How does BitLocker protect my data?

I presume that if I set a password for my computer and then protect the C: drive with bitlocker then not even FBI can do anything about it.

Without password for my user, will bitlocker has any uses?

asked Aug 24, 2014 at 12:10

5

Decrypting software is available but most of the time it requires access to your memory first. Since memory is volatile, the minute you restart and your encrypted device is dismounted it becomes impossible to decrypt. There are computers being built for the sole purpose of decryption which will make it easier to crack depending on the type of encryption algorithm you use.

The password you set for a user account on windows when you login is probably the easiest thing to bypass, software like Trinity can simply remove the password of a user account and let anyone in. In the case of theft, the thief could easily remove your hard drives and put them in another computer as secondary hard drives which would enable them access to their contents.

However, Bitlocker works differently. With Bitlocker one can encrypt a single file or an entire drive with an algorithm that requires a brute force attack in order to bypass.

So when you access a Bitlocker drive you will be prompted for a password which, when correct, will allow you access to its contents. This occurs because the password is being used to decrypt the contents.

answered Aug 24, 2014 at 17:19

ThreaTThreaT

1441 silver badge6 bronze badges

Bitlocker does full disk encryption. The encryption keys are kept in RAM when the OS is running.

There are ways to bypass the Windows logon screen. Also, when the computer is running, the bitlocker encryption keys are in RAM and with the right equipment it is possible to access it. Therefore it is important that the adversary cannot boot the computer to Windows or get physical access to the running computer.

You need to take at least the following safety measures:

• Never leave the computer running unattended. This includes suspend mode. Hibernate is OK.
• Store the bitlocker key in the TPM, with a strong pass phrase.
• Back up the bit locker recovery key in a safe place or you will lose access to your data yourself when the TPM acts up.

answered Aug 24, 2014 at 20:47

AntonAnton

3452 silver badges6 bronze badges

1

Bypassing your password is easy. Search for "windows password reset" for many possible options.

Bitlocker is not secure if someone has physical access to your computer.

From First commercial tool to crack BitLocker arrives :

Passware, a software firm that provides password recovery, decryption, and evidence discovery software for computer forensics, has updated its flagship application this week to support breaking Microsoft's BitLocker hard drive encryption. Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available software to crack BitLocker Drive Encryption.

Passware claims that full disk encryption was a major problem for investigators and that its tool helps police, law enforcement, and private investigators bypass BitLocker encryption for seized computers. That may be, but since this is a commercially available product, anyone with $795 can now circumvent the encryption. Add to that the fact that previous versions of this software have been pirated (version 9.0 was released earlier this year), and it's only a matter of time before even the price point doesn't matter.

See also Researchers break into BitLocker and the full paper Attacking the BitLocker Boot Process

answered Aug 24, 2014 at 17:11

DavidPostill♦DavidPostill

146k75 gold badges340 silver badges377 bronze badges

3

Can BitLocker protect your data while system is?

What does BitLocker do to files?

Does BitLocker prevent data recovery?