All times are UTC - 5 hours [ DST ]


Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: How to identify Bitlocker protectors in PC3K DE
PostPosted: June 28th, 2024, 11:27 
Offline

Joined: November 1st, 2023, 13:36
Posts: 47
Location: Data Recovery
One of my customer has formatted OS SSD and afterwards his hard disk (both from laptop) has become inaccessible and is showing bitlocker encryption.
Customer is not aware of bitlocker & is not having microsoft account as well.
clear key bitlocker volumes can be decrypted in DE which asks me whether to decrypt. It shows both GUID for password & startup key . DE also shows volume label as well.
any suggestion pls.


Attachments:
4.PNG
4.PNG [ 14.77 KiB | Viewed 867 times ]
3.PNG
3.PNG [ 49.71 KiB | Viewed 867 times ]
Top
 Profile  
 
 Post subject: Re: How to identify Bitlocker protectors in PC3K DE
PostPosted: July 1st, 2024, 3:11 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 495
Location: brisbane
udma or anyone can decrypt only suspended bitlocker volume ( Drive is technically encrypted but encryption key is stored in unprotected volume).
VMK is clear key.
In this case it seems active protectors are present. Recovery might not be possible unless -
1) You can brute force using quantum computer
2) You are MS having backdoor
3) you are 3 letter agency.


Top
 Profile  
 
 Post subject: Re: How to identify Bitlocker protectors in PC3K DE
PostPosted: July 1st, 2024, 3:33 
Offline
User avatar

Joined: January 28th, 2009, 10:54
Posts: 3481
Location: Greece
terminator2 wrote:
3) you are 3 letter agency.

:lol:

_________________
http://www.northwind.gr
SandForce SSD Recovery
Ransomware Reverse Engineering - NoMoreRansom! partners


Top
 Profile  
 
 Post subject: Re: How to identify Bitlocker protectors in PC3K DE
PostPosted: July 1st, 2024, 7:02 
Offline

Joined: November 1st, 2023, 13:36
Posts: 47
Location: Data Recovery
terminator2 wrote:
udma or anyone can decrypt only suspended bitlocker volume ( Drive is technically encrypted but encryption key is stored in unprotected volume).
VMK is clear key.
In this case it seems active protectors are present. Recovery might not be possible unless -
1) You can brute force using quantum computer
2) You are MS having backdoor
3) you are 3 letter agency.


I would like to know because in DE volume label is visible .Is that means MVK is somehow available ? I have carved bitlocker metadata & volume header , is it of any use?


Top
 Profile  
 
 Post subject: Re: How to identify Bitlocker protectors in PC3K DE
PostPosted: July 2nd, 2024, 10:36 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 495
Location: brisbane
MISU wrote:
terminator2 wrote:
udma or anyone can decrypt only suspended bitlocker volume ( Drive is technically encrypted but encryption key is stored in unprotected volume).
VMK is clear key.
In this case it seems active protectors are present. Recovery might not be possible unless -
1) You can brute force using quantum computer
2) You are MS having backdoor
3) you are 3 letter agency.


I would like to know because in DE volume label is visible .Is that means MVK is somehow available ? I have carved bitlocker metadata & volume header , is it of any use?

Though keys are stored in multiple locations , its not like a file . I thinks its of no direct use.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group