This thread is locked. You can follow the question or vote as helpful, but you cannot reply to this thread. I have the same question Report abuse. Details required :. Cancel Submit. Marilyn O. Connect and share knowledge within a single location that is structured and easy to search.
I have just enabled bitlocker using a flash drive without TPM on windows 7 Ultimate 64 bit. Just to be prepared - is there any way I can recover data from an encrypted volume in Windows 7 ultimate.
Sign up to join this community. The best answers are voted up and rise to the top. Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams?
Learn more. Asked 11 years ago. Active 5 years, 6 months ago. Viewed 14k times. No special hardware, software, or user intervention needed.
Call it ignorance or lack of self education, but I never took the chance to educate myself on how easy this technology was to employ and benefit from. There are numerous reasons why using native Windows functionality is beneficial over third party solutions. Seagate FDE drives are beneficial in that they remove the layer of software that TrueCrypt requires, but their innate downside, and a rather hefty one, is that you have to purchase these special HDDs in order to benefit from the technology.
There are relatively few higher end business laptops which offer these out-of-the-box, and even then, the price point that these units come in at is usually higher than what could be achieved merely through a copy of Windows with BitLocker with the same benefits. Secondly, this technology is not offered on any SSD drive yet. For the above reasons, I think Windows BitLocker provides the highest level of file encryption security with the perfect balance of cost and convenience.
BitLocker provides full volume encryption on any volumes even Windows boot volumes by working in conjunction with encryption keys that are automatically generated during the BitLocker initiation process. Windows works in conjunction with the TPM chip to check on numerous boot variables of the host system to ensure that there are no signs of tampering. If the chip signals the all clear to Windows, a normal boot ensues straight into your OS of choice.
For systems that do not have TPM chips, like most desktops, the BitLocker boot process can be enabled via the use of a USB encryption key that is easily generated during the BitLocker initiation. If this USB key is inserted and present on your system, normal boot will be allowed and plays the same part as the TPM chip.
However, systems with TPS chips are the easiest way to enable and utilize BitLocker because a USB key is much easier to lose than a chip planted on a motherboard. The Surface RT tablet offers basic full disk encryption as long as the user signs into their device with a Microsoft account. When Microsoft releases its free Windows 8. This means any system running Windows 8.
The short answer is yes! If your copy of Windows see above supports native BitLocker functionality 7 and 8 only — no Vista, sorry then you also have the capability to use BitLocker to Go. This extension of BitLocker provides full disk encryption for any range of portable devices from USB thumb drives to external hard drives.
The nice part about BitLocker to Go is that you can get read-only access to the files on such devices on any edition of Windows since XP with a simple add-on utility from Microsoft called BitLocker to Go Reader. Microsoft has been including BitLocker support in every edition of Windows Server since the release. This is handy because you can now add an extra layer of security to the server closet with relative ease, using the same procedures that are outlined for protecting client OS systems like desktops and laptops.
BitLocker in general is a fairly low-impact feature that can function on nearly any system available today. There is something to be said for systems that have later generation Intel Core i5 and i7 processors, since TomsHardware has reported that Intel has caked new AES extensions into newer processors which reduces some of the necessary computing overhead.
This is only a nicety, and not a requirement, by any means. Personally, I would much rather have a desktop or laptop with a TPM chip on the motherboard to take advantage of native transparent BitLocker operation without the need for a USB key.
While there is no short list of systems that generally offer TPM chips, most business oriented computers tend to have them as standard fare. So I decided to test and see what happened. Playing a hypothetical hacker thief, I took my drive out and connected it to a vanilla Windows 7 bench system we have at our company office.
This was to simulate what a low-level criminal would likely do to try and see what data I had on my drive. The below image shows that my BitLocker protected drive, in this case Drive G, was fully inaccessible to a mere drive-by data theft attempt:.
Upon attempting to access my disk through the command prompt in Mini Windows XP, this is the error I got:. And trying to browse into the drive through the Mini Windows XP explorer got me no further than this:. Am I a full blown computer security expert? Not by any means. As long as humans are involved, it is said, no technology is ever foolproof. BitLocker is no exception. While the TPM method provides security that is quite impenetrable, if someone trying to access your data gets your Windows or Microsoft Account, in the case of Windows 8 password, your security detail goes out the door.
If your password is simple, you may opt to turn on additional PIN security for BitLocker to avoid this pitfall. You can see a video of the process online as well. The workaround involves a theoretical attacker either booting a system into a special program to extract the still present keys from DRAM, or simply moving the DRAM chips to another machine for analysis and extraction.
First off, most laptop thieves are criminals of chance — taking systems during instances of opportunity like laptops left at coffee shops and library tables.
These average Joe criminals are likely not equipped with the tools and knowhow to get such an attack accomplished in the small amount of time a few minutes or less needed to be successful. And secondly, this type of attack presumes the laptop and disk drive are still together and operational in the small window afforded for this crack to work. In practical terms, I highly doubt the effectiveness of a cold boot attack by anyone but the most seasoned hacker. Even then the process is a crap shoot that plays on chance and luck.
There are no recorded instances I could find online proving that cold boot attacks were prevalent in the face of BitLocker protection. The process is quite simple, and only entails a few clicks to get up and running.
The step by step tutorial provided below simulates the procedure on a stock Windows 8 Pro machine, assuming the end user wants to encrypt their boot C drive with BitLocker. The steps are similar, but could vary a tad, for other flavors of Windows.
0コメント