Difference between revisions of "BitLocker Disk Encryption"
m (double "they have") |
(→See Also) |
||
| (6 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | BitLocker is a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]]. | + | '''BitLocker Disk Encryption''' is a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]]. It is also present in [[Windows 7]] along with a system for encrypting [[USB]] devices called [[BitLocker To Go]]. |
| − | + | Drives protected with BitLocker will have a different signature than the standard [[NTFS]] header. Instead, they have in their first sector: <tt>EB 52 90 2D 46 56 45 2D 46 53 2D</tt> or, in ASCII, <tt>eR -FVE-FS-</tt> | |
| − | + | The actual data on a drive is protected with either 128-bit or 256-bit [[AES]] and optionally diffused using an algorithm called Elephant. The key used to do that encryption, the Full Volume Encryption Key (FVEK), is stored in the BitLocker metadata on the protected volume. The FVEK is encrypted using another key, the Volume Master Key (VMK). Several copies of the VMK are also stored in the metadata. Each copy of the VMK is encrypted using another key. The nature of those keys and the algorithm used depends on how the system is configured. | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
== See Also == | == See Also == | ||
| − | [[Defeating Whole Disk Encryption]] | + | * [[FreeOTFE]] |
| + | * [[BitLocker To Go]] | ||
| + | * [[Defeating Whole Disk Encryption]] | ||
== External Links == | == External Links == | ||
| − | * | + | * Jesse D. Kornblum, [http://jessekornblum.com/publications/di09.html Implementing BitLocker for Forensic Analysis], ''Digital Investigation'', 2009 |
* [http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption Wikipedia entry on BitLocker] | * [http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption Wikipedia entry on BitLocker] | ||
* [http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true Microsoft's Step by Step Guide] | * [http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true Microsoft's Step by Step Guide] | ||
| Line 22: | Line 18: | ||
* [http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFAQ.mspx Microsoft FAQ] | * [http://www.microsoft.com/whdc/system/platform/hwsecurity/BitLockerFAQ.mspx Microsoft FAQ] | ||
* [http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en Microsoft Description of the Encryption Algorithm] | * [http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en Microsoft Description of the Encryption Algorithm] | ||
| + | * [http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm Cold Boot Attacks, Full Disk Encryption, and BitLocker] | ||
| + | |||
| + | [[Category:Disk encryption]] | ||
| + | [[Category:Windows]] | ||
Revision as of 05:40, 14 August 2009
BitLocker Disk Encryption is a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista. It is also present in Windows 7 along with a system for encrypting USB devices called BitLocker To Go.
Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector: EB 52 90 2D 46 56 45 2D 46 53 2D or, in ASCII, eR -FVE-FS-
The actual data on a drive is protected with either 128-bit or 256-bit AES and optionally diffused using an algorithm called Elephant. The key used to do that encryption, the Full Volume Encryption Key (FVEK), is stored in the BitLocker metadata on the protected volume. The FVEK is encrypted using another key, the Volume Master Key (VMK). Several copies of the VMK are also stored in the metadata. Each copy of the VMK is encrypted using another key. The nature of those keys and the algorithm used depends on how the system is configured.
See Also
External Links
- Jesse D. Kornblum, Implementing BitLocker for Forensic Analysis, Digital Investigation, 2009
- Wikipedia entry on BitLocker
- Microsoft's Step by Step Guide
- Microsoft Technical Overview
- Microsoft FAQ
- Microsoft Description of the Encryption Algorithm
- Cold Boot Attacks, Full Disk Encryption, and BitLocker
