Bitlocker Recovery FAQ

How is the recovery process fulfilled? Does recovery use passwords or tokens and what happens if these are lost?

Recovery is via a recovery key (48 digit key) which needs to have been saved/printed when the workstation was set up.  If the computer is in a domain with the appropriate AD schema extensions and appropriate group policies, then it will be saved in Active Directory. 

Rule of thumb is No key = no possibility or recovering data.

Can recovery be done remotely?

No. (Except in the case of the hard disk being inserted into another Vista system, when the data drive can be unlocked later after the OS has booted)

Is it possible to recover a broken OS?

WindowsRE (bootable from DVD) is BitLocker aware and will allow the OS/data to be accessed/repaired once the recovery key is entered.

Is it possible to force recovery of a broken bitlocker install?

Booting WinRE or putting the HD in another Vista system.  However the recovery key is still required.

Can forensics be performed?

As with the broken OS, however if no key is available then the volume is not accessible

Comments

• Anonymous
  January 01, 2003
  PingBack from http://www.infosecblog.net/?p=129