This procedure is for recovering data from a disk drive with Microsoft Bitlocker Full Disk Encryption when the drive no longer boots.
Also, a lab for practicing this procedure will be provided here: ___
- The computer and hard drive that has Bitlocker
- USB Drive: Needs enough storage for files that need to be backed up
- Kali Linux Live USB or CD/DVD (Kali Doc, Null-Byte Doc, Wireless Shack Doc – CD/DVD)
- Bitlocker Recovery Key or Bitlocker Password (Active Directory Bitlocker Recovery – only if saved in AD & Microsoft TechNet Doc)
- Make sure the hard drive with Bitlocker is connected. If you never removed it, then you’re good.
- Boot from Kali Linux Live USB or CD/DVD.
- Install git and dependencies:
apt-get install git libfuse-dev libmbedtls-dev cmake
5. Git clone Dislocker:
git clone git://github.com/Aorimn/dislocker.git
6. Change working directory to the dislocker directory
7. cmake the Dislocker directory
8. Make and make install
- make install
9.Find the drive with Bitlocker
fdisk -l (should look like /dev/sda# if SATA/SCSI)
10. Create directories tmp and dis
- mkdir /mnt/tmp
- mkdir /mnt/dis
11. Run Dislocker
- Using Recovery Key:
dislocker -v -V /dev/(whichever is the one you found in Step 9) -p<Bitlocker Recovery Key> — /mnt/tmp
- Hopefully you saved your recovery key in Active Directory or somewhere you know. The Recovery key is 55 characters with the hyphens.
- Using Bitlocker Password:
dislocker -v -V /dev/(whichever is the one you found in Step 9) -u<Bitlocker Password > — /mnt/tmp
12. Check if it worked
ls /mnt/tmp (You should see a dislocker-file. If so, then it worked)
13. Mount the volume
mount -o loop,ro /mnt/tmp/dislocker-file /mnt/dis
14. Change working directory to the volume
15. List out directory listing
16. Backup files
To make this easier, open up the GUI file explorer window (2x). In one, open the USB drive. In the 2nd, open up /mnt/dis. Then copy the files that you need to the USB.
If you found this tutorial useful, let me know in the comments 🙂 And make sure to check out the lab 🙂