Windows OS Hub
  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu
  • Home
  • About

Windows OS Hub

  • Windows Server
    • Windows Server 2022
    • Windows Server 2019
    • Windows Server 2016
    • Windows Server 2012 R2
    • Windows Server 2008 R2
    • SCCM
  • Active Directory
    • Active Directory Domain Services (AD DS)
    • Group Policies
  • Windows Clients
    • Windows 11
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows XP
    • MS Office
    • Outlook
  • Virtualization
    • VMWare
    • Hyper-V
    • KVM
  • PowerShell
  • Exchange
  • Cloud
    • Azure
    • Microsoft 365
    • Office 365
  • Linux
    • CentOS
    • RHEL
    • Ubuntu

 Windows OS Hub / Windows 10 / Using the BitLocker Repair Tool to Recover Data on Encrypted Drive

December 13, 2018 Windows 10Windows 8

Using the BitLocker Repair Tool to Recover Data on Encrypted Drive

Today we’ll describe how to recover data from a damaged or inaccessible hard drive encrypted using BitLocker. We will show you a simple case and a case with a damaged BitLocker drive. Such an issue may occur due to the file system corruption on an encrypted disk (for example, a damage to the hard disk area in which BitLocker stores important information caused by an unexpected system shutdown), the inability to boot the OS or the BitLocker recovery console, and similar failures that prevent normal opening of the encrypted data. The described problems can arise both with a system disk, and with a removable external or USB disk.

We will use the utility Repair-bde.exe (BitLocker Repair Tool) for data recovery, a command line tool appeared in Windows 7 / Server 2008 R2. It is used to access and recover the encrypted data on a damaged drive encrypted with BitLocker.

Contents:
  • Requirements for data recovery from a BitLocker volume
  • How to unlock a BitLocker encrypted drive in Windows?
  • How to unlock a BitLocker drive where Windows is installed?
  • Data recovery using the BitLocker password
  • Decrypt the volume using a Bitlocker recovery key
  • How to access a BitLocker encrypted drive in Linux?

Requirements for data recovery from a BitLocker volume

In order to recover data from a BitLocker-encrypted drive, you must have at least one of the following BitLocker security elements:

  • BitLocker recovery password (the one that you enter in the Windows GUI when you unlock an encrypted disk);
  • The BitLocker Recovery key;
  • System startup key (.bek) – a key on a USB flash drive that allows you to decrypt the boot partition automatically without requiring the user to input a BitLocker password.

The BitLocker Recovery Key is a unique sequence of 48 characters. The recovery key is generated when creating the BitLocker volume, it can be printed (and stored in a safe place), saved to a text file on a local drive (this is not recommended, because if this disk is will be damaged, you won’t be able to decrypt your data) or on external drive, or saved to your online Microsoft account.backup bitlocker recovery key in windows 10

BitLockerRecoveryKey text file

BitLocker recovery key can be found in your account on the Microsoft website. Follow the link https://onedrive.live.com/recoverykey.

BitLocker Recovery Keys in microsoft website

If you don’t have access to the BitLocker recovery key, then you won’t be able to access your encrypted data. Because BitLocker is designed to protect your files from other users.

A few nuances regarding the recovery of data from a BitLocker drive. Data needs to be restored to a separate disk with at least the same size as the encrypted one. During the recovery all the contents of this disk will be deleted and replaced with the decrypted data from the BitLocker volume. In our example, the disk F: (2 GB in size) is a USB stick with the contents encrypted using BitLocker, which won’t open for some reason. To recover the data, we mounted an additional external hard disk Data (G:) with the size of 10 GB.

repair data from damaged bitlocker disk

How to unlock a BitLocker encrypted drive in Windows?

The simplest situation is when you need to unlock an BitLocker encrypted drive from Windows. You probably have an external drive or USB flash drive protected with BitLocker that won’t open, or you want to open an encrypted drive on another computer.

Connect the drive to your computer and go to the Control Panel -> System and Security -> BitLocker Drive Encryption (available in Professional and higher Windows editions). In the list of disks, select the BitLocker encrypted disk and click Unlock Drive.

windows 10 bitlocker unlock the protected drive

Depending on the security method, specify the password, PIN recovery key and connect the smart card to unlock the drive. If you don’t know the password, but the recovery key has been saved, select Advanced settings -> Enter recovery key.

bitlocker enter 48 digit recovery key

If you have multiple recovery keys, you can determine the recovery key you need using the identifier that is displayed in the window. If you specify the correct key, the disk is unlocked and you can access the data on it.

How to unlock a BitLocker drive where Windows is installed?

Consider a case when your system drive (where Windows is installed) is encrypted using BitLocker and for some reason your Windows doesn’t boot correctly (blue screen of death, hangs on boot, incorrect updates, etc.).

Try to run the Windows Recovery Environment (it will automatically start if Windows fails to boot 3 times in a row). If WinRE is not working, you can boot from the Windows 10 installation disk, the MsDaRT 10 recovery image, or another bootable disk. To run the command prompt, select Troubleshoot -> Advanced options -> Command Prompt, or press Shift + F10.

Check the status of all the disks on the computer using the command line (this is how you identify the Bitlocker encrypted drive):

manage-bde -status

The result of the command for one (or several) of the disks should contain the following text: “BitLocker Drive Encryption: Volume D”. So you have disk D encrypted.
Unlock it by running the command:

manage-bde -unlock D: -pw

The command will ask you to enter your BitLocker password:

Enter the password to unlock this volume:

If the password is correct, a message will appear:

The password successfully unlocked volume D:.

bitlocker The password successfully unlocked volume D:.

Your disk is decrypted and you can proceed to restore the OS.
If you want to completely disable the BitLocker drive protection, run:

manage-bde -protectors -disable D:

Restart the computer. Now the Windows boot drive is not encrypted.

Data recovery using the BitLocker password

First of all, try to restore your data using this method (it works in Windows 10, 8.1 / Server 2012 /R2/2016 or higher):

  1. Run the command prompt as an administrator;
  2. Run the following command: repair-bde F: G: -pw –Force, where F: is a disk with the BitLocker data, and G: is a disk to extract the decrypted data to;
  3. While executing the command, you’ll have to enter the BitLocker password (the one a user specifies in the Windows GUI in order  to access the encrypted volume).

repair-bde unlock bitlocker volume

Decrypt the volume using a Bitlocker recovery key

To decrypt data on a damaged volume encrypted with Bitlocker, you will need a recovery key or system boot key (if the system partition is encrypted).

Run the data recovery using this key:

repair-bde F: G: -rp 288209-513086-417508-646412-162954-590672-167552-664563 –Force
repair-bde scan bitlocker metadata

If BitLocker is used to encrypt the Windows system partition and a special boot key on the USB flash drive is used to boot the system, you can decrypt the volume this way:

repair-bde F: G: -rk I:\2F538474-923D-4330-4549-61C32BA53345.BEK –Force

where 2F538474-923D-4330-4549-61C32BA53345.BEK is a key to run the Bitlocker Drive Encryption on the USB flash drive I: (by default this file is hidden).

After the data recovery and decryption are over, you have to check the disk to which the volume contents has been extracted prior to opening it. To do it, run the following command and wait untill the process is complete:

Chkdsk G: /f

Note. If the methods described above didn’t help to recover the data from the encrypted disk, it is worth trying to create a sector-by-sector copy of the damaged disk using a Linux tool DDRescue (or any other similar tool to recover data from damaged partitions). When you are done, try to recover data from this copy according one of the previously mentioned ways.

How to access a BitLocker encrypted drive in Linux?

You can open a BitLocker encrypted disk in Linux. To do this, you need the DisLocker utility and the BitLocker recovery key.

Some distributions (for example, Ubuntu) already have a dislocker utility. If the utility is not installed, download and compile it manually:
tar -xvjf dislocker.tar.gz
The INSTALL.TXT file indicates that you need to install the libfuse-dev package:
sudo apt-get install libfuse-dev
Now compile the package:
cd src/make make install
Go to the mnt directory and create two directories (for the encrypted and decrypted partition):
cd /mnt

mkdir Encr-partmkdir Decr-part
Find the encrypted partition (fdisk –l command) and decrypt it using the recovery key in the second directory:

dislocker -r -V /dev/sdb1 -p your-bitlocker-recovery-key /mnt/Encr-part

In this example, we use the DisLocker utility in FUSE mode (Filesystem in Userspace), which allows users to create their own file systems without privileges. In FUSE mode, only the block that the system accesses (“on the fly”) is decrypted. At the same time, data access time increases, but this mode is much safer.
Mount the partition:
mount -o loop Driveq/dislocker-file /mnt/Decr-part
You should now see all the files on the encrypted partition.

15 comments
5
Facebook Twitter Google + Pinterest
previous post
Error 0x80073CFA: Can’t Uninstall Apps using Remove-AppxPackage in Windows 10
next post
How To Monitor AD Group Changes Using PowerShell

Related Reading

Configuring Event Viewer Log Size on Windows

May 24, 2023

How to Detect Who Changed the File/Folder NTFS...

May 24, 2023

How to Create, Change, and Remove Local Users...

May 17, 2023

Fix: BSOD Error 0x0000007B (INACCESSABLE_BOOT_DEVICE) on Windows

May 16, 2023

View Success and Failed Local Logon Attempts on...

May 2, 2023

Categories

  • Active Directory
  • Group Policies
  • Exchange Server
  • Microsoft 365
  • Azure
  • Windows 11
  • Windows 10
  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • PowerShell
  • VMWare
  • Hyper-V
  • Linux
  • MS Office

Recent Posts

  • Configuring Event Viewer Log Size on Windows

    May 24, 2023
  • How to Detect Who Changed the File/Folder NTFS Permissions on Windows?

    May 24, 2023
  • Enable Single Sign-On (SSO) Authentication on RDS Windows Server

    May 23, 2023
  • Allow Non-admin Users RDP Access to Windows Server

    May 22, 2023
  • How to Create, Change, and Remove Local Users or Groups with PowerShell?

    May 17, 2023
  • Fix: BSOD Error 0x0000007B (INACCESSABLE_BOOT_DEVICE) on Windows

    May 16, 2023
  • View Success and Failed Local Logon Attempts on Windows

    May 2, 2023
  • Fix: “Something Went Wrong” Error When Installing Teams

    May 2, 2023
  • Querying Windows Event Logs with PowerShell

    May 2, 2023
  • Configure Windows LAPS (Local Administrator Passwords Solution) in AD

    April 25, 2023

Follow us

  • Facebook
  • Twitter
  • RSS
Popular Posts
  • Booting Windows 7 / 10 from GPT Disk on BIOS (non-UEFI) systems
  • Error Code: 0x80070035 “The Network Path was not found” after Windows 10 Update
  • Removable USB Flash Drive as Local HDD in Windows 10 / 7
  • How to increase KMS current count (count is insufficient)
  • How to Disable UAC Prompt for Specific Applications in Windows 10?
  • Managing Printers and Drivers with PowerShell in Windows 10 / Server 2016
  • Managing Printers from the Command Prompt in Windows 10 / 8.1
Footer Logo

@2014 - 2023 - Windows OS Hub. All about operating systems for sysadmins


Back To Top