Posted on June 27, 2014 · Posted in Windows 8

Data Recovery on a Damaged Hard Disk Encrypted with Bitlocker

Today we’ll describe how to recover data from a damaged hard drive encrypted using Bitlocker. The issue can arise due to the damage of the file system on the encrypted disk (for instance, the damage of the disk area where Bitlocker stores its important information due to an unexpected system shutdown), inability to boot an OS or Bitlocker Recovery Console and the similar failures that prevent normal opening of the encrypted disk. The described problems can occur both to a system disk and to an external removable disk or a USB drive.

To recover data, we will use Repair-bde.exe (BitLocker Repair Tool), a command line utility appeared in Windows 7 / 2008 R2. It is used to access and recover the encrypted data on a damaged disk encrypted with BitLocker.

Warning. This procedure is the last thing to be applied, if you can’t unlock the encrypted disk with a password or a Bitlocker recovery key.  

The Requirements to the Data Recovery from the BitLocker Volume

To recover data from the disk encrypted with BitLocker, you should have at least one of these BitLocker security elements:

  • BitLocker recovery password
  • Recovery key
  • System startup key (Startup key –  .bek)

The data will be recovered to a separate disk with at least the same size as the damaged one. During the recovery all the contents of this disk will be deleted and replaced with the decrypted data from the BitLocker volume.
In our example, the disk F: (2 GB in size) is a USB hard drive with the contents encrypted using BitLocker which is not opened due some reason. To recover the data, we mounted an additional external hard disk Data (G:) with the size of 10 GB.

repair data from damaged bitlocker disk

Method 1. Data Recovery Using BitLocker Password

First of all, try to restore your data using this method (it works in Windows 8 / 2012 or higher):

  • Run the command prompt with the administrator privileges
  • Run the following command:
repair-bde F: G: -pw –Force

, where F: is a disk with the Bitlocker data, and G: is a disk to extract the decrypted data to.

  • While executing the command, you’ll have to enter the Bitlocker password (the one a user specifies in the UI to access the encrypted volume). repair-bde unlock bitlocker volume

Method 2. The Decryption of the Bitlocker Volume Using a Recovery Key

To decrypt the Bitlocker-encrypted data stored on the damaged volume, you need a recovery key or a boot key (if the system partition is encrypted).

Tip. A BitLockerRecoveryKey is a unique sequence of 48 characters. The recovery key is generated when the Bitlocker volume is created and you can print it or save it as a plain text on a local (not recommended) or an external hard drive.

BitLockerRecoveryKey text file

Or in your account on Microsoft website.

BitLocker Recovery Keys in microsoft website

Run the data recovery using this key:

repair-bde F: G: -rp 288209-513086-417508-646412-162954-590672-167552-664563 –Force

If Bitlocker is used to encrypt the Windows system partition and a special boot key from a USB flash drive is used to boot your system, you can decrypt the volume this way:

repair-bde F: G: -rk I:\2F538474-923D-4330-4549-61C32BA53345.BEK –Force

where 2F538474-923D-4330-4549-61C32BA53345.BEK is a key to run the Bitlocker Drive Encryption on the USB flash drive I: (by default, this file is hidden).

After the data recovery and decryption are over, you have to check the disk to which the volume contents has been extracted prior to opening it. To do it, run the following command and wait till the process is complete:

Chkdsk G: /f

Note. If the methods described above didn’t help to recover the data from the encrypted disk, it is worth trying to create a sector-by-sector copy of the damaged disk using a Linux tool DDRescue (or any other similar tool). When you are done, try to recover data from this copy using one of the previously discussed ways.

Related Articles