How to Recover Data From a Disk Encrypted by Bitlocker
Today we will describe the procedure of data recovery from a damaged disk encrypted by Bitlocker. Such problem may emerge as a result of damage to the file system of an encrypted disk (for example, damage to the area of the hard disk, where BitLocker stores important data, that happens due to unexpected system shutdown), inability to load OS or BitLocker recovery console, and other similar errors that prevent normal opening of the encrypted disk. The described problems may affect both system disk, portable external drive or USB drive.
In order to recover data we will use the utility Repair-bde (BitLocker Repair Tool), a command prompt utility which appeared back in Windows 7 / 2008 R2. This utility is used for access and recovery of encrypted data in a damaged disk encrypted by BitLocker.
Warning. This procedure should be applied after all the others have failed, and it was impossible to unlock the encrypted disk in a standard way by using a Bitlocker password or recovery key.
Requirements for data recovery from a BitLocker volume
To recover data from a disk encrypted by BitLocker you need to have at least one of the following Bitlocker defense elements:
- BitLocker recovery password;
- Recovery key;
- System startup key (Startup key — .bek).
Data will be recovered to a separate disk the size of which should be no less than the size of the damaged disk. In the course of recovery, all contents of this disk will be deleted and replaced by decrypted data from the Bitlocker volume.
In our example, disk E: (size 2 Gb) is a USB drive the contents of which are encrypted by BitLocker, and which cannot be opened for some reason. To recover data, we have installed an additional external disk F: (size 16 Gb).
Method 1. Data recovery with the use of a BitLocker password
In the first place, try recovering data with this method (it will work with Windows 8 / 2012 and newer versions):
- Launch command prompt as administrator.
- Execute the command:
repair-bde E: F: -pw –Force
where E: — disk with Bitlocker data, F: — disk where decrypted data should be extracted.
- In the course of executing the command you will have to specify BitLocker password (the same which a user is to enter into UI when trying to access an encrypted volume).
Method 2. Decryption of a Bitlocker volume with a recovery key
For decryption of data located in a damaged volume which is encrypted with Bitlocker we will need a recovery key or a system startup key (if the system partition is encrypted).
Advice. BitLockerRecoveryKey is a unique sequence of 48 symbols. The recovery key is generated when a Bitlocker volume is created; it can be printed, saved as a text file to a local (this choice is not recommended) or external disk, or in a user account at Microsoft website.
Now let us launch data recovery with the help of this key:
repair-bde E: F: -rp 011407-712393-682121-100210-377003-405174-520014-328130 –Force
If Bitlocker is used for encryption of the system partition containing Windows, and for loading the system a special startup key on a USB drive is used, the encrypted volume can be decrypted as follows:
repair-bde E: F: -rk I:\3F558473-943D-4330-8449-62C36BA53345.BEK –Force
where file 3F558473-943D-4330-8449-62C36BA53345.BEK is a key to launch BitLocker disk encryption on a USB drive G: (by default, this file is hidden).
After the procedure of data recovery and decryption, before opening the disk where the contents of the Bitlocker volume were extracted, it is necessary to run its check. In order to do it, execute the following command and wait until it is complete:
Chkdsk F: /f
Important note. If you failed to recover data from an encrypted disk with the described methods, it is worth trying to create a sector-by-sector copy of the damaged disk with the help of a Linux utility DDRescue (or any other similar utility). After that, try recovering data from the received copy by the following scenario.
Data Recovery Software
We also should notice that exist more common and simpler way to recover files from Bitlocker encrypted storage. These are data recovery software. Of course, not all programs сan cope in such situation but some of them have required function.
The only thing is that you must have a password to unlock the device which was specified when encrypt.
Then it’s simple. Connecting device with the information that you want to recover to your computer and getting message.
Further, enter password in a special window after double-clicking on the device you need to recover in “This PC”.
After that, the storage becomes fully accessible for data recovery for any of the Hetman Software programs.