What it means to be "clear Key -No key " protectors

[terminator2]

Hi Friends I want your expert advice / help for critical technical challenge I am facing.
Most of the windows 10 laptops now a days are having default Bitlocker encryption enabled by Microsoft.
However microsoft doesn't intimate nor give key to customer. Protectors in such cases are weak (clear key /No key)
In DE there is utility to decrypt such volume. Some softwares (like UFS explorer) also supports this function.
I am working on few cases where user is not even aware of what is Bitlocker. No microsoft account is allowed by corporate security policy.

1) Case 1 --- IT engineer of customer formatted D drive which was having default Bitlocker encryption. Since all Metadata is lost data recovery seems to be impossible.
2) Case 2 ---- I have used 2/3 techniques to recover data from C drive (Bitlocker encrypted) , I could extract 80 GB of data as well.
Most of the jpg /video and some xls files are working while large no. of pdf and msoffice files are not recognized by msoffice.
I think full decryption has not been achieved .- customer wants all data .

My question is what is exactly clear key /No key --- if there is no key or blank key then what characters it is having ? Are they all spaces ? Since blank key is not accepted there must be some characters what are those characters.
How efficient is decryption from DE ? (My DE version is old and does not support this fuction)

Can someone pls. shade light on this ?
Thank you.

Attachments

[higgsboson]

possibly very few peoples know about it and they want to keep it secret with themselves. Unfortunately not much information is available and one has to learn it by own research only.

[bunty]

I am facing similar issue currently.
I have got a case where data is deleted from Bitlocker encrypted partition ( C drive desktop) .Bitlocker is having similar Nokey type protector
I could recover all data but except jpg most of the msoffice data is not recognized and has lost integrity.
I want to know whether deleted recovery from bitlocker encrypted drive is possible or not.

[digisupport]

@bunty,
What kind of drive are you trying to recover deleted data from ?

[bunty]

hi digisupport
This is 1 TB laptop internal disk having 2 partitions. C is showing encryption while D is open.
User has deleted data from C:\ user profile \Desktop while leaving organization. I have recovered data using many techniques ,there is far more corruption to msoffice data. Jpg seems to be not affected.

[Doomer]

Clear/open key USUALLY exists on drives where full decryption process is initiated.
When a user starts decrypting the drive, Bitlocker creates clear/open key metadata, so when decryption is paused, it can be resumed right away, even after a computer restart.
It also means that drive is PARTIALLY decrypted, so decrypting the WHOLE drive is a bad idea - some files will be decrypted twice(it will be garbage).

[terminator2]

Clear/open key USUALLY exists on drives where full decryption process is initiated.
When a user starts decrypting the drive, Bitlocker creates clear/open key metadata, so when decryption is paused, it can be resumed right away, even after a computer restart.
It also means that drive is PARTIALLY decrypted, so decrypting the WHOLE drive is a bad idea - some files will be decrypted twice(it will be garbage).

Here comes authoritative statement Thanks a lot Doomer.
I think this is what exactly happened in Bunty's case as data corruption is observed.
But now how to do partial decryption as without decryption software recovery does not give sector access .