BitLocker Disk Encryption

From ForensicsWiki
Revision as of 11:39, 24 February 2007 by Jessek (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

BitLocker, introduced with Microsoft's Windows Vista, is a program for full volume encryption.

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector, they have
EB 52 90 2D 46 56 45 2D 46 53 2D
, or, in ASCII,
eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

External Links