This procedure is for recovering data from a disk drive with Microsoft Bitlocker Full Disk Encryption when the drive no longer boots.
Also, a lab for practicing this procedure will be provided here: https://gameofpwnz.com/dislockerlab/
Required tools
Procedures
- Make sure the hard drive with Bitlocker is connected. If you never removed it, then you’re good.
- Boot from Kali Linux Live USB or CD/DVD.
- Update:
apt-get update
- Install git and dependencies:
apt-get install git libfuse-dev libmbedtls-dev cmake
5. Git clone Dislocker:
git clone git://github.com/Aorimn/dislocker.git
6. Change working directory to the dislocker directory
cd dislocker
7. cmake the Dislocker directory
cmake .
8. Make and make install
- make
- make install
9.Find the drive with Bitlocker
fdisk -l (should look like /dev/sda# if SATA/SCSI)
10. Create directories tmp and dis
- mkdir /mnt/tmp
- mkdir /mnt/dis
11. Run Dislocker
- Using Recovery Key: dislocker -v -V /dev/(whichever is the one you found in Step 9) -p<Bitlocker Recovery Key> — /mnt/tmp
- Hopefully you saved your recovery key in Active Directory or somewhere you know. The Recovery key is 55 characters with the hyphens.
- Using Bitlocker Password: dislocker -v -V /dev/(whichever is the one you found in Step 9) -u<Bitlocker Password > — /mnt/tmp
12. Check if it worked
ls /mnt/tmp (You should see a dislocker-file. If so, then it worked)
13. Mount the volume
mount -o loop,ro /mnt/tmp/dislocker-file /mnt/dis
14. Change working directory to the volume
cd /mnt/dis
15. List out directory listing
ls
16. Backup files
To make this easier, open up the GUI file explorer window (2x). In one, open the USB drive. In the 2nd, open up /mnt/dis. Then copy the files that you need to the USB.
17. Profit
If you found this tutorial useful, let me know in the comments 🙂 And make sure to check out the lab 🙂
References
http://www.alexandreviot.net/2015/06/10/active-directory-how-to-display-bitlocker-recovery-key/
https://technet.microsoft.com/en-us/library/dd759200(v=ws.11).aspx
Wireless Shack Doc – CD/DVD
Null-Byte Doc
Kali Doc
https://github.com/Aorimn/dislocker
https://linux.die.net/man/1/dislocker
https://askubuntu.com/questions/617950/use-windows-bitlocker-encrypted-drive-on-ubuntu-14-04-lts