypted files. EFS automatically decrypts files for users and encrypts files when storing them. Authorized data recovery agents can encrypt other users' data. A data recovery agent is a user account set up to recover data. EFS files are encrypted and stored locally or on the network. Files can be encrypted in offline folders. Encrypted files and folders can be color coded.
2. Key concepts
Encrypted file system (EFS): There is a wrong concept that encrypting a file system means adding a password to a file. In fact, EFS is a technology that can encrypt sensitive data and store it in NTFS file system. Without NTFS file system, it can't be realized.
EFS principle: The encryption technology used by EFS is based on public key. It is easy to manage, not vulnerable to attacks, and transparent to users. If the user wants to access the encrypted NTFS file and has the private key of the file, he can open the file like an ordinary document, and access will be denied without the support of the private key of the file.
Public key: the public key of EFS is actually used to encrypt data, which is equivalent to the door lock of your own home. Anyone can use it.
Private key: used to decrypt files, that is, the door key of our house. If our private key is damaged or lost, we can't open our own lock.
How to use EFS
Using EFS is very simple, just right-click the file or folder, click the Advanced button on the general settings page of the property, and then select EFS encryption. However, it should be noted that EFS has three key factors: 1. User private key 2. Information in the registry. SAM database information (Sam database is a database for storing user accounts and passwords, and key system files are located in "%system% \ window \ system32 \ config"). If one of these three factors goes wrong, the user part of the whole EFS system will fail.
If you accidentally reinstall the operating system, tragedy will happen. These data may never be opened, and the decryption software downloaded from the internet will not help. Some domestic data recovery companies can reassemble the key (provided that the key configuration information is not overwritten). For details, please pay attention to the engineer who specializes in cracking efs files in Guangzhou Tuofei Data Recovery sosfix.