Difference between revisions of "BitLocker Disk Encryption"

From ForensicsWiki
Jump to: navigation, search
(New page: BitLocker, introduced with Microsoft's Windows Vista, is a program for full volume encryption. == Indicator == Drives protected with BitLocker will have a different signature t...)
 
m
Line 1: Line 1:
BitLocker, introduced with [[Microsoft]]'s [[Windows Vista]], is a program for full volume encryption.  
+
BitLocker, introduced with [[Microsoft]]'s [[Windows|Windows Vista]], is a program for full volume encryption.  
  
 
== Indicator ==  
 
== Indicator ==  

Revision as of 12:40, 24 February 2007

BitLocker, introduced with Microsoft's Windows Vista, is a program for full volume encryption.

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector, they have
EB 52 90 2D 46 56 45 2D 46 53 2D
, or, in ASCII,
eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

External Links