Difference between revisions of "BitLocker Disk Encryption"

Revision as of 13:11, 17 September 2008

BitLocker is a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista.

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector:

EB 52 90 2D 46 56 45 2D 46 53 2D

or, in ASCII,

eR -FVE-FS-

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

@@ Line 1: / Line 1: @@
-BitLocker, introduced with [[Microsoft]]'s [[Windows Vista]], is a program for full volume encryption.
+BitLocker is a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]].
 == Indicator ==
-Drives protected with BitLocker will have a different signature than the standard [[NTFS]] header. Instead, they have in their first sector, they have <pre>EB 52 90 2D 46 56 45 2D 46 53 2D</pre>, or, in ASCII, <pre>eR -FVE-FS-</pre>
+Drives protected with BitLocker will have a different signature than the standard [[NTFS]] header. Instead, they have in their first sector: <pre>EB 52 90 2D 46 56 45 2D 46 53 2D</pre> or, in ASCII, <pre>eR -FVE-FS-</pre>
 == Algorithm ==
 The program uses either 128 or 256 [[AES]] with an elephant diffuser. See the links section for full details.
+== Recovery Keys ==
+== See Also ==
+[[Defeating Whole Disk Encryption]]
 == External Links ==
+* Conducting forensic analysis on BitLocker protected volumes was discussed in the paper [http://jessekornblum.com/research/papers/bitlocker.pdf Implementing BitLocker for Forensic Analysis].
 * [http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption Wikipedia entry on BitLocker]
 * [http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true Microsoft's Step by Step Guide]