Bitlocker is a full disk encryption feature, which is included in the Enterprise and ultimate editions of Windows Vista and Windows 7 and also the Enterprise and Pro editions of Windows 8 and 8.1, as well as Windows Server 2008. Encryption is provided in the whole volume of the drive and the main objective is the data protection. The default algorithm used is the AES encryption algorithm. The mode used is cipher block chaining. The disk encryption security, which cannot be provided by AES, can be provided by the Elephant Diffuser. CBC is being used for individual disk sector and not for the whole disk. Bitlocker is a logical volume encryption system. It can also span across one or two physical drives and is not limited to a hard disk drive. The integrity of the trusted boot path is maintained by Bitlocker and the TPM thus, ensuring prevention of boot sector malware or offline physical attacks.
Intruders can gain access into the files and passwords stored into Windows platform and others systems on the computer, without knowing the passwords. This is made possible by booting in their own operating system like Windows or Linux with the help of a special disc or USB flash drive. Then they can access other drives just like any common user of the system. The only way for data protection is through encryption of the entire hard disk. This type of operation requires adequate amount of time but is needed for security purpose.
It is also great for laptops and other devices, which can easily get lost. Bitlocker offers protection for not only the personal files and other documents but also the system files as well as the cached and saved passwords on the drive. There are not much noticeable differences once encryption is done. There is no requirement for an encryption software being used, other than the normal Windows password. But, some stringent requirements need to be followed like the drive must have two NTFS drive partitions- a system and operating system partition.
Let us now discuss what happens when the encryption password is lost, as data recovery is made more complicated nowadays, with new and single encryption standard for existing disk drives. The current disk- encryption specifications allow users to have more than one password, to access the data so that if the user loses one password then the other backup password can be used. There are some password settings that can erase the hard drive but the data will be gone, in that case. Under the present scenario, if the drive becomes corrupted and the hardware is also damaged, then the user’s disk can only be retrieved with the user password. The efforts are being made to recover data from the encrypted hard drive without the use of the user password, by a special technique for recovery. However, currently if the user loses the password and there is a corruption or damage of the drive then there is no way for data recovery.
The recovery from Full Disk Encryption (FDE) is a much more complicated process. This is complex because it is encryption at the hardware level. We have discussed disk encrypting software, which can encrypt the hard drive. But, with FDE, even in a situation when the hard drive is taken to another computer, the data becomes inaccessible. This is more applicable for laptops and notebooks, which are always at the risk of thefts. The earlier situation can always have a situation, when without the user password, the drive can be accessed but with FDE, this is not possible. This is the reason why FDE gets used in external hard disks, which are prone to theft.
FDE encrypts the data on the hard disk and an authentication key is required to decrypt the data and then read from the drive. Here all the data, along with the operating system is encrypted but this will slow down the access time. However, if one thinks from security angle, then this is the best form of data encryption form, available today.
Other than the limitation of the slowing down of the computer, due to encryption and decryption process, the full drive data recovery is a complicated process. The encrypted data drives are liable to data loss situations like any other hard drive, but the recovery option is difficult.
In such a scenario, there are few options left like when physical data recovery is required, then the Data Recovery engineers replace the worn out parts with parts of same model and make, from another drive or can also place the platters, which actually stores the data, in another working drive. This is all done in certified Clean Room environment, but the cost and time becomes vital factors.
Another level is also added when we use a full disk encryption like this because we need knowledge and technology for the decryption method. Not many such companies exist for recovery form the encrypted hard drive. But, we do have some companies providing such specialized services.
Bit locker feature disappears with the formatting of the hard disk, as it becomes a new drive. A format recovery is not possible for a drive, which is encrypted with Bit Locker. So, when we want to recover data from the formatted hard drive, in case the drive is formatted, the local data recovery company needs to be contacted for the services rendered by them.