Using the Windows Encrypting File System

Confidentiality of data is a serious matter.  I will spend some time looking at different ways we can encrypt this data for a safer environment.

I’m going to do a several part blog on Windows EFS.  The focus will be with Windows 7 because that is what I’m using and thus able to share current testing and experiences with.  I’ll progress in the coming days to other “open source” encryption systems but begin with my local Windows 7.

First EFS Warning:  

If you lock yourself out, you will be locked out.  EFS is supported on NTFS formatted drives, which is the default disk format for Windows as well as many hard disk and drives.  If you have encrypted files or folders and back that up to an NTFS drive, it also will be encrypted.  “Thus if you lose your encryption key, or if something else goes wrong, then you’ll not only lose access to the files on your hard drive, but you’ll also lose access to your backup copy too.  It’s a warning that EFS doesn’t tell you about and it’s a mistake I’ve seen too many people make.” (Halsey, 2011)

Second EFS Warning:

The crypto in EFS is solid, but you must be aware of what it is doing.  It will encrypt what you tell it to encrypt and no more.  There might be metadata scattered about on a drive, or even unencrypted original versions of your document that were only erased visibly from your FAT table, and still there.  Forensics could perhaps find these earlier versions that are unencrypted.

Third EFS Warning:

In general if your system was stolen any EFS protected files will be safe, but only to the extent of your Windows password strength.  The encryption keys EFS uses are unlocked by your Windows user password.   

Fourth EFS Warning:

Backup your certificate because if your certificate on your system gets corrupted it will also lock you out.    So always make an encrypted backup of your certs with a strong password, and keep the copy elsewhere for safety sake.



Halsey, M. (2011, July 8). Avoiding EFS Encryption Disasters in Windows. Retrieved Dec 28, 2011, from


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s