ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "BitLocker Disk Encryption"

From ForensicsWiki
Jump to: navigation, search
m (See Also)
Line 12: Line 12:
  
 
== See Also ==
 
== See Also ==
[[BitLocker To Go]]
+
* [[BitLocker To Go]]
[[Defeating Whole Disk Encryption]]
+
* [[Defeating Whole Disk Encryption]]
  
 
== External Links ==
 
== External Links ==

Revision as of 02:00, 13 February 2009

BitLocker Disk Encryption is a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista.

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector:
EB 52 90 2D 46 56 45 2D 46 53 2D
or, in ASCII,
eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

Recovery Keys

See Also

External Links