ByPassing BitLocker...
 
Notifications
Clear all

ByPassing BitLocker in Windows7  

  RSS
shailendrasadh
(@shailendrasadh)
New Member

Hi,

If a disk is encrypted using BitLocker in win7 and we don't have the password or the keys, is it possible to decrypt that disk?! roll

Quote
Posted : 10/09/2013 6:55 pm
Xennith
(@xennith)
Active Member

FDE or just a partition?

Its possible to recover the encryption key from a hiberfil, but beyond that you're pretty much limited to brute forcing it. Start off by using volatility to examine the hiberfil if present to see if the encrypted partition is mounted, if it is you can attempt to recover the key. I'm not aware of any software that will do a brute force attack, but it should be possible to write something.

If its FDE you need to go straight to the brute force, unless of course you get lucky and find a recovery disk or passphrase on a post it.

ReplyQuote
Posted : 10/09/2013 8:21 pm
austininvestigator
(@austininvestigator)
New Member

I think you'll find that Passware Forensic will instantly decrypt BitLocker in Win7 if the password is resident in a memory capture and that it can brute-force it otherwise. Be aware that BL is a generally accepted as being sound cryptographically and will likely take eons to brute-force, even with a huge cluster of dedicated hardware.

ReplyQuote
Posted : 10/09/2013 8:27 pm
Share: