BitLocker Disk Encryption
From Forensics Wiki
Revision as of 13:11, 17 September 2008 by .FUF
IndicatorDrives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector:
EB 52 90 2D 46 56 45 2D 46 53 2Dor, in ASCII,
The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.