Forensic Friday – BitLocker Forensic Update
BitLocker Forensic Update
BitLocker volume encryption can be found in almost every version of Windows 10 therefore its highly likely you will encounter encrypted volumes throughout your career as a forensic examiner. The encryption is deployed to protect host data and removable devices against unauthorized access and brute force attacks thereby making it impossible to gain access to the data without the correct keys. Various forensic techniques exist that allow examiners to overcome BitLocker protection if good workflows are in place and access to the recovery key is possible. In this webinar, we’ll explore techniques in reviewing the data in the BitLocked volume and the story it can tell us about volume usage. We’ll review what has changed with Windows 10 updates and explore workflows in the successful examination of data from within encrypted volume and examination techniques in recovering deleted data at the physical layer of the volume.