This lab will take you through using Dislocker to view data on a USB disk image that has Bitlocker encryption.  The password for Bitlocker will be provided.   Real life…

This lab will take you through using Dislocker to view data on a USB disk image that has Bitlocker encryption.  The password for Bitlocker will be provided.

 

Real life use: Hard drive with Bitlocker fails to boot.  You need to recover data from it.

 

Bitlocker USB DD image: https://drive.google.com/a/gameofpwnz.com/file/d/0B3KtykBk15nNamdMSVpYaXRPRlU/view?usp=sharing

MD5 Checksum: 90860ff85a78f1421e6f26f44c10b8ae

In Kali, you can use this to get the mount 🙂 :

losetup --partscan --find --show encrypted.001

The Bitlocker Password is password

Use this Procedure: https://gameofpwnz.com/?p=521

The procedure can be altered slightly for this lab.  I used a Kali Linux Virtual Machine instead of a live USB to complete this lab.  In this lab, I use the password rather than the recovery key.  Notice the slight difference in the command when using each.

 

Lab created by @GameOfPWNZ

Ashton-Drake, aka GameOfPWNZ, is an information security professional and enthusiast He is the owner of this blog.

Leave a Reply