BitLocker Disk Encryption

From ForensicsWiki
Revision as of 08:29, 10 May 2007 by Jessek (Talk | contribs)

Jump to: navigation, search

BitLocker ia a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista.

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector, they have
EB 52 90 2D 46 56 45 2D 46 53 2D
, or, in ASCII,
eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

Recovery Keys

External Links