As repair-bde failed to recover the overwritten partition when not stripped at the beginning, I did this
1. Accessed the partition using BitLocker's Password from the new installation of Windows
2. Checked how much data were written from the new installation of Windows (including it).
67'525'283'840 Bytes
3. Erased the first 67'525'283'840 bytes of the partition, using 4K blocks
dd if=/dev/zero of=/dev/sdb1 bs=4096 count=164856654. Have runrepair-bde tool again, using the old BitLocker Password
(The total partition size is ~128 GB, the first 68 GB being blank.) repair-bde F D -rp xxxxxx-xxxxxx-...-xxxxxx -f -lf C\logFile.txt
But it fails.ERROR The input volume has suffered damages to critical information related to the decryption key.
Please try the -KeyPackage option to specify a key package. The volume may not be recoverable.
So, I assume that I should now ask the customer if he saved the important informations of the KeyPackage on some external drive …
Well 67 Gb is not "an installation of windows".
A typical install size of XP is less than 2 Gb.
A typical install of Vista/7/8/8.1 is usually between 16 and 20 Gb or maybe 22 including updates.
If 67 Gb were rewritten it was more like a deployed image or the restore of a full backup of an existing windows install (including all programs and also data).
My guess is that it "simply too much" has been overwritten to be able - even if you somehow manage to decrypt it to recover anything meaningful (you would need to be sure that the data you are looking for was actually beyond those 67 Gb).
What you could try ? could be to create a new image, same exact length in bytes as the original disk, partition/format it, etc. then bitlocker protect it and set it to have the same "old" password as the original
http//
then dd to it the last part (beyound the 67 Gb mark) of the original and see if the BDE repair tool can manage it.
jaclaz
jaclaz,
As far as I know, BitLocker full disk encryption does not use passwords (and does not ask for a password) if it's encrypting the system volume, the computer is equipped with a TPM module, and the administrative user is logged in with a Microsoft Account (as opposed to using a local Windows account). BitLocker To Go, on the other hand, does use a password.
jaclaz,
As far as I know, BitLocker full disk encryption does not use passwords (and does not ask for a password) if it's encrypting the system volume, the computer is equipped with a TPM module, and the administrative user is logged in with a Microsoft Account (as opposed to using a local Windows account). BitLocker To Go, on the other hand, does use a password.
I meant "recovery key", as in the given link
http//
where key and password (like BTW in MS original documentation) are often exchanged but meaning the same thing, the sequence of "8 blocks of numbers, 6-digit each, which are separated by hyphens".
There is AFAIK no such thing as "full disk" encryption with bitlocker, the encryption is always applied to the volume(s) or to the drive (if you prefer to the *whatever that gets a drive letter*), for once the MS official documentation call it properly "drive encryption"
https://
https://
While as said "recovery password" and "recovery key" are often "mixed up"
https://
https://
jaclaz
It is only a volume encryption. It does not even encrypt any volume slack.
It is only a volume encryption. It does not even encrypt any volume slack.
Yep ) , but (for the record) there are sources that (wrongly) call Bitlocker a "full disk encryption"
https://
BitLocker (formerly BitLocker Drive Encryption) is a full disk encryption feature included with the Ultimate and Enterprise editions of Windows Vista and Windows 7, the Pro and Enterprise editions of Windows 8 and Windows 8.1,[1] and Windows Server 2008 and later. It is designed to protect data by providing encryption for entire volumes.
And. later on that page
https://
BitLocker is a logical volume encryption system. A volume may or may not be an entire hard disk drive, or it can span one or more physical drives.
Its the usual misunderstanding between disk (let alone a full disk) and drive (or volume or partition), with the nice twist of the volume that can be an "entire hard disk drive" …
jaclaz