Recovery of disks and partitions encrypted by BitLocker

Artem Makarov aka Robin

I had an interesting order from other city. It was hardwarily correct drive WD 640 Gb, it had two logic partitions. The first one was used by system, the other was reserved for data storing. Second disk data was encrypted by Windows means, exactly by Windows build-in encryption BitLocker function.

This technology appeared in Windows 7 and it is intended for user information protection. In contrast to described earlier EFS recovery where separate files are encrypted in case of BitLocker the whole partition is encrypted. During file copying from encrypted partition decryption occurs immediately but if BitLocker partition fails and it is inaccessible, actions of disk decryption are needed.

In this particular situation computer power failure took place, so after re-initiation when user entered password to access encrypted partition a message of partition decryption impossibility appeared.

During first launch of BitLocker system prompted to create a recovery key for BitLocker partition to use it in case when standard decryption of Windows partition is impossible to carry out, an error message appears.

When such key is created and saved it is possible to recover the partition with help of console command. To do this a disk of larger dimension then encrypted partition is necessary, the data on which will be lost. In most cases after usage of console command we have to analyze additionally damaged file structure and recover data from such partition to another external storage or segment.

If the key was not created or was lost and in case when recovery process ends with error or failure despite the availability of BitrLocker decryption key, data decryption with additional processing power is necessary, this increases the deadline and total cost of service.

Write a comment