EzDevInfo.com

Migrating Windows 7 to a new drive, cloning the encrypted HDD to SSD

I have laptop with Windows 7. The whole drive is encrypted with Bitlocker. I want to switch magnetic hard drive to SSD. How can I mirror the entire system onto the SSD with the LEAST amount of user attention? Ideally, I'd like to be able to just pop the SSD into the laptop and get on with the life

How to access a BitLocker-encrypted drive in Linux?

I have a laptop running Windows 7 Ultimate. I have encrypted my drives using BitLocker. Now I have also installed Lubuntu along with Windows. But my encrypted drives are not visible in Linux. How can I fix this?

Bitlocker Performance Impact on SSD

I've put a brand new SSD into my work computer and my IT department wants me to use BitLocker. I read one of the other threads on BitLocker performance on standard harddrives, but I was wondering - what's the performance impact of BitLocker like on a Solid State Drive?

Will it noticeably impact the speed with which I open my archive files in Outlook or open projects in Visual Studio?

Is it possible to access BitLocker protected drives on other platforms?

Is it possible to access BitLocker encrypted external hard drives from other platforms, like Windows Mobile, Android, Surface, Linux, Mac OS X?

What would happen if my computer shuts down while BitLocker is encrypting my OS partition?

The title is the question.
I am now enctypting a 107 GB partition and it takes ages. I am dying to know what would happen if the encryption was stopped by, let's say, a thermal shutdown or if the power went off?
I'd rather not try it myself, so I am asking you. (I hope it did not happen to you!)

And, if this happens, how can I get it fixed?

Bitlocker won't initialize on a 4TB drive with 4K sectors

I'm trying to enable BitLocker on a 4TB drive with 4K physical sectors (Advanced Format) on a 64-bit Windows 7 box with SP1.

The drive is partitioned GPT (1 partition using all of the available space) and formatted with NTFS.

When I right click on the drive and select 'Turn on BitLocker...', a dialog appears that says 'Staring BitLocker' and 'Please wait while BitLocker initializes the drive'. There is also a warning (same dialog) that says 'A device attached to the system is not functioning.' The progress bar never moves and there is no disk or CPU activity. I'm not seeing anything in the event viewer, either.

How do I get BitLocker turned on for this drive?

The drive is is a 4TB Hitachi DeskStar 7K4000 in an internal bay connected via SATA-II (host has no SATA-III ports). It's not a boot drive. I'm creating a single GPT partition (using the whole drive). The motherboard has an Intel P55 chipset with no TPM. No yellow exclamation marks in Device Manager. I've waited over an an hour, nothing happens with the dialog box. The drive has 4K physical sectors, 512 byte logical sectors (it's Advanced Format 512e/512 emulation, not 4Kn/4K Native).

When I formatted the volume, I left the allocation unit size at 'Default', which ended up being 4k. Is there some requirement for a different allocation unit size for volumes over a certain threshold size?

It seems that I can create a smaller partition (2TB) and there is no problem. It seems that the magic limit is 3815174 MB, which is a 144 MB less than the available capacity of 3815318 (according to the New Simple Volume Wizard). Can anybody explain that? I updated the motherboard BIOS to the latest version, that seems to have had no effect on this issue.

I want to know why I Bitlocker fails to encrypt a single partition using all of the available space (according to the 'New Simple Volume Wizard), but will encrypt a partition 144 MB smaller? I have 2TB Hitachi drives with a single partition, no unallocated space and they encrypted just fine. According to the Disk Management snap-in in the Microsoft Management Console, I have 145 MB of unallocated space on the 4TB Hitachi. A way to avoid wasting the 145 MB would be nice. It's not a lot of space, but I don't want to screw around with finding the magic number again on a different 4TB drive.

I just tried to encrypt a 3815318 MB single volume on the drive with the manage-bde command line tool:

manage-bde -on X: -RecoveryPassword

I get this:

Volume X: [New Volume]
[Data Volume]
Key Protectors Added:

ERROR: An error occurred (code 0X8007001f):
A device attached to the system is not functioning.

How to "eject" non-existing USB drive from Windows 7 host?

I use a USB key which is encrypted with BitLocker to store various data. I keep that key with me all the time.

What happens all the time is that I send my home computer to hibernate without ejecting the USB key first. Then I unplug the key and take it with me to work. When I get home, I resume my Windows session and even though the key is not plugged in, the drive still appears as mounted on the system.

I can also unmount the non-existing device with mountvol, but that only removes the drive letter. Windows will still think the device is plugged in. When I plug the key in, nothing happens.

The device's class ID is listed in mountvol output, but the device is not listed in the Disk Management panel.

Update: So the problem finally appeared again and I tried all the suggestions. Weavers suggestion seemed very promising but yielded no results. However, while browsing through Device Manager, I noticed that the device in question is still listed under "Portable Devices" and it is not greyed out.
Trying to uninstall that device gives me a "Confirm Device Uninstall" window that tells me it is uninstalling the device but never finishes. At this point, plugging the device into another USB slots has no effect.

How to format a drive encrypted with Bitlocker?

I have a HD protected by Bitlocker. Login, password and restorekey are unknown and all I want to do is wipe the whole drive. When I try to boot from a windows installation cd I have no access to the drive since it asks for the restore key I don't have.

Is there a way to format the whole drive to make it usable again?

What is the performance cost to running Bitlocker?

BitLocker encrypts the entire hard drive. I run Visual Studio and build projects much of my day. How much will BitLocker slow me down? (dual core laptop with 3GB of RAM).

Can I upgrade to Windows 10 with BitLocker Enabled?

I am currently running Windows 8.1 Pro, with BitLocker enabled (the hardware has no TPM, though).

I am curious as to whether I will be able to upgrade to Windows 10 when it is rolled out without having to disable BitLocker/decrypt the hard drive.

Windows Updates obviously work fine with BitLocker, but as I have not beta tested Windows 10 I have no idea whether I will need to decrypt the drive before upgrading the system to Windows 10 or not.

Any and all information is appreciated!

Windows Bitlocker and automatic unlock password storage safety

I've encrypted my external HDD with a Bitlocker and after rebooting computer I tried to open that drive and got this message:

Say, if I pick to "Automatically unlock on this computer from now on", does this mean that Windows will store my password somewhere in the registry?

PS. Or, are they smart enough at Microsoft to store only the hash -- preferably salted?

Is it possible to re-lock a bitlocker drive?

I'm running a partition with bitlocker on a Windows 7 Ultimate machine, which contains secure data that I have to recover infrequently. Unlocking it to access the data is obviously no problem, but is there a way to re-lock the partition when I'm done? The best I've found so far is this: http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/41607938-7452-440d-8253-67fe8657bc0f

Currently I have a .bat script on that drive that I can run as administrator, and that re-locks the drive, but it feels like kind of a hackish solution. Does anyone have anything better? Any idea when Microsoft might release a fix for this?

Full Disk Encryption with TPM, not subject to cold boot attack

Here's a passage from Wikipedia on BitLocker

Once a BitLocker-protected machine is running, its keys are stored in memory where they may be susceptible to attack by a process that is able to access physical memory, for example, through a 1394 DMA channel. Any cryptographic material in memory is at risk from this attack, which therefore, is not specific to BitLocker.

It is my understanding that Trusted Platform Modules (TPMs), which BitLocker is allegedly using are made to specifically protect against such attacks:

... a key would still be vulnerable while a software application that has obtained it from the TPM is using it to perform encryption/decryption operations, as has been illustrated in the case of a cold boot attack. This problem is eliminated if key(s) used in the TPM are not accessible on a bus or to external programs and all encryption/decryption is done in the TPM

TPM diagram implies that key storage and encryption/decryption engine should be part of module. So, why is there no full disk encryption product, which uses this feature? E.g.: why is there no FDE software, not vulnerable to cold boot attacks?

Find out type of encrypted hard disk

say you get a random harddisk into your hands which is encrypted. is it possible just from the layout of the data to see what kind of encryption has been used?

i.e. Bitlocker, Truecrypt, dcrypt?

Find out if a PC has a TPM chip installed?

I have several Windows XP laptops that I need to check to see if they will work with Bitlocker if I install Windows 7. If they have a Trusted Platform Module (TPM) chip then Bitlocker should work without a USB key. If not, I'll leave them running XP.

Is there and easy way (or a free utility) that will tell me if a TPM is installed or integrated?

Update:
Windows XP lists the TPM (if present) in Device Manager under 'System Devices' (Windows 7 lists it under 'Security Devices').