Difference between revisions of "BitLocker Disk Encryption"

From ForensicsWiki
Jump to: navigation, search
(Added which editions have it)
m
Line 1: Line 1:
BitLocker ia a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]].  
+
BitLocker is a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]].  
  
 
== Indicator ==  
 
== Indicator ==  
  
Drives protected with BitLocker will have a different signature than the standard [[NTFS]] header. Instead, they have in their first sector, they have <pre>EB 52 90 2D 46 56 45 2D 46 53 2D</pre>, or, in ASCII, <pre>eR -FVE-FS-</pre>
+
Drives protected with BitLocker will have a different signature than the standard [[NTFS]] header. Instead, they have in their first sector, they have <pre>EB 52 90 2D 46 56 45 2D 46 53 2D</pre> or, in ASCII, <pre>eR -FVE-FS-</pre>
  
 
== Algorithm ==
 
== Algorithm ==

Revision as of 11:34, 19 April 2008

BitLocker is a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista.

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector, they have
EB 52 90 2D 46 56 45 2D 46 53 2D
or, in ASCII,
eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

Recovery Keys

External Links