Return to Using Encryption Tools

Windows BitLocker

Tutorial Key Facts
Supported Operating SystemEncrypting Drive using Win 7 (Ultimate and enterprise editions) and Windows Server 2008 & Windows Server 2012 in addition to Vista (Ultimate and enterprise editions).
Reading encrypting Drive in "Read Only" Mode using all Previous Versions of Windows Vista (other editions) , XP , Server 2003.
Windows 8 and 10
BitLocker VersionNot Applicable
Last Update2016/09/25
AuthorNihad Hassan

Encrypt system partition or pen drive using BitLocker under Windows 7

A new feature in windows beginning from Windows 7 OS, the ‘BitLocker To Go’ Drive Encryption helps protect sensitive data from being accessed by unauthorized users, this standard utility allow us to encrypt our sensitive data on removable media without using any additional software, the encrypted drive will be recognized by older windows OS (Vista, Win XP) but in read only mode, however when accessed on WIN 7,8 or 10, it could be used on both read and write mode. ‘BitLocker to Go’ extends BitLocker data protection to USB storage devices, enabling them to be restricted with a passphrase, thus making the loss of a pen drive with sensitive data does not impose any risks.

In this article we are going to discuss how to configure & use this important utility on different Windows OS versions (I’m using Windows 7 Ultimate in this experiment).

Insert the flash memory you want to encrypt in your PC, if the flash already contains data this will not have any effect on its contents.

Right click on your flash memory and select ‘Turn on BitLocker’.

BitLocker_1

The following window appears, asking you to enter a password to unlock your encrypted drive.

BitLocker_2

Enter your password and click ‘Next’.

BitLocker will ask you to store a recovery key in case you lost your password; you can either use a ‘keyfile’ or entered it manually to unlock your drive.

BitLocker_3

I will select both in my example, the first option ‘Save the recovery key to a file’ let me save my recovery key to a specified location as follow

BitLocker_4

It is preferred to store this keyfile on a removable media in case system crash and you are unable to recover it, your data will still be recoverable.

The second option asks me to print the keyfile on a paper and store it in a save location

BitLocker_5

Both Keyfile and printed keyfile should be stored in a safe location, if an attacker know your BitLocker Recovery Key, he will be able to unlock your drive.

The final step in the wizard asks me if Iam sure that I want to encrypt my drive, click ‘Start encryption’ and the encryption process begins.

BitLocker_6

The time needed to finish the encryption mainly depends on the size of the drive. (Do not remove the drive from PC while encrypting, this could severely damage the data inside the drive)

BitLocker_7

After finishing, a confirmation message appears as appears in next screen.

BitLocker_8

Go to windows explorer > My computer and check your newly encrypted drive, we notice key icon has been added to standard drive ICON.

BitLocker_9

Now, you can add your files to this encrypted drive as you do with any hard disk drive.

Using BitLocker  (Unlocking USB drive encrypted using BitLocker in newer Windows OS)

Insert your drive in PC, the following window appears (if nothing appears and Auto run is disable, Go to My Computer > removable storage and double click your drive).

BitLocker_10

 

Insert you password and click ‘Unlock’, the drive will be unlocked and you can use it as usual (in both read and write mode).

Using BitLocker in older version of Windows – Vista & Win XP (all versions)

In Windows Vista (all versions) and Windows XP (all versions) , you can open an encrypted drive in Read only mode ,  you can read and copy files from your drive but you are unable to Add/ Delete / Append data to your drive.

Please, remember that your data will only be encrypted inside your encrypted drive, thus if you copy a file from your drive to a PC, the copied file will not be encrypted by default.

BitLocker_11

Enter your password and click ‘Unlock’, if your password was correct, your drive will open and list its contents.

BitLocker_12

As we mentioned before, drive will be opened in a read only mode.

How to change your BitLocker encrypted drive password?

Insert your encrypted drive in your Windows (+7) machine; unlock it by entering your password

Right click on drive and select ‘Manage BitLocker …’

BitLocker_13

The following window appears; select the first choice ‘Change password to unlock the drive’.

BitLocker_14

BitLocker_15

Enter your new password and click ‘Next’ and you are done.

If you forget BitLocker Password?

Insert your encrypted drive in your Windows machine, select ‘I forgot my password’ option

BitLocker_16

A new window appears asking you to enter your recovery key which was created during the BitLocker setup.

BitLocker_17

Click on ‘Type the recovery Key’ and enter your recovery key from the printed file that we have created during our BitLocker setup.

BitLocker_18

BitLocker_19

Click ‘Next’ , if your recovery key was correct , a message appears to you saying that you have a temporary access to this drive , BitLocker will asks you to click on ‘Manage BitLocker’ button to change your password as we demonstrate previously in our ‘change BitLocker password’ section.

BitLocker_20

In this article we demonstrate how to use the standard ‘BitLocker To Go’ Utility associated with Windows 7,8 and 10  to create an encrypted portable disk drive.

Permanent link to this article: https://www.darknessgate.com/security-tutorials/using-encryption-tools/windows-bitlocker/