Forum rules
Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...How to identify Bitlocker protectors in PC3K DE
June 28th, 2024, 11:27
One of my customer has formatted OS SSD and afterwards his hard disk (both from laptop) has become inaccessible and is showing bitlocker encryption.
Customer is not aware of bitlocker & is not having microsoft account as well.
clear key bitlocker volumes can be decrypted in DE which asks me whether to decrypt. It shows both GUID for password & startup key . DE also shows volume label as well.
any suggestion pls.
Customer is not aware of bitlocker & is not having microsoft account as well.
clear key bitlocker volumes can be decrypted in DE which asks me whether to decrypt. It shows both GUID for password & startup key . DE also shows volume label as well.
any suggestion pls.
- Attachments
-
-
Re: How to identify Bitlocker protectors in PC3K DE
July 1st, 2024, 3:11
udma or anyone can decrypt only suspended bitlocker volume ( Drive is technically encrypted but encryption key is stored in unprotected volume).
VMK is clear key.
In this case it seems active protectors are present. Recovery might not be possible unless -
1) You can brute force using quantum computer
2) You are MS having backdoor
3) you are 3 letter agency.
VMK is clear key.
In this case it seems active protectors are present. Recovery might not be possible unless -
1) You can brute force using quantum computer
2) You are MS having backdoor
3) you are 3 letter agency.
Re: How to identify Bitlocker protectors in PC3K DE
July 1st, 2024, 3:33
terminator2 wrote:3) you are 3 letter agency.
Re: How to identify Bitlocker protectors in PC3K DE
July 1st, 2024, 7:02
terminator2 wrote:udma or anyone can decrypt only suspended bitlocker volume ( Drive is technically encrypted but encryption key is stored in unprotected volume).
VMK is clear key.
In this case it seems active protectors are present. Recovery might not be possible unless -
1) You can brute force using quantum computer
2) You are MS having backdoor
3) you are 3 letter agency.
I would like to know because in DE volume label is visible .Is that means MVK is somehow available ? I have carved bitlocker metadata & volume header , is it of any use?
Re: How to identify Bitlocker protectors in PC3K DE
July 2nd, 2024, 10:36
MISU wrote:terminator2 wrote:udma or anyone can decrypt only suspended bitlocker volume ( Drive is technically encrypted but encryption key is stored in unprotected volume).
VMK is clear key.
In this case it seems active protectors are present. Recovery might not be possible unless -
1) You can brute force using quantum computer
2) You are MS having backdoor
3) you are 3 letter agency.
I would like to know because in DE volume label is visible .Is that means MVK is somehow available ? I have carved bitlocker metadata & volume header , is it of any use?
Though keys are stored in multiple locations , its not like a file . I thinks its of no direct use.
Powered by phpBB © phpBB Group.