SAM and SYSKEY on Vista

[pcllwftdtm]

I would hope that the bios does not do the decrypting. (for security purposes). I would hope that the whole encryption/decryption proccess requires a running vista OS. So maybe you'd boot off of the Vista disk, and use their repair tool, and in there you could onlock the disk.

In any case, all of this could just be solved by me getting the silly beta and spending a weekend playing around.

[nihil]

It seems to be quite comprehensive, allowing for deployment in different scenarios.

This is the technical overview (sorry it is rather long) Section 5 deals with recovery procedures.

http://www.microsoft.com/technet/win...ech.mspx#ERMAE

I am not sure how different data recovery would be from a dodgy drive?

[Irongeek]

My understanding is it has three modes. From:
http://www.microsoft.com/technet/win...4d762cf31.mspx

TPM-only. This is transparent to the user, and the user logon experience is unchanged. However, if the TPM is missing or changed, BitLocker will enter recovery mode, and you will need a recovery key or password to regain access to the data.
•

Startup key. The user will need a startup key to log on to the computer. A startup key can either be physical (USB flash drive with a machine-readable key written to it) or personal (a PIN set by the user).

BitLocker also has a mode for non-TPM systems:
•

USB Flash Drive key. The user inserts a USB flash drive in the computer before turning it on. The key stored on the flash drive unlocks the computer.

I've only tested the USB key version. If you have your USB key still ( or know the very long pass code you can set up when BitLocker is put on a drive) you should be able to read it in another location.

My unserstanding it that if you have the code, you can get into it on any other system so print out the a paper copy of the recovery key.

[pcllwftdtm]

You guys are most excellent, thanks for the info!

[tin.roof.rabbit]

1. Abstract

This paper provides a brief technical overview of BitLocker™ Drive Encryption, an exciting new data protection feature in Microsoft Windows Vista™. Its primary aim is to offer insight into the feature’s lifecycle for advanced users and IT administrators who want to learn what BitLocker Drive Encryption is and how it addresses a growing data protection issue: the unwanted disclosure of confidential information -- through, for example, physical loss or theft of the computer.

This paper assumes that readers understand Trusted Platform Model (TPM) technology. For background information on TPM technology, refer to the specifications and materials maintained on the Web at http://www.trustedcomputinggroup.org/.
Top of pageTop of page
2. Overview

BitLocker™ Drive Encryption is a data protection feature available in Windows Vista Enterprise and Ultimate for client computers and in Windows Server "Longhorn". BitLocker is Microsoft’s response to one of our top customer requests: address the very real threats of data theft or exposure from lost, stolen or inappropriately decommissioned PC hardware with a tightly integrated solution in the Windows Operating System.

Bitlocker is a only available in versions of Vista that are targeted to those who are either being administered or have an administrative skill set (enterprise and ultimate). Hopefully in both cases the keys are backed up. Ideally since both products are intended to be used with AD the administrators have the Group Policy set so that if BitLocker is enabled all passwords and keys are being stored in AD.

You should be able to use the devices password to mount the dodgy drive to another machine and pull data off. Since Bitlocker is only encrypting the file structure you shouldn't have to do any extra steps like naming the machine you are attempting to recover from the same as the name as the machine you are recovering (like we currently have to do with Compusec).