We are committed to providing fast, efficient, and affordable software solutions that set new standards in the software development industry.
  • R-Studio for Linux Home Page
  • R-Studio for Linux Technical Documentation

BitLocker Drive Encryption


BitLocker Drive Encryption , or BitLocker , is a data protection feature introduced by Microsoft since Windows Vista. It implements some hard/software measures to encrypt either USB external flash drives or internal system SSD/HDD devices. You may read more about BitLocker Drive Encryption on the Microsoft site or Wikipedia .

 

There are following encryption methods (protectors in the Microsoft terms) that can be utilized in the BitLocker protection:

A TPM/TPM+PIN chip

A USB key (a flash drive containing a .bek file)

A user's password (not to confuse with a user's logon password) / recovery key

These methods can be used either individually or as a combination thereof. If they are used as a combination, knowing the decryption information for only one method is enough to unlock the device.

 

R‑Studio can unlock devices encrypted with BitLocker provided that all the necessary information is known.

BitLocker ToGo

This is the method used to lock external removable devices. The password or a recovery key is necessary to know to unlock the device. A recovery key may be in the printed form or contained in a file. A name of such a file has the following pattern: BitLocker Recovery Key 600397A9-48AA-4DE4-B775-C71EB130EA1B.txt , where the last characters is the BitLocker volume identifier. That file contains the BitLocker volume identifier and a recovery key.

To unlock a BitLocker ToGo device,

1 Locate the device and double-click the BitLocker partition.
Click to enlarge

BitLocker ToGo

2 Enter the password or recovery key and click the Unlock button.
Click to enlarge

BitLocker ToGo

> R‑Studio will unlock the volume
Click to enlarge

BitLocker ToGo

BitLocker System Drive Encryption

This is the method used to lock internal system drives.

Depending on what methods are used, the following information is necessary to know to unlock the drive.

A recovery key in the printed form or in a file. A name of such a file has the following pattern: BitLocker Recovery Key FDA7B96C-635E-45AA-BE63-00C3DB3771EE.txt , where the last characters is the BitLocker volume identifier. That file contains the BitLocker volume identifier and a recovery key.

A password used to start the preboot process. It shouldn't be confused with the password for the user's logon.

An external USB flash drive containing its .bek file. Note that Windows sets System and Hidden attributes for such files and Windows doesn't show such files by default.

To unlock a system drive with a BitLocker partition ,

1 Locate the device and double-click the BitLocker partition.
Click to enlarge

BitLocker System Drive Encryption

2 Enter the password or recovery key and click the Unlock button.
Click to enlarge

BitLocker System Drive Encryption

If you have the .bec file, click the Unlock by key file button and load the file.

> R‑Studio will unlock the volume
Click to enlarge

BitLocker System Drive Encryption

TPM/TPM+PIN modes

Only in registered R-Studio Technician/T80+ versions.

If only the TPM/TPM+PIN hardware was used to encrypt the partition, you must have either the FVEK (Full Volume Encryption Key) or VMK (Volume Master Key) data. Obtaining these keys is a very hard task, only quite advanced forensic professionals can do that using specialized hardware. Sometimes it may be possible to extract a FVEK from memory dumps and/or hibernation files, but this is still not a trivial process.

If you have FVEK or VMK data, click the Advanced button, select the key type of the data, enter the key or load a file with the key.

Click to enlarge

BitLocker TPM/TPM+PIN modes

R‑Studio for Linux will unlock the volume.

You may also save and load encryption information from a BitLocker Encryption volume.