Saturday 14 November 2009

What A BitLocker Encrypted Drive Looks Like On Another PC

It looks like this:


After refreshing the view it looks like this:


And, in Windows Explorer after clicking on the encrypted partition showing as G: with no file system indicator we get:


The above screenshots are from the Tecra S10’s 160GB spindle based hard disk that has since been replaced by an Intel X-25 M 160GB SSD.

The E: partition was the Active one that contained the BCD database and other files needed for the initial boot of the Windows 7 Enterprise.

The E: partition was actually a misguided attempt at setting up BitLocker with Windows 7 since the discovery that Windows 7 would create its own 100MB partition for the boot content was made after the fact.

This time around, we allowed Windows to install into the new SSD without touching any of the partitioning and we now have a BitLocker encrypted SSD in the Tecra S10 with nothing more than a small Active partition. The encryption process looks to be more CPU dependent that drive I/O dependent as the encryption time may have been reduced by 35%.

So, any guesses on whether the data in that encrypted partition is accessible? Perhaps by someone with a lot of horsepower like law enforcement or perhaps an organized crime syndicate of some sort . . . maybe.

For now, with BitLocker we have taken the best possible precautions at protecting the data on that drive and can be reasonably assured that the data will remain intact until we wipe the drive using a DoD 7 pass erase.

For that DoD 7 pass wipe we use a freeware product called Eraser. It is an excellent little utility that allows us to wipe as many drives as this particular system can handle (7+ drives).

Philip Elder
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

1 comment:

Anonymous said...

Hi Philip

We have been trialing this utility.
It uses the inbuilt command of the drive to acheive the erase. You may find it useful, and it is quick.