Encrypt system partition or pen drive using BitLocker under Windows 7

A new feature in windows beginning from Windows 7 OS, the ‘BitLocker To Go’ Drive Encryption helps protect sensitive data from being accessed by unauthorized users, this standard utility allow us to encrypt our sensitive data on removable media without using any additional software, the encrypted drive will be recognized by older windows OS (Vista, Win XP) but in read only mode, however when accessed on WIN 7,8 or 10, it could be used on both read and write mode. ‘BitLocker to Go’ extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase, thus making the loss of a pen drive with sensitive data does not impose any risks.

In this article we are going to discuss how to configure & use this important utility on different Windows OS versions (I’m using Windows 7 Ultimate in this experiment).

Insert the flash memory you want to encrypt in your PC, if the flash already contains data this will not have any effect on its contents.

Right click on your flash memory and select ‘Turn on BitLocker’.

The following window appears, asking you to enter a password to unlock your encrypted drive.

Enter your password and click ‘Next’.

BitLocker will ask you to store a recovery key in case you lost your password; you can either use a ‘keyfile’ or entered it manually to unlock your drive.

I will select both in my example, the first option ‘Save the recovery key to a file’ let me save my recovery key to a specified location as follow

It is preferred to store this keyfile on a removable media in case system crash and you are unable to recover it, your data will still be recoverable.

The second option asks me to print the keyfile on a paper and store it in a save location

Both Keyfile and printed keyfile should be stored in a safe location, if an attacker know your BitLocker Recovery Key, he will be able to unlock your drive.

The final step in the wizard asks me if Iam sure that I want to encrypt my drive, click ‘Start encryption’ and the encryption process begins.

The time needed to finish the encryption mainly depends on the size of the drive. (Do not remove the drive from PC while encrypting, this could severely damage the data inside the drive)

After finishing, a confirmation message appears as appears in next screen.

Go to windows explorer > My computer and check your newly encrypted drive, we notice key icon has been added to standard drive ICON.

Now, you can add your files to this encrypted drive as you do with any hard disk drive.

Using BitLocker  (Unlocking USB drive encrypted using BitLocker in newer Windows OS)

Insert your drive in PC, the following window appears (if nothing appears and Auto run is disable, Go to My Computer > removable storage and double click your drive).

Insert you password and click ‘Unlock’, the drive will be unlocked and you can use it as usual (in both read and write mode).

Using BitLocker in older version of Windows – Vista & Win XP (all versions)

In Windows Vista (all versions) and Windows XP (all versions) , you can open an encrypted drive in Read only mode ,  you can read and copy files from your drive but you are unable to Add/ Delete / Append data to your drive.

Please, remember that your data will only be encrypted inside your encrypted drive, thus if you copy a file from your drive to a PC, the copied file will not be encrypted by default.

Enter your password and click ‘Unlock’, if your password was correct, your drive will open and list its contents.

As we mentioned before, drive will be opened in a read only mode.

How to change your BitLocker encrypted drive password?

Insert your encrypted drive in your Windows (+7) machine; unlock it by entering your password

Right click on drive and select ‘Manage BitLocker …’

The following window appears; select the first choice ‘Change password to unlock the drive’.

Enter your new password and click ‘Next’ and you are done.

If you forget BitLocker Password?

Insert your encrypted drive in your Windows machine, select ‘I forgot my password’ option

A new window appears asking you to enter your recovery key which was created during the BitLocker setup.

Click on ‘Type the recovery Key’ and enter your recovery key from the printed file that we have created during our BitLocker setup.

Click ‘Next’ , if your recovery key was correct , a message appears to you saying that you have a temporary access to this drive , BitLocker will asks you to click on ‘Manage BitLocker’ button to change your password as we demonstrate previously in our ‘change BitLocker password’ section.

In this article we demonstrate how to use the standard ‘BitLocker To Go’ Utility associated with Windows 7,8 and 10  to create an encrypted portable disk drive.