This procedure is for recovering data from a disk drive with Microsoft Bitlocker Full Disk Encryption when the drive no longer boots. Also, a lab for practicing this procedure will…

This procedure is for recovering data from a disk drive with Microsoft Bitlocker Full Disk Encryption when the drive no longer boots.

Also, a lab for practicing this procedure will be provided here: https://gameofpwnz.com/?p=536

Required tools

 

Procedures

  1. Make sure the hard drive with Bitlocker is connected. If you never removed it, then you’re good.
  2. Boot from Kali Linux Live USB or CD/DVD.
  3. Update:
    apt-get update
  4. Install git and dependencies:
    apt-get install git libfuse-dev libmbedtls-dev cmake

5. Git clone Dislocker:

git clone git://github.com/Aorimn/dislocker.git

6. Change working directory to the dislocker directory

cd dislocker

7. cmake the Dislocker directory

cmake .

8. Make and make install

  1. make
  2. make install

9.Find the drive with Bitlocker

fdisk -l (should look like /dev/sda# if SATA/SCSI)

 

10. Create directories tmp and dis

  1. mkdir /mnt/tmp
  2. mkdir /mnt/dis

11. Run Dislocker

  1. Using Recovery Key:

    dislocker -v -V /dev/(whichever is the one you found in Step 9) -p<Bitlocker Recovery Key> — /mnt/tmp

    1. Hopefully you saved your recovery key in Active Directory or somewhere you know. The Recovery key is 55 characters with the hyphens.
  2. Using Bitlocker Password:

    dislocker -v -V /dev/(whichever is the one you found in Step 9) -u<Bitlocker Password > — /mnt/tmp

12. Check if it worked

ls /mnt/tmp     (You should see a dislocker-file. If so, then it worked)

13. Mount the volume

mount -o loop,ro /mnt/tmp/dislocker-file /mnt/dis
 

14. Change working directory to the volume

cd /mnt/dis

15. List out directory listing

ls

16. Backup files

To make this easier, open up the GUI file explorer window (2x). In one, open the USB drive. In the 2nd, open up /mnt/dis. Then copy the files that you need to the USB.

17. Profit

If you found this tutorial useful, let me know in the comments 🙂 And make sure to check out the lab 🙂

References

 

http://www.alexandreviot.net/2015/06/10/active-directory-how-to-display-bitlocker-recovery-key/

https://technet.microsoft.com/en-us/library/dd759200(v=ws.11).aspx

Wireless Shack Doc – CD/DVD

Null-Byte Doc

Kali Doc

https://github.com/Aorimn/dislocker

https://linux.die.net/man/1/dislocker

https://askubuntu.com/questions/617950/use-windows-bitlocker-encrypted-drive-on-ubuntu-14-04-lts

Ashton-Drake, aka GameOfPWNZ, is an information security professional and enthusiast He is the owner of this blog.

Leave a Reply