0

I recently lost some of the data and the backup disk is at my home. At this point, I only want to check if the backup disk contains a specific directory or not.

My family member is not too technical, but still enough. So I don't want to unlock it on the host computer using RDP or something.

I somehow wish to mount it raw on my computer here so I can unlock and check for the important directory. I am not worried about sniffing network traffic.

Is it possible to mount the whole disk here or just copy the directory index to my computer so I can unlock and read it.

It is encrypted using latest Bitlocker standard, host is Windows, I can use both Windows or Linux, GPT, NTFS.

1 Answers1

0

I assume that you are talking about a Windows system drive encrypted with Bitlocker.

Bitlocker usually uses a local TPM to seal the master encryption key. Therefore after boot or remotely the encryption key cant be unsealed and used.

There is AFAIR also a way to place the key on an USB stick (without TPM), this method is used often, but using the key on the USB stick a decryption is also possible.

Therefore the only remaining method accessing a Bitlocker image would be the Bitlocker recovery key you should have exported (as file or printed on paper, in a domain it also can be placed in Active Directory). It is that large 25 to 48 digit number with some dashes in it.

Using this recovery key accessing a Bitlocker image offline should be possible. However you still need the image or at least random read access to the image.

On Linux it is AFAIK know possible to mount such Bitlocker images: How to access a BitLocker-encrypted drive in Linux?

Theoretically it would be possible that a software exists that doe snot mount the volume, instead is just allows to read out files from an encrypted Bitlocker volume without mounting it by just using the recovery key. However I don't know such a software.

Robert
  • 8,055