Hello, friends! In this article, we will continue to explore the systems built into Windows designed to improve the security of our data. Today it Bitlocker disk encryption system... Data encryption is necessary so that strangers do not use your information. How she gets to them is another question.
Encryption is the process of transforming data so that only the right people can access it. Keys or passwords are usually used to gain access.
Encrypting the entire drive prevents access to data when you connect your hard drive to another computer. A different operating system might be installed on the attacker's system to bypass protection, but this will not help if you are using BitLocker.
BitLocker was introduced with the Windows Vista operating system and was enhanced in Windows 7. Bitlocker is available in Windows 7 Ultimate and Enterprise as well as Windows 8 Pro. Owners of other versions will have to look for an alternative.
Without going into details, it looks like this. The system encrypts the entire drive and gives you the keys to it. If you encrypt the system drive, the computer will not boot without your key. The same as the keys to the apartment. You have them, you will fall into it. Lost, you need to use spare (recovery code (issued during encryption)) and change the lock (re-encrypt with different keys)
For reliable protection, it is desirable to have a Trusted Platform Module (TPM) in the computer. If it is there and its version is 1.2 or higher, then it will control the process and you will have stronger protection methods. If it is not there, then it will be possible to use only the key on the USB-drive.
BitLocker works as follows. Each disk sector is encrypted separately using a full-volume encryption key (FVEK). AES algorithm with 128 bit key and diffuser is used. The key can be changed to 256 bit in group security policies.
When the encryption is complete, you will see the following picture
Close the window and check if the startup key and recovery key are in safe places.
Flash Drive Encryption - BitLocker To Go
Why pause encryption? So that BitLocker does not lock your drive and does not resort to the recovery procedure. System parameters (BIOS and the contents of the boot partition) are locked during encryption for additional protection. If you change them, the computer may lock up.
If you select Manage BitLocker, you can Save or print the recovery key and Duplicate the startup key
If one of the keys (startup key or recovery key) is lost, you can restore them here.
External storage encryption management
The following functions are available to manage the encryption parameters of a flash drive
You can change the password to unlock. The password can be deleted only if a smart card is used to unlock. You can also save or print the recovery key and enable unlock disk for this computer automatically.
Restoring disk access
Restoring access to the system disk
If the flash drive with the key is out of the access zone, then the recovery key comes into play. When you boot your computer, you will see something like the following.
To restore access and boot Windows, press Enter
We will see a screen asking you to enter the recovery key
Entering the last digit, provided the correct recovery key is used, will automatically boot the operating system.
Restoring access to removable drives
To restore access to information on a USB flash drive or external HDD, press Forgot your password?
Select Enter recovery key
and enter this terrible 48-digit code. Click Next
If the recovery key is suitable, then the disk will be unlocked
A link appears to Manage BitLocker, where you can change the password to unlock the drive.
Conclusion
In this article, we learned how we can protect our information by encrypting it using built-in BitLocker. It is disappointing that this technology is only available in older or advanced versions of Windows. It also became clear why this hidden and bootable 100 MB partition was created when setting up a disk using Windows.
Perhaps I will use encryption of flash drives or external hard drives. But, this is unlikely, since there are good substitutes in the form of cloud storage services such as DropBox, Google Drive, Yandex Drive and the like.