BitLocker Drive Encryption

BitLocker is a disk encryption of the company Microsoft, which is included in the Ultimate and Enterprise versions of Microsoft Windows from Windows Vista, Windows 7 and in Windows Server 2008 and later, and Windows 8 Pro.

Operation

BitLocker requires its own partition on the disk. It starts before the operating system and is defaulting on a Trusted Platform Module ( TPM) to in order to check whether the hardware is unchanged and therefore trustworthy. Microsoft recommends that in addition to force the entry of a PIN. Alternatively, or in addition to the PIN system start can be made dependent on whether a USB flash drive is plugged in with a key file. If none is configured by both, BitLocker does not appear as long as the area of the hard disk remains unchanged. For computers without a Trusted Platform Module can be provided without entering a PIN, but only one key file come on a USB stick for use.

Encryption is performed by AES with a key length of 128 or 256 bits.

Recovery functionality

Bitlocker Drive Encryption ( BDE also abbreviated ) stores the recovery data to decrypt the partition without a password during the encryption process in plain text on a disk and additional ( in managed environments ) in the Active Directory computer object. Here a key is created for each partition. If a TPM chip is used, the recovery password is also stored. For a data decryption So either the original password or the recovery password is required, a challenge-response authentication is not currently scheduled.

Software to attack the BitLocker encryption

There is a software available on the international market, which is sold to police departments, government agencies and private investigators. The function of this program package is that it is first read with a mounted BitLocker drive the memory. For this purpose, a program will be delivered to copy the contents of the RAM through the FireWire port. Can then be processed on another PC, the memory dump and present therein password are displayed. In order to access the protected data of the attacked computer immediately or at a later date is possible. However, a memory dump is only possible on a running computer. The same attack possibility also exists for similar programs as TrueCrypt.

Pictures of BitLocker Drive Encryption

129722
de