1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Bitlocker encryption key

Discussion in 'Software' started by shadowwebs, Jun 3, 2013.

  1. shadowwebs

    shadowwebs Megabyte Poster Forum Leader

    841
    10
    76
    Quite a dilemma here, a user has brought in a laptop which is encrypted with bitlocker, the recovery key was stored to the usb drive, however the usb drive is now corrupt... AD in this case does not have the file to perform a recovery either.

    another Unfortunately is that the laptop belongs to one of the senior managers, and has all her university work stored locally, and not backed up on to a network drive or usb media anywhere...

    Any ideas on other means of recovery? As I am thinking there are none and fear the prospect of having to tell her that it's got to be wiped & a new build put on
     
    Certifications: compTIA A+, Apple Certified Technical Coordinator 10.10 (OS X Yosemite, Server and Support)
  2. Josiahb

    Josiahb Gigabyte Poster

    1,336
    40
    97
    I'm assuming you also don't have the bitlocker encryption password anywhere either?
     
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10
  3. shadowwebs

    shadowwebs Megabyte Poster Forum Leader

    841
    10
    76
    that is correct, unfortunately we do not.
     
    Certifications: compTIA A+, Apple Certified Technical Coordinator 10.10 (OS X Yosemite, Server and Support)
  4. Rob1234

    Rob1234 Megabyte Poster

    784
    24
    69
    Best thing to do is check your companies policies and procedures and find the section about not storing data on the C drive and how it will not be backed up show them that just before you tell them there data is lost.

    You could look for companies that specialise in cracking encryption will cost a lot of money take a lot of time and they will not guarantee they can do it they probably will not be able to do it but will still charge you a lot for trying.

    Also look in to who decided the best way to store the encryption key was on a USB stick and not via the best practise methods.
     
    Certifications: A few.
  5. jvanassen

    jvanassen Kilobyte Poster

    322
    2
    47
    Ouch...We have a bunch of PC's here which are bitlocked with a usb key holding the key at startup however we hold a copy of the recovery key on backup. Would be interested to hear off you the final result of this but i cant imagine theres any way round it.
     
    Certifications: CompTIA A+, Network+, CCENT
    WIP: ICND2 200-101
  6. ade1982

    ade1982 Megabyte Poster Forum Leader

    566
    12
    52
    I am also inclined to say you are SOoL
     
  7. shadowwebs

    shadowwebs Megabyte Poster Forum Leader

    841
    10
    76
    Is there any command prompt that can be entered to view a recovery key on a locked device, I know the answer is most likely "no", but I am trying to save my own bacon as best as possible at the moment... as on looking through the records, the laptop was brought in to the office in february as windows was showing as not being genuine, so we hooked it up to the network and I saw that it had dropped off the domain, I tried to add it back on to the domain but would not allow... so I deleted the object and added the object back on. This is all worked fine, however I didn't duplicate the startup key, and now the startup usb key is corrupt on top of all this.

    - - - Updated - - -

    in my defence, I had only started in January and in this job is the first time I have had to deal with BitLocker so I hadn't realised removed the object would clear the encryption recovery key from AD.
     
    Certifications: compTIA A+, Apple Certified Technical Coordinator 10.10 (OS X Yosemite, Server and Support)
  8. jamin100

    jamin100 Byte Poster

    154
    1
    22
    Nope, without the recovery key or associated key in AD it's unrecoverable
     
    WIP: 70-680
  9. BigG

    BigG Nibble Poster

    86
    3
    31
    Have you run a scan disk / check disk on the USB? or maybe clone it? It may just work.
    Or can you you retrieve the old AD computer object from AD tombstone / recycle bin. Tombstone time is a couple of months by default iirc and you may be able to get it back with the recovery info if you are lucky (or possibly an offline backup of AD?)

    I'll have a look through some notes at work for Bitlocker issues, but we use AD integrated so may be no use to you.

    G

    G
     
    Certifications: BSc, Prince2 Practitioner, MCSA Win7, MCSA 2008
    WIP: Vmware, ITILv3 on the back burner
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Bit extreme but a system state restore of the DC might help you out.

    Possible to restore the DC to a test environment?
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  11. shadowwebs

    shadowwebs Megabyte Poster Forum Leader

    841
    10
    76
    I will have a word with networks and see what they want to do with this one as they have taken the laptop over to their office yesterday afternoon to have a dig around...
     
    Certifications: compTIA A+, Apple Certified Technical Coordinator 10.10 (OS X Yosemite, Server and Support)
  12. Grim-83

    Grim-83 Nibble Poster

    78
    1
    36
    There is no way around it unless you have a class A hacker working for you. This is why when using BitLocker you should make two copies of the USB keeping one in the company's vault or locked unit with a printout of the recovery key.

    That why with the Microsoft 70-680 exam they suggest keeping everything backed up from certificates to recovery keys.
     
    Certifications: CompTIA A+, CompTIA Network+, MCP 70-270, 70-290, MCTS 70-680, MTA 98-365, 98-366, 98-367
    WIP: CCENT / CCNA
  13. shadowwebs

    shadowwebs Megabyte Poster Forum Leader

    841
    10
    76
    well the good news is that the manager has agreed we cannot get the laptop back and will need to be wiped to rebuild and then re-encrypt... and on the other side of good news, they have agreed that it was due to a temp from before my time not encrypting the laptop correctly in the first place that has now led to this and not myself... woop woop :)
     
    Certifications: compTIA A+, Apple Certified Technical Coordinator 10.10 (OS X Yosemite, Server and Support)
  14. ade1982

    ade1982 Megabyte Poster Forum Leader

    566
    12
    52
    Dodged a bullet then!
     

Share This Page

Loading...