BitLocker Disk Encryption

BitLocker Disk Encryption is a Microsoft Full Volume Encryption solution first included with the Enterprise and Ultimate editions of Windows Vista.

Contents 1 Indicator 2 Algorithm 3 Recovery Keys 4 See Also 5 External Links

Indicator

Drives protected with BitLocker will have a different signature than the standard NTFS header. Instead, they have in their first sector:

EB 52 90 2D 46 56 45 2D 46 53 2D

or, in ASCII,

eR -FVE-FS-

Algorithm

The program uses either 128 or 256 AES with an elephant diffuser. See the links section for full details.

Recovery Keys

See Also

• BitLocker To Go
• Defeating Whole Disk Encryption

External Links

• Conducting forensic analysis on BitLocker protected volumes was discussed in the paper Implementing BitLocker for Forensic Analysis.
• Wikipedia entry on BitLocker
• Microsoft's Step by Step Guide
• Microsoft Technical Overview
• Microsoft FAQ
• Microsoft Description of the Encryption Algorithm
• Cold Boot Attacks, Full Disk Encryption, and BitLocker