Solved BitLocker question

Hollywood said:

Can I ask, when you do a restore of your system drive, is it still encrypted? I use Easeus Todobackup and enabling Bitlocker resulted in transparent use of my computer and the use of Todobackup, but when I do a restore and reboot, the drive is no longer encrypted. Does Macrium Reflect restore the system drive to the Bitlocker state it was when backed up, or do you need to reapply Bitlocker after a restore? This was touched on in post #6.

Click to expand...

I suspect all imaging programs work in the same way WRT Bitlocker. I use Image for Windows, and I use it to backup my live system drive to another encrypted drive. This backup is unencrypted, but it's possible to have Windows encrypt it on the fly during the restore of the system partition, so that I'm not restoring it unencrypted, only to have to re-encrypt and invalidate the previously saved rescue keys and auto-unlock keys. I do this by booting from rescue media into Terabyte's WinRE environment, using manage-bde to unlock the system drive, and then I have Image for Windows restore just the system partition. There's a detailed paper discussing this, which they call a "Type A" backup, and other scenarios here:


I just skimmed it again and ran across this, "You can suspend BitLocker on the Windows partition before booting to the TBWinRE boot media to avoid having to unlock it manually." That's nice to know, because I have multiple Bitlockered drives, and it's always been trial and error to unlock the right one. That is, I don't know which is the system drive until I unlock it. So suspending Bitlocker will save me some time and aggravation.

BTW, if you ever forget and restore in the unencrypted state, you'll find your auto-unlock drives no longer auto-unlock, and there's a procedure to get them back to normal:


After you've done this a time or two, you'll remember. lol

The reason I am even exploring encryption is I was looking into usb boot iso's and seen these windows password reset programs. I tried one and, WOW!, it removed the need for my password in less the 30 seconds after it booted. I think the password reset program will not work on an encrypted system, and I will test soon, but meanwhile am seeing if Bitlocker will be easy to live with, provide security but make sure I can do a restore if necessary.

Click to expand...

Bitlocker is very easy to live with and will definitely prevent those password reset programs from working. Unlike with TrueCrypt, everything just works, including things like drive names in "Safely eject", which I noticed when I moved to Bitlocker after the TrueCrypt people said it was no longer secure in May 2014. The only consideration besides restoring images I've encountered is the necessity to suspend protection before updating the computer's BIOS. Everything else is seamless, as if I'm not using encryption.

barreleye said:

Bitlocker is very easy to live with and will definitely prevent those password reset programs from working. Unlike with TrueCrypt, everything just works, including things like drive names in "Safely eject", which I noticed when I moved to Bitlocker after the TrueCrypt people said it was no longer secure in May 2014. The only consideration besides restoring images I've encountered is the necessity to suspend protection before updating the computer's BIOS. Everything else is seamless, as if I'm not using encryption.

Click to expand...

A lot of what you wrote is helpful, but some is more then I understand. Good advice about not changing the BIOS unless you have access to your files/drive. I remember when Trucrypt was halted. It was about the time Snowden stories were out and NSA stories about the government requiring a backdoor to most data channels. At the time Truecrypt was 7.1a, but it's website had an announcement it was Not Secure Anymore, a hint using the first letters of that phrase. It was then they posted a final version 7.1b, with little if any further discussion. You could only come to your own conclusion, but mine was that I would not trust the "b" version with the text in that post.

Who knows what backdoors are in any software. We have to do what we think is best. So far I have not heard of mass fraud from info stolen from computers, but we still have to be careful and informed.

Thanks for your reply!

Rufus now adds BitLocker disable option
Rufus 3.22 final version