All times are UTC - 5 hours [ DST ]


Forum rules


Please do not post questions about data recovery cases here (use this forum instead). This forum is for topics on finding new ways to recover data. Accessing firmware, writing programs, reading bits off the platter, recovering data from dust...



Post new topic Reply to topic  [ 7 posts ] 
Author Message
 Post subject: What it means to be "clear Key -No key " protectors
PostPosted: February 7th, 2022, 2:24 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
Hi Friends I want your expert advice / help for critical technical challenge I am facing.
Most of the windows 10 laptops now a days are having default Bitlocker encryption enabled by Microsoft.
However microsoft doesn't intimate nor give key to customer. Protectors in such cases are weak (clear key /No key)
In DE there is utility to decrypt such volume. Some softwares (like UFS explorer) also supports this function.
I am working on few cases where user is not even aware of what is Bitlocker. No microsoft account is allowed by corporate security policy.

1) Case 1 --- IT engineer of customer formatted D drive which was having default Bitlocker encryption. Since all Metadata is lost data recovery seems to be impossible.
2) Case 2 ---- I have used 2/3 techniques to recover data from C drive (Bitlocker encrypted) , I could extract 80 GB of data as well.
Most of the jpg /video and some xls files are working while large no. of pdf and msoffice files are not recognized by msoffice.
I think full decryption has not been achieved .- customer wants all data .

My question is what is exactly clear key /No key --- if there is no key or blank key then what characters it is having ? Are they all spaces ? Since blank key is not accepted there must be some characters what are those characters.
How efficient is decryption from DE ? (My DE version is old and does not support this fuction)

Can someone pls. shade light on this ?
Thank you.


Attachments:
mv1.jpg
mv1.jpg [ 484.07 KiB | Viewed 11392 times ]
MV BTC.1jpg.jpg
MV BTC.1jpg.jpg [ 254.66 KiB | Viewed 11392 times ]
ALL Key No key.jpg
ALL Key No key.jpg [ 94.08 KiB | Viewed 11392 times ]
Top
 Profile  
 
 Post subject: Re: What it means to be "clear Key -No key " protectors
PostPosted: February 10th, 2022, 0:40 
Offline

Joined: September 1st, 2012, 6:16
Posts: 182
Location: Universe
possibly very few peoples know about it and they want to keep it secret with themselves. Unfortunately not much information is available and one has to learn it by own research only.


Top
 Profile  
 
 Post subject: Re: What it means to be "clear Key -No key " protectors
PostPosted: February 10th, 2022, 8:08 
Offline

Joined: March 9th, 2017, 6:16
Posts: 103
Location: trinidad
I am facing similar issue currently.
I have got a case where data is deleted from Bitlocker encrypted partition ( C drive desktop) .Bitlocker is having similar Nokey type protector
I could recover all data but except jpg most of the msoffice data is not recognized and has lost integrity.
I want to know whether deleted recovery from bitlocker encrypted drive is possible or not.


Top
 Profile  
 
 Post subject: Re: What it means to be "clear Key -No key " protectors
PostPosted: February 10th, 2022, 8:32 
Offline
User avatar

Joined: March 6th, 2010, 3:46
Posts: 601
Location: Kolding | Denmark
@bunty,
What kind of drive are you trying to recover deleted data from ?

_________________
Digitalsupport Data Recovery
https://digitalsupport.dk


Top
 Profile  
 
 Post subject: Re: What it means to be "clear Key -No key " protectors
PostPosted: February 11th, 2022, 8:58 
Offline

Joined: March 9th, 2017, 6:16
Posts: 103
Location: trinidad
hi digisupport
This is 1 TB laptop internal disk having 2 partitions. C is showing encryption while D is open.
User has deleted data from C:\ user profile \Desktop while leaving organization. I have recovered data using many techniques ,there is far more corruption to msoffice data. Jpg seems to be not affected.


Top
 Profile  
 
 Post subject: Re: What it means to be "clear Key -No key " protectors
PostPosted: February 11th, 2022, 18:39 
Offline
User avatar

Joined: September 29th, 2005, 12:02
Posts: 3561
Location: Chicago
Clear/open key USUALLY exists on drives where full decryption process is initiated.
When a user starts decrypting the drive, Bitlocker creates clear/open key metadata, so when decryption is paused, it can be resumed right away, even after a computer restart.
It also means that drive is PARTIALLY decrypted, so decrypting the WHOLE drive is a bad idea - some files will be decrypted twice(it will be garbage).

_________________
SAN, NAS, RAID, Server, and HDD Data Recovery.


Top
 Profile  
 
 Post subject: Re: What it means to be "clear Key -No key " protectors
PostPosted: February 12th, 2022, 1:22 
Offline

Joined: November 23rd, 2010, 13:32
Posts: 461
Location: brisbane
Doomer wrote:
Clear/open key USUALLY exists on drives where full decryption process is initiated.
When a user starts decrypting the drive, Bitlocker creates clear/open key metadata, so when decryption is paused, it can be resumed right away, even after a computer restart.
It also means that drive is PARTIALLY decrypted, so decrypting the WHOLE drive is a bad idea - some files will be decrypted twice(it will be garbage).


Here comes authoritative statement Thanks a lot Doomer.
I think this is what exactly happened in Bunty's case as data corruption is observed.
But now how to do partial decryption as without decryption software recovery does not give sector access .


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 7 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 21 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group