RECOMMENDED: Click here to fix Windows errors and optimize system performance
BitLocker Drive Encryption is full disk encryption included in Microsoft Windows 10, Windows 8, Windows 7, Windows Vista and Windows Server 2008 operating systems to protect data by encrypting entire volumes. By default, the AES encryption algorithm is used in CBC mode with a 128-bit key, combined with the Elephant broadcaster for additional hard disk encryption that is not offered by AES.
BitLocker prevents a thief who starts another operating system or runs a software hacker tool from interrupting the protection of Windows files and systems or viewing files stored on the protected disk offline. The function ideally uses one Trusted Platform Module (TPM 1.2) to protect user data and ensure that a Windows PC has not been corrupted while the system was offline.
BitLocker offers mobile and office information workers better data protection in the event of loss or theft of their systems and secure data deletion when it comes to disabling these systems.
Unlike Encrypting File System (EFS), which allows you to encrypt individual files, BitLocker encrypts the entire system drive, including the Windows system files needed to boot and connect. You can connect and work with your files normally, but BitLocker can help prevent hackers from accessing the system files they need to find your password or access your hard drive by removing it from your computer and installing it on another computer.
BitLocker can only protect files stored on the disk where Windows is installed.
To access Bitlocker, open Control Panel > Security > BitLocker Drive Encryption.
Before you can enable BitLocker drive encryption, make sure your computer’s hard disk has the following properties :
At least two volumes. If you create a new volume after you have already installed Windows, you must reinstall Windows before enabling BitLocker. One volume is for the operating system disk (typically drive C) that encrypts BitLocker, and one for the active volume that must remain unencrypted to boot the computer. The active volume size must be at least 1.5 gigabytes (GB). Both partitions must be formatted with the NTFS file system.
A TPM configuration available in some hardware configurations is a must. If your configuration does not allow this function, you will see a display as such:
Prepare your computer for BitLocker drive encryption
To encrypt drives and verify boot integrity, BitLocker requires at least two partitions. These two partitions form a shared load configuration. A split-load configuration separates the main partition of the operating system from the active system partition from which the computer is booted.
The BitLocker drive preparation tool automates processes to make your computer BitLocker compatible. Create the second volume that BitLocker needs:
- Migrate boot files to new volume
- Make volume an active volume
When the tool is finished, you must reboot the computer to change the system volume to the newly created volume. After restarting the computer, the drive is correctly configured for BitLocker. You may also need to initialize the Trusted Platform Module (TPM) before enabling BitLocker.
Recover BitLocker encrypted data from a damaged disk volume
The BitLocker repair tool can help administrators recover data. from a damaged or damaged disk volume encrypted with BitLocker.
This tool allows access to data encrypted with BitLocker if the hard disk is physically damaged. This tool attempts to recover critical data from the hard disk and recover all recoverable data.
A password or recovery key is required to decrypt the data. In some cases, a backup of the key kit is also required.
Use this command line tool if the following conditions are met :
- A volume has been encrypted using BitLocker Drive Encryption.
- Windows does not start or you cannot start the BitLocker recovery console.
- You do not have a copy of the data contained on the encrypted medium.
- BitLocker portable on Windows 10/8/7
- Microsoft BitLocker Management and Monitoring on Windows 10/8/7
- Recover files and data from inaccessible BitLocker encrypted disk
- USB Encrypt Sticks with BitLocker To Go
- Use the BitLocker drive preparation tool from the Windows 10/8/7 command prompt
- Your recovery key could not be saved for BitLocker.