Protecting the data stored on your computer is important because you can never know how dangerous the information stored on your computer can be in the hands of the wrong person. Even if it’s just personal details, it’s still important to make sure the data is properly protected because nowadays identity theft is a problem that if not discovered in due time can lead to extremely painful and unpleasant consequences. Not to mention the dangers of storing on your computer unprotected data regarding your professional activity. If the company were you work discovers that you were the leak’s source you might even have to go through a lawsuit and not only lose a job that’s’ vital for your financial well being. You need to keep in mind that although computers are technological wonders, they aren’t infallible and can be affected by all sorts of errors. A back door left unprotected is all a third party needs in order to steal the information of its interest.
My sayings represent one of the main reasons why Microsoft has added to Windows Vista a feature called BitLocker. This feature is designed to prevent unauthorized people from gaining access to the data stored on your computer. To achieve its goal, BitLocker uses encryption that will resist many of the attacks of those who have found your lost computer or have stolen it. Loss and theft of devices that store business information is both embarrassing and dangerous, so knowing there’s a way to make sure the data is protected to some extent is reassuring.
What is BitLocker?
BitLocker is, like I’ve mentioned above, an encryption feature that comes built-in with a newer version of Windows known as Windows Vista. This encryption method works differently than EFS (Encrypting File System) which takes care of the encryption for each file. What BitLocker does is encrypt the entire hard drive at once in order to make sure that the computer can’t be booted by a malicious third party. Nothing occurs, not even if the drive is removed and installed in another computer. If I got you interested, you should also know that you will be able to use this feature only under Windows Vista Ultimate and Windows Vista Enterprise. That means if you are interested you will first have to update your computer’s OS to one of these versions.
After the OS is updated to the proper version you will also have to create two NTFS partitions. One of the partitions will have to be 1.5GB in size and will be dedicated to the system volume while the other one will be made available for the operating system volume. If you find these steps complicated, you shouldn’t worry because you will have at your disposal the BitLocker Driver Preparation Tool that will walk you through the steps involved and will provide all the explanations you might be in need of. The only thing you need to do before gaining access to this wizard is turn on BitLocker.
To turn on BitLocker, you will have to click Start, then choose Control Panel, Security and finally BitLocker Drive Encryption. You will then be able to use the feature that allows you to enable BitLocker. If a message that says “Initialize TPM Security Hardware” is displayed, you should simply follow the prompts displayed because they are designed to help you with the process. When the “Save Recovery Password” page is displayed you will have to choose where the recovery password will be saved and then click “Next”. You will then have to check out the “Encrypt the Selected Disk Volume” page and check the option that says “Run BitLocker System Check”. Then you can click “Continue”. That’s all it takes to set up this feature.
Can You Hack BitLocker?
Apparently, there is a way to bypass the recovery key or password that blocks the hard drive of your computer. The solution is thought to be a software tool known as Passware Kit Forensic that has recently received a new feature able to deal with hard drives on which BitLocker has been used. This software is signed buy the Passware Company that has been constantly improving this software with all sorts of features that are designed to bypass the security of various systems.
I’m sure that when you hear such news you start thinking if it’s true or just an exaggeration of people who are trying to prove that Microsoft has failed once again to provide an enhanced level of protection. As always, the truth is somewhere in between because it seems that Passware Kit Forensic is able to provide the expected result only under certain circumstances. That means it’s time we discovered what its requirements and limitations are and see if under the right circumstances you can actually recover the key that was used by BitLocker during its encryption process.
Conditions and Possibilities
In order to be able to use the capabilities of the software tool I’ve mentioned on a hard drive protected using BitLocker you will have to first get the hard drive in question or a copy of it. If you are the owner of the hard drive in question that’s not a problem. In fact, if you have forgotten or lost the password that removes the protection you will be happy to find out there’s a tool that can help you. After the hard drive is in the possession of the person who wants to hack it for various reasons, the one attempting the impossible will have to make sure that he/she has available a full memory dump. Otherwise, there aren’t many chances to recover the key necessary. The ability to recover the key from a memory dump can’t be considered a weakness of BitLocker’s capabilities, because many cryptographic algorithms currently used are susceptible to such practices.
So, in order to benefit from the features made available by Passware Kit Forensic, you will have to be able to access the targeted computer when it’s turned on and unlocked. Otherwise, you won’t be able to get your hands on the necessary memory dump. Unfortunately for computer owners desperate to protect their data, but fortunately for those of us who are interested in bypassing the protection granted by BitLocker, there’s a back door that can be used. This back door is represented by a technology named FireWire.
One of the features of this technology is related to its capacity to allow a person to directly access the content of a computer’s memory no matter if that person has or doesn’t have the right to access the computer in question. So, this technology invalidates the protection of BitLocker that only promises to protect the system as long as it’s in an inactive state. Because FireWire makes it possible for anyone to access the content of a computer protected using BitLocker, the protection is no longer in place and the Passware Kit Forensic software we have been talking about is able to deliver what’s promised: the removal of the recovery key or password that was used by BitLocker on a Vista Ultimate or Enterprise system.
So, at the end of the day there are systems protected by BitLocker that can be hacked. It’s enough for the system targeted to have FireWire technology integrated and active. It might not be good news for some of us, but at the end of the day it’s better to know what to expect than sit in the dark. In addition, you have learnt a valuable piece of information that might be of use some day if you ever need to remove BitLocker from a hard drive although you don’t know the recovery key or the password requested.
How to Better Protect Your Computer
If you want to make sure that the BitLocker protection of your hard drive stays in place even when someone tries to use on it the capabilities of PassWare Kit Forensic, you should avoid leaving active the FireWire devices connected to your computer. FireWire is not better than USB 2.0, so you can rely on the latter option for the connection of peripherals that you need to use on a daily basis and turn FireWire off.
You should also try to physically secure your laptop or your desktop computer in environments on which you have enhanced control. Besides keeping your computer in an area with limited physical access, you should also avoid forgetting to put it on hibernation or turn it off every time you leave the room and can’t supervise it for a long period of time.
A third measure that you should take involves encrypting with BitLocker not only the drive that stores sensitive data, but also the other drives of your computer. That’s how you make sure no one is able to easily access the hiberfil.sys files that make available the memory dump necessary. You should also considering using TPM.
11 Buy Now!
Connect with Brasoveanu Lucian via: