Bitlocker Recovery. Restoring Encrypted NTFS Volumes
The newest addition to the family of sophisticated data recovery technologies developed by DiskInternals allows recovering data from BitLocker-encrypted NTFS partitions created in Windows 7 and Vista. Currently available in DiskInternals EFS Recovery, the new technology will be gradually embedded into DiskInternals’ other recovery products.
Background: What Is BitLocker?
Essentially, BitLocker is just a name used by Microsoft to describe an algorithm employed in Windows Vista and Windows 7 to encrypt disk volumes sector by sector. BitLocker is something else than setting security permissions on files and folders, and is different from EFS (Encrypted File System) used for encrypting files and folders from the Security tab in Windows Explorer.
Unlike other access restriction and content encryption methods employed in Microsoft latest operating systems, BitLocker deals with entire disk volumes. The algorithm uses low-level, sector-by-sector encryption to protect the entire partition, disk, or disk volume.
Two versions of BitLocker exist. The first version, BitLocker 1.0, is used in Windows Vista. This version of BitLocker has certain limitations on which volumes can be encrypted.
Windows 7 uses BitLocker 2.0. The second version of BitLocker is much easier to use, lifting most limitations of the first edition. Apparently, Windows Vista PCs won’t be able to natively access volumes using BitLocker 2.0 encryption. DiskInternals works around these limitations, making such access easily possible - providing that you know the original password or volume recovery key.
Recovering BitLocker Volumes: Recovery Keys
DiskInternals can recover files and folders from damaged volumes using BitLocker encryption. However, one important pre-requisite must be met. You have to supply the original encryption password or volume Recovery Key generated by BitLocker at the time the protected volume was created.
DiskInternals does not, and will not break into protected volumes if the original password or volume recovery key is unknown. This is as much of a policy issue as it is a technological limitation. BitLocker protection is strong enough to sustain many years of brute-force attacks.
The password part is simple; if access to your BitLocker volume was protected with a password, simply enter that password into DiskInternals EFS Recovery when prompted, and the recovery will go on seamlessly.
Volume Recovery Keys are something else. These keys are returned by BitLocker at the time the encrypted volume is created and if hardware Trusted Platform Module keys, USB keys or combinations of thereof are employed for transparent encryption. A proper Recovery Key may look like this:
If you used a USB key to unlock your BitLocker volume, the Recovery Key (in the format shown above) is stored in a .BEK file with a name that looks like this:
The Easy Part
Everything else is quite easy. To recover files and folders from the encrypted drive, launch EFS Recovery and enter your volume Recovery Key. If the key matches, the product will automatically scan the BitLocker volume to locate any recoverable files and folders, detecting and fixing file system errors if that option is selected. Everything happens completely automatically; all you need to do is selecting which files to recover.
DiskInternals EFS Recovery overcomes limitations of older versions of Windows being unable to natively access BitLocker volumes. You can run DiskInternals EFS Recovery on Windows 2000, XP, 2003 Server, Vista, Windows 7 or 2008 Server, and it will still be able to successfully recover BitLocker 1.0 and 2.0 volumes completely automatically.