I am an e-discovery engineer who recently performed a test collection on a Windows 8 Ultrabook. The system is GPT partitioned and utilizes the UEFI firmware. To clone the drive we first entered the UEFI and disabled secure boot, then we booted to a live Linux OS and created a DD (cloned) image of the drive containing the Windows 8 OS.
The Windows 8 OS has user data on it which was encrypted with Endpoint Encryption for Files and Folders. Prior to the collection the files opened but afterwards they report as corrupt. Would it be possible that disabling/re-enabling of secure boot had an adverse effect on the folder/file encryption?
In short, is the Endpoint Encryption for Files and Folders software tied in to the secure boot feature of UEFI?
Thank you for your time and consideration.