Add support for OpenEncryptedFileRaw and related functions.


Encryption/decryption happens automatically with most of the regular api calls if the right cert is installed.
However there are situations when if the drive was taken out of the computer for forensic analysis, you would need to access the encrypted files.
In that situation there is usually a delegated decryption user's certificate is stated in the encrypted files metadata, usually it is a active directory primary administrator who allowed the EFS to be used by regular users. So you would need to acquire the cert from that admin to the computer which will try to decrypt affected files.
I think think we could add some extra methods when the right Windows license with EFS lands on one of our hands.
Closed Jan 2, 2015 at 6:57 PM by decaf


lambchops wrote Feb 14, 2013 at 1:27 AM

Downloaded src to have a look at implementing these functions.... but a little lost as it appears that in the releases folder, there is 1.0 and not 1.5. Looking at the changes log it seems that you are up to 1.6? Functions like File.OpenBackupRead do not seem to be there.
Please advise :) thnx

Yomodo wrote Feb 14, 2013 at 8:37 AM


Just download and use the latest development build to start implementing.

Perhaps the BackupFileStream() and/or BackupStreamInfo() classes have what you need.


wrote Feb 14, 2013 at 7:38 PM

wrote Apr 16, 2014 at 12:14 PM

wrote May 19, 2014 at 7:14 PM

wrote Jan 2, 2015 at 6:57 PM