Recover Lost Data from a BitLocker-Encrypted Volume
Microsoft Windows' BitLocker encryption technology is well known to offer strong defense against theft or unwanted access to private data. Still, even for authorized users, this feature may provide challenges despite its dependability and convenience. Only when certain requirements are satisfied that enable decrypting the storage can data be recovered from a BitLocker partition when it vanishes from it because of any unanticipated problem or careless operations. Fortunately, with the right programme, BitLocker data recovery is usually feasible.
The steps below will guide you through the safe recovery of the missing files with various BLR Tools versions. It should be mentioned, nevertheless, that BitLocker uses strong encryption standards and lacks any known security flaws. BLR Tools can therefore only decrypt for authorised users with the right password or BitLocker recovery key.
BitLocker general aspects
Microsoft Windows has a native full-disk encryption system called BitLocker. BitLocker has been a part of every Windows version since its introduction in Vista (though only in specific editions). It encrypts every bit of data on a particular partition or the entire drive using the Advanced Encryption Standard (AES) algorithm. BitLocker To Go is available for removable digital media such as USB sticks, memory cards, and external hard drives, or standard BitLocker for protecting the computer's internal hard drive.
Software-managed and hardware-assisted BitLocker encryption can be roughly separated into two categories.
The first kind is applied with reference to:
A password
Recovery key for BitLocker;
A startup key kept on a separate USB stick.
The drive can be automatically unlocked at startup using TPM alone or in conjunction with other security measures like a PIN or Startup key.
It should be mentioned, nevertheless, that TPM is a key carrier with several physical security measures. Thus, BitLocker Data Recovery does not support hardware-assisted encryption and it cannot be deciphered pro grammatically.
Enabled BitLocker renders the data on the encrypted volume unreadable. The user has to verify themselves by entering the right password, BitLocker recovery key, or Startup key that opens the storage in order to make it readable again.
A password is a string of characters entered when the operating system starts up or when accessing the BitLocker protected external device. The user assigns it only once when BitLocker is first set up.
An individual 48-digit BitLocker recovery key, also known as a Microsoft or Windows recovery key, is produced by the system automatically when BitLocker is first enabled for the specified storage. It can be used to decipher the data without the password in case it is lost or in the absence of a password at all, as on more recent computers where encryption is enabled by default. Format of the key itself is 458496-748026-55221-116398-289491-332432-267599-589681.
An analogue of the BitLocker recovery key, a startup key is a hidden *.bek file on a USB device. It makes the boot partition automatically decrypted without requiring a password from the user.
Within the BitLocker metadata on the protected volume are both the password and the 48-digit key. Processed input credentials are verified for agreement with the relevant metadata entries. Should a match arise, the storage can be opened. Even with the right password and key, it becomes impossible to decrypt this metadata if it is severely damaged to a storage device. Its content will be encoded and so totally useless.
Thus, in contrast to typical data extraction, the BitLocker process needs the BitLocker metadata blocks to be intact as well as the right password or BitLocker recovery key to decrypt.
Entering the BitLocker password into BLR Tools when prompted is the easiest approach to decrypt the storage.
To get the Windows recovery key, though, is still another way to open the encrypted drive if you've misplaced or forgotten the password.
You can look for this 48-digit key in the following places depending on how you saved it:
Microsoft account
If your Windows recovery key is kept online in your Microsoft account, go to the BitLocker Recovery Keys area and check if your key is there next to the relevant Device Name.
Computer file
One can save the 48-digit key as a *.txt file on a network location or on another disc. "BitLocker Recovery key" comes after an undefined string of letters and numbers. Just type "BitLocker Recovery Key" into the search box and see what comes up.
An USB flash drive
Locate the thumb drive on which the *.bek file was saved and plugged into the system. Not immediately will the Startup key be visible. Hit the View tab in Windows Explorer to view it. Subsequently, turn on "Show hidden files, folders and drives" under "Hidden files and folders". The file name will resemble a random string of letters and numbers.
Print version
If you printed off your Microsoft recovery key, look in the location where you typically store computer-related paperwork.
User in Azure Active Directory
If you used an Active Directory account, select the Azure Active Directory blade after logging into the Microsoft Azure website. Put the name or serial number of your device into the search box to find it. To obtain the recovery key, select the device to view its record and then select the "Show Recovery Key" option.
Every encrypted storage has its own BitLocker recovery key. Compare the BitLocker recovery key identifier's beginning with the "Key ID" value shown for the drive to be sure the specific BitLocker recovery key is correct.
Recovery of BitLocker with the Standard, RAID, or Network RAID editions of BLR Tools
Only currently present BitLocker volumes can be decrypted with these software versions. One can use BLR BitLocker Data Recovery Software to search for such a volume if it has been formatted or lost.
Please follow these instructions if using BLR Tools's Standard, RAID, or Network RAID edition to recover data from your BitLocker volume:
1. Connect the BitLocker encrypted storage device to the PC.
Snap your encrypted external device into the USB port. Just ignore this stage if you are working with an encrypted internal drive partition.
2. Launch BLR BitLocker Recovery Software after installing the RAID, Network RAID, or Standard edition.
All of the connected drives will be automatically identified by the software. Their presentation will be in the left pane's tree of linked storages. There will be a list of the logical volumes accessible on each device beneath it.
3. Locate in the list the required BitLocker volume.
The necessary encrypted volume can be found by scrolling down the list of storage; it is indicated by a yellow padlock icon.
4. Decrypt the storage by means of the tools included into the application.
To perform further operations, the volume must be interpreted even though its file system may be recognised as accessible. Open its context menu and select "Decrypt BitLocker volume" for this. Enter the proper password in the popped-up window or paste a 48-digit BitLocker recovery key, including all the dashes.
5. To recover the lost data, scan the decrypted disc.
It will be possible to access the content of the unlocked volume. You must start a storage scan, though, if you want to recover the deleted files and folders. To do this, click "Start scan" after finding the "Scan this storage" tool in the toolbar and either leaving the default scan parameters or keypunching all the irrelevant file systems.
6. Select the important recovered elements and duplicate them.
Following the scanning process, you can quickly browse the rebuilt file system to locate the necessary files and folders. Click "Define selection" after that, select the ones you want to save, and put check marks exactly next to them. Hit "Save selection" after then and give the restored items a secure place to be stored.
Data recovery with BLR Tools for BitLocker
If using the Professional version of BLR Tools is how you would like to complete the process, kindly follow these instructions:
1. Link your BitLocker-encrypted device to the PC.
If working with an encrypted partition of an internal drive, skip this step and plug the encrypted removable media into the USB port.
2. First install and launch BLR BitLocker Data Recovery Tool.
Every attached drive will be automatically identified by the BitLocker recovery software and shown in the left pane's tree of connected storage's. The logical volumes of every gadget will be listed below.
3. Among the connected storage, choose the encrypted volume you require.
Search the list for the required encrypted volume; it will be indicated by a yellow padlock icon.
4. Use the decryption utility included in the software to decipher the storage.
Decryption the volume is necessary for further operations even if its file system is identified as accessible. Launch its context menu, select "Decrypt encrypted storage" and then "BitLocker metadata" as the decryption method. Just enter the correct password or supply a 48-digit BitLocker recovery key, including all dashes.
5. Find the lost data by scanning the storage.
The whole content of the disc becomes accessible after it has been decrypted. The storage scan must be run in order to locate the lost or deleted files. Click "Start scan" after selecting the appropriate tool from the toolbar and either leaving the scan parameters as they are or deselecting all additional file systems.
6. Select and save any necessary restored files or folders.
You can search the rebuilt file system for the required items after the procedure is finished. Click "Define selection," check the ones you want copied, and then click "Save selection." In the pop-up window that appears, next specify a safe destination folder for the recovered data.
