Hi,
So i recently received a case that had multiple usb thumb drives and one of them was encrypted with bit-locker.
Is there any way we can break the encryption?
thanks
Is there any way we can break the encryption?
Yes/no.
http//
If you have the machine on, you can, if it's off, it's brute-force, which may mean, *any* among
- yes
- no
- in a timely fashion
- in several days, weeks, years
- never (in the sense of not in a "Practical" amount of time)
may apply 😯 .
jaclaz
Hi,
So i recently received a case that had multiple usb thumb drives and one of them was encrypted with bit-locker.
Is there any way we can break the encryption?
thanks
try to find as many computer as you can, hope the user has enabled the auto-unlock for the drive.
do raw search on all drive you have, search for "bitlocker", you may find a deleted bitlocker recovery key or password file.
in both cases, all you need is luck
Check the printer spool files, a surprising amount of people print their recovery keys and you might be able to find the recovery key there.
Lol nice one Jaclaz, thanks everyone .. i thought so .. without the machine it would be a yes/no anaswer .. errrr =P
Check the printer spool files, a surprising amount of people print their recovery keys and you might be able to find the recovery key there.
Hmmm. ?
http//www.forensicfocus.com/Forums/viewtopic/t=5565/
jaclaz
Have you tried this?
C\Windows\system32>manage-bde -cn “device name”-protectors -get C
I have had to use this to get the key, there is another string that forces it into AD but I assume you cant do that.
Have you tried this?
C\Windows\system32>manage-bde -cn “device name”-protectors -get C
I have had to use this to get the key, there is another string that forces it into AD but I assume you cant do that.
You mean that you received a bitlocker encrypted USB flash stick and you retrieved it's key (password or recovery password) running that command ? 😯
jaclaz
Have you tried this?
C\Windows\system32>manage-bde -cn “device name”-protectors -get C
I have had to use this to get the key, there is another string that forces it into AD but I assume you cant do that.
You mean that you received a bitlocker encrypted USB flash stick and you retrieved it's key (password or recovery password) running that command ? 😯
jaclaz
I think he is talking about querying the domain controller (which may have stored the bitlocker recovery password of every devices in the network) for the recovery key
I think he is talking about querying the domain controller (which may have stored the bitlocker recovery password of every devices in the network) for the recovery key
Maybe he is ) , but the OP was talking of a USB stick, "received" as a case.
I doubt that OP also "received" an access to the network and domain. roll
jaclaz