Drive Encryption is a method of securing all the data that resides on a volume or disk drive of a computer. Full drive encryption essentially makes the entire volume inaccessible to unauthorised access. Usually when encryption is performed, single files or folders are encrypted and the chances of retrieving valuable information through caches and temporary files are fairly high. Passwords retrieved in this way render the entire security of a computer compromised, and therefore ineffectual. Full drive encryption takes care of all these loopholes by securing the entire drive. If the encryption is implemented using software, the boot sector will not be encrypted.
BitLocker is a software tool that has been packaged with a few of the higher-end versions of Windows Vista, Windows Server 2008 and Windows 2007 Ultimate Beta operating systems. BitLocker also has a suite of related tools, like the BitLocker Drive Preparation Tool, the Repair Tool and Design and Deployment Guides, as well as the Recovery Password Viewer.
BitLocker requires at least two disk drives, one that contains all the booting information and the operating system, and the other which has the system files that need encryption. It also is a volume encryption tool, where a volume is not necessarily an entire drive.
A start-up key or a PIN is required when the system boots, without which the drive are virtually inaccessible.
When initially enabling BitLocker, Windows Vista will prompt the user to note down the recovery password somewhere. It presents the user with a trio of options: saving the password in a file, on a removable USB drive or printing it out.
The recovery password is a 48-digit number that needs to be entered if the start-up key or the PIN hasn’t been provided during booting. Once the number has been entered, the booting proceeds as normal. The user can then remove BitLocker and reconfigure it, whilst setting an entirely new start-up key or PIN.
In the event that the 48-digit number is not available to the user, the process of password retrieval becomes more complicated. Windows provides a utility called BitLocker Recovery Password Viewer to retrieve encrypted drives.
BitLocker Recovery Password Viewer stores the passwords in the Active Directory. However for this method to work, the system needs to be configured before the password is lost.