What changed on Disk when I Enabled Bitlocker and configured bitlocker protected data partitions
I was curious to see what changes Bitlocker make on my raw disk, So i picked my dskprobe and had a quick look and I will like to share a few changes i saw. There is lot more which gets changed but not covered below.
On the OS partition i.e. on my C drive, I used dskprobe and opened its NTFS boot sector and i see the OEM ID string saying FVE_FS instead of NTFS. I also saw that "clusters to MFT mirror" is not actually pointing to clusters to MFT mirror but to....see below
I figured out that this is the start of FVE metadata as visible and also GAUEPSSSET01 is the name of my computer and the the value of "clusters to MFT mirror" is stored in the FVE metadata itself. so FVE_FS is one way to find out backup copies of FVE metadata and better way is to use bitlocker repair tool if ever required.
For more information about bitlocker repair tool please have a look at article given below.
928201 How to use the BitLocker Repair Tool to help recover data from an encrypted volume in Windows Vista
https://support.microsoft.com/default.aspx?scid=kb;EN-US;928201
Now i wanted to see what happens in case of data partitions protected by bitlocker of course on a vista sp1 machine.
yes with windows vista sp1 (still in beta) you should be able to protect your data partitions as you may see below
I once again used dskprobe and opened the NTFS boot sector of one of the data partitions.
There is lot more which gets changed but not covered here.
For more information about dskprobe (part of support tools) see below:
Gaurav Anand
This posting is provided "AS IS" with no warranties, and confers no rights.