Today we’ll describe how to recuperate knowledge from a broken or inaccessible laborious drive encrypted utilizing BitLocker. We will present you a easy case and a case with a broken BitLocker drive. Such a subject might happen due to file system corruption on an encrypted disk (for instance, harm to the laborious disk space through which BitLocker shops necessary data brought on by an surprising system shutdown), the lack to boot the OS or the BitLocker restoration console, and comparable failures that forestall regular opening of the encrypted. The described issues can come up each with a system disk, and with a detachable exterior or USB disk.
We will use the utility Repair-bde.exe (BitLocker Repair Tool) for knowledge restoration, a command line instrument appeared in Windows 7 / Server 2008 R2. It is used to entry and recuperate the encrypted knowledge on a broken drive encrypted with BitLocker.
Requirements for knowledge restoration from a BitLocker quantity
To recuperate knowledge from a BitLocker-encrypted drive, you need to have at the least one of many following BitLocker safety parts:
- BitLocker restoration password (the one that you simply enter within the Windows GUI if you unlock an encrypted disk);
- The BitLocker Recovery key;
- System startup key (.bek) – a key on a USB flash drive that enables you to robotically decrypt the boot partition with out requiring the consumer to enter a BitLocker password.
The BitLocker Recovery Key is a singular sequence of 48 characters. The restoration secret’s generated when creating the BitLocker quantity, it may be printed (and saved in a secure place, for instance, in a secure), saved to a textual content file on an area drive (this isn’t advisable, as a result of if this disk is broken, you received’t find a way to decrypt your knowledge) or on exterior drive, or saved to your on-line Microsoft account.
BitLocker restoration key may be present in your account on the Microsoft web site. Follow the hyperlink https://onedrive.dwell.com/recoverykey.
If you don’t have entry to the BitLocker restoration key, you then received’t find a way to entry your encrypted knowledge. Because BitLocker is designed to shield your information from different customers.
A number of nuances concerning the restoration of knowledge from the BitLocker drive. Data wants to be restored to a separate disk with at the least the identical dimension because the encrypted one. During the restoration all of the contents of this disk can be deleted and changed with the decrypted knowledge from the BitLocker quantity. In our instance, the disk F: (2 GB in dimension) is a USB keep on with the contents encrypted utilizing BitLocker, which isn’t opened due some motive. To recuperate the information, we mounted a further exterior laborious disk Data (G:) with the dimensions of 10 GB.
How to unlock a BitLocker encrypted drive in Windows?
The easiest state of affairs is if you want to unlock an BitLocker encrypted drive from Windows. You in all probability have an exterior drive or USB flash drive protected with BitLocker that doesn’t open, otherwise you need to open an encrypted drive on one other pc.
Connect the drive to your pc and go to the Control Panel -> System and Security -> BitLocker Drive Encryption (obtainable in Professional and better Windows editions). In the record of disks, choose the BitLocker encrypted disk and click on Unlock Drive.
Depending on the safety technique, specify the password, PIN restoration key and join the good card to unlock the drive. If you don’t know the password, however the restoration key has been saved, choose Advanced settings -> Enter restoration key.
If you’ve a number of restoration keys, you possibly can decide the restoration key you want utilizing the identifier that’s displayed within the window. If you specify the right key, the disk is unlocked and you’ll entry the information on it.
How to unlock a BitLocker drive the place Windows is put in?
Consider a case the place your system drive (the place Windows is put in) is encrypted utilizing BitLocker and for some motive your Windows doesn’t boot accurately (blue display of demise, hangs on boot, , and many others.).
Try to run the Windows Recovery Environment (it is going to robotically begin if Windows fails to boot three instances in a row). If will not be working, you possibly can boot from the Windows 10 set up disk, the , or one other bootable disk. To tun the command immediate, choose Troubleshoot -> Advanced choices -> Command Prompt, or press Shift + F10.
Check the standing of all of the disks on the pc utilizing the command line (that is the way you establish the Bitlocker encrypted drive):
The results of the command for one (or a number of) of the disks ought to comprise the next textual content: “BitLocker Drive Encryption: Volume D”. So you’ve disk D encrypted.
Unlock it by working the command:
manage-bde -unlock D: -pw
The command will ask you to enter your BitLocker password:
Enter the password to unlock this quantity:
If the password is appropriate, a message will seem:
The password efficiently unlocked quantity D:.
Your disk is decrypted and you’ll proceed to restore the OS.
If you need to fully disable the BitLocker drive safety, run:
manage-bde -protectors -disable D:
Restart the pc. Now the Windows boot drive will not be encrypted.
Data restoration utilizing the BitLocker password
First of all, strive to restore your knowledge utilizing this technique (it really works in Windows 10, eight.1 / Server 2012 /R2/2016 or greater):
- Run the command immediate as an administrator;
- Run the next command:
repair-bde F: G: -pw –Force, the place F: is a disk with the BitLocker knowledge, and G: is a disk to extract the decrypted knowledge to;
- While executing the command, you’ll have to enter the BitLocker password (the one a consumer specifies within the Windows GUI to entry the encrypted quantity).
Decrypt the quantity utilizing a Bitlocker restoration key
To decrypt knowledge on a broken quantity encrypted with Bitlocker, you will have a restoration key or system boot key (if the system partition is encrypted).
Run the information restoration utilizing this key:
repair-bde F: G: -rp 288209-513086-417508-646412-162954-590672-167552-664563 –Force
If BitLocker is used to encrypt the Windows system partition and a particular boot key on the USB flash drive is used to boot the system, you possibly can decrypt the quantity this manner:
repair-bde F: G: -rk I:2F538474-923D-4330-4549-61C32BA53345.BEK –Force
the place 2F538474-923D-4330-4549-61C32BA53345.BEK is a key to run the Bitlocker Drive Encryption on the USB flash drive I: (by default, this file is hidden).
After the information restoration and decryption are over, you’ve to examine the disk to which the quantity contents has been extracted prior to opening it. To do it, run the next command and wait until the method is full:
Chkdsk G: /f
How to entry a BitLocker encrypted drive in Linux?
You can open a BitLocker encrypted disk in Linux. To do that, you want the DisLocker utility and the BitLocker restoration key.
Some distributions (for instance, Ubuntu) have already got a dislocker utility. If the utility will not be put in, obtain and compile it manually:
tar -xvjf dislocker.tar.gz
The INSTALL.TXT file signifies that you simply want to set up the libfuse-dev bundle:
sudo apt-get set up libfuse-dev
Now compile the bundle:
cd src/make make set up
Go to the mnt listing and create two directories (for the encrypted and decrypted partition):
mkdir Encr-partmkdir Decr-part
Find the encrypted partition (fdisk –l command) and decrypt it utilizing the restoration key within the second listing:
dislocker -r -V /dev/sdb1 -p your-bitlocker-recovery-key /mnt/Encr-part
In this instance, we use the DisLocker utility in FUSE mode (Filesystem in Userspace), which permits customers to create their very own file programs with out privileges. In FUSE mode, solely the block that the system accesses (“on the fly”) is decrypted. At the identical time, knowledge entry time will increase, however this mode is far safer.
Mount the partition:
mount -o loop Driveq/dislocker-file /mnt/Decr-part
You ought to now see all of the information on the encrypted partition.