Hello,
I have received a Dell Inspiron 15 Laptop of a suspect in Shut Down State. After creating E01 Image of the Drive it was found that the drives are encrypted with the Bitlocker Encryption. When mounting the image in FTK Imager and FTK 7.1, it asks for the bitlocker password. I need to examine the data present in the drive to provide evidence to the local LE. (The suspect is deceased)
Is there any possible way to decrypt and access the drive??? If any, Please help to find a way to access the image and extract data using any tools possible. Thankyou.
Is there any possible way to decrypt and access the drive??? If any, Please help to find a way to access the image and extract data using any tools possible. Thankyou.
You're going to need the key. Since the suspect is dead then I'm afraid you're out of luck unless they wrote it down.
You can try success with the free tool BitCracker (try crack password with GPU) https://
P.S FTK PRTK also can try recover Bitlocker key, but only on CPU.
From your workflow it seems that you didn't check whether there is a TPM-only protector on the drive. It simply might boot the OS, if you put the drive back into the laptop.