Bitlocker encryption key

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Quite a dilemma here, a user has brought in a laptop which is encrypted with bitlocker, the recovery key was stored to the usb drive, however the usb drive is now corrupt... AD in this case does not have the file to perform a recovery either.

another Unfortunately is that the laptop belongs to one of the senior managers, and has all her university work stored locally, and not backed up on to a network drive or usb media anywhere...

Any ideas on other means of recovery? As I am thinking there are none and fear the prospect of having to tell her that it's got to be wiped & a new build put on

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I'm assuming you also don't have the bitlocker encryption password anywhere either?

 

that is correct, unfortunately we do not.

 

Best thing to do is check your companies policies and procedures and find the section about not storing data on the C drive and how it will not be backed up show them that just before you tell them there data is lost.

You could look for companies that specialise in cracking encryption will cost a lot of money take a lot of time and they will not guarantee they can do it they probably will not be able to do it but will still charge you a lot for trying.

Also look in to who decided the best way to store the encryption key was on a USB stick and not via the best practise methods.

 

Ouch...We have a bunch of PC's here which are bitlocked with a usb key holding the key at startup however we hold a copy of the recovery key on backup. Would be interested to hear off you the final result of this but i cant imagine theres any way round it.

 

I am also inclined to say you are SOoL

 

Is there any command prompt that can be entered to view a recovery key on a locked device, I know the answer is most likely "no", but I am trying to save my own bacon as best as possible at the moment... as on looking through the records, the laptop was brought in to the office in february as windows was showing as not being genuine, so we hooked it up to the network and I saw that it had dropped off the domain, I tried to add it back on to the domain but would not allow... so I deleted the object and added the object back on. This is all worked fine, however I didn't duplicate the startup key, and now the startup usb key is corrupt on top of all this.

- - - Updated - - -

in my defence, I had only started in January and in this job is the first time I have had to deal with BitLocker so I hadn't realised removed the object would clear the encryption recovery key from AD.

 

Nope, without the recovery key or associated key in AD it's unrecoverable

 

Have you run a scan disk / check disk on the USB? or maybe clone it? It may just work.
Or can you you retrieve the old AD computer object from AD tombstone / recycle bin. Tombstone time is a couple of months by default iirc and you may be able to get it back with the recovery info if you are lucky (or possibly an offline backup of AD?)

I'll have a look through some notes at work for Bitlocker issues, but we use AD integrated so may be no use to you.

G

G

 

I will have a word with networks and see what they want to do with this one as they have taken the laptop over to their office yesterday afternoon to have a dig around...

 

There is no way around it unless you have a class A hacker working for you. This is why when using BitLocker you should make two copies of the USB keeping one in the company's vault or locked unit with a printout of the recovery key.

That why with the Microsoft 70-680 exam they suggest keeping everything backed up from certificates to recovery keys.

 

well the good news is that the manager has agreed we cannot get the laptop back and will need to be wiped to rebuild and then re-encrypt... and on the other side of good news, they have agreed that it was due to a temp from before my time not encrypting the laptop correctly in the first place that has now led to this and not myself... woop woop

 

Dodged a bullet then!