Difference between revisions of "BitLocker Disk Encryption"

Revision as of 21:00, 12 February 2009

BitLocker Disk Encryption is a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista.

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector:

EB 52 90 2D 46 56 45 2D 46 53 2D

or, in ASCII,

eR -FVE-FS-

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

@@ Line 1: / Line 1: @@
-BitLocker is a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]].
+'''BitLocker Disk Encryption''' is a [[Microsoft]] [[Full Volume Encryption]] solution first included with the Enterprise and Ultimate editions of [[Windows|Windows Vista]].
 == Indicator ==
@@ Line 12: / Line 12: @@
 == See Also ==
+[[BitLocker To Go]]
 [[Defeating Whole Disk Encryption]]
 == External Links ==
-* Conducting forensic analysis on BitLocker protected volumes was discussed in the paper [http://jessekornblum.com/research/papers/bitlocker.pdf Implementing BitLocker for Forensic Analysis].
+* Conducting forensic analysis on BitLocker protected volumes was discussed in the paper [http://jessekornblum.com/publications/di09.html Implementing BitLocker for Forensic Analysis].
 * [http://en.wikipedia.org/wiki/BitLocker_Drive_Encryption Wikipedia entry on BitLocker]
 * [http://technet2.microsoft.com/WindowsVista/en/library/c61f2a12-8ae6-4957-b031-97b4d762cf311033.mspx?mfr=true Microsoft's Step by Step Guide]