ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Difference between revisions of "BitLocker Disk Encryption"

From ForensicsWiki
Jump to: navigation, search
(New page: BitLocker, introduced with Microsoft's Windows Vista, is a program for full volume encryption. == Indicator == Drives protected with BitLocker will have a different signature t...)
 
m
Line 1: Line 1:
BitLocker, introduced with [[Microsoft]]'s [[Windows Vista]], is a program for full volume encryption.  
+
BitLocker, introduced with [[Microsoft]]'s [[Windows|Windows Vista]], is a program for full volume encryption.  
  
 
== Indicator ==  
 
== Indicator ==  

Revision as of 16:40, 24 February 2007

BitLocker, introduced with Microsoft's Windows Vista, is a program for full volume encryption.

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector, they have
EB 52 90 2D 46 56 45 2D 46 53 2D
, or, in ASCII,
eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

External Links