Recovering data from encrypted volume

Recently we have completed a data recovery from a self encrypting HDD further protected by BitLocker, which had failed mechanically. Encryption is a way to enhance the security of a message or file by scrambling the contents so that it can be read only by someone who has the right encryption key to unscramble it. Encrypted devices are often what we call 'hardware specific or device encrypted' which means that the encryption key is linked to the computer or laptop itself. In this instance we need the actual device before we can attempt decryption.

In order for BitLocker to operate, at least two NTFS-formatted volumes are required: one for the operating system (usually C:) and another with a minimum size of 100 MB[20] from which the operating system boots. Before even starting the process we needed the user's BitLocker credentials and the original self encrypting hard drive with the laptop (as the encryption was hardware dependent). Where we are supplied with the encryption keys, decrypting through the Bitlocker application itself is relatively straightforward. However our client no longer had the keys which exasperated the data recovery process.

Nevertheless we managed to overcome the physical damage and de-crypt the device. Deciphering encrypted text can be challenging and time consuming. Our tools will reduce some of the hack work allowing us to look for patterns. However the decryption process took weeks of machine time before we were able to break the keys. Thankfully we achieved a 100% clean sweep as there was no platter damage, otherwise the outcome would have been very different!