Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
BitLocker Decryption Explained
#1
Quote:Decrypting BitLocker volumes or images is challenging due to the various encryption options offered by BitLocker that require different information for decryption.

This article explains BitLocker protectors and talks about the best ways to get the data decrypted, even for computers that are turned off.

BitLocker Encryption Options
Protectors that can be used to encrypt a BitLocker volume include:

TPM (Trusted Platform Module chip)
TPM+PIN
Startup key (on a USB drive)
TPM+PIN+Startup key
TPM+Startup key
Password
Recovery key (numerical password; on a USB drive)
Recovery password (on a USB drive)
Active Directory Domain Services (AD DS) account

Quote:Detailed information on each protector type, in accordance with Microsoft documentation, is provided below:

TPM. BitLocker uses the computer’s TPM to protect the encryption key. If you specify this protector, users can access the encrypted drive as long as it is connected to the system board that hosts the TPM and the system boot integrity is intact. In general, TPM-based protectors can only be associated to an operating system volume.
TPM+PIN. BitLocker uses a combination of the TPM and a user-supplied Personal Identification Number (PIN). A PIN is four to twenty digits or, if you allow enhanced PINs, four to twenty letters, symbols, spaces, or numbers.
Startup key. BitLocker uses input from a USB memory device that contains the external key. It is a binary file with a .BEK extension.
TPM+PIN+Startup key. BitLocker uses a combination of the TPM, a user-supplied PIN, and input from a USB memory device that contains an external key.
TPM+Startup key. BitLocker uses a combination of the TPM and input from a USB memory device that contains an external key.
Password. A user-supplied password is used to access the volume.
Recovery key. A recovery key, also called a numerical password, is stored as a specified file in a USB memory device. It is a sequence of 48 digits divided by dashes.
Active Directory Domain Services account. BitLocker uses domain authentication to unlock data volumes. Operating system volumes cannot use this type of key protector.
Any of these protectors encrypt a BitLocker Volume Master Key (VMK) to generate a Full Volume Encryption Key (FVEK), which is then used to encrypt the volume.

SOURCE
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)