2

Please note that I am new to BitLocker but I was able to set it up on my C drive. After doing this, I breifly searched on the web for ways around BitLocker and came up with two articles, Passware Hard Disk Decryption and This $299 tool is reportedly capable of decrypting BitLocker ... disks in real-time. How can I prevent such attacks like these as ways to bypass BitLocker?

Alex Probert
  • 493
  • 1
  • 3
  • 17
Tom
  • 123
  • 6

1 Answers1

6

Prevent someone from gaining physical access to your system while it's running.

Seriously, the linked tool works by searching through an image of your system's memory for the key for the encrypted volume and using it to decrypt the encrypted volume. The only way to prevent this is to make sure an attacker can't read the memory of a running (or suspended or hibernated) system. There are a number of ways to get this memory image, ranging from connections via FireWire or PCIe to extracting hibernation images from the disk. Of course, even when the system is off, you're not completely safe, thanks to cold boot attacks.

David
  • 15,814
  • 3
  • 48
  • 73
  • Thank you, I never even knew what cold boot attack was (or even existed) until now, kind of scary to think about it. – Tom Jul 06 '14 at 01:04
  • 1
    @Tom it's worth noting that cold boot attacks are only going to be viable for a short time after shutting down, not when the computer has been off for a long time. It does, however, mean that if a SWAT team busts in your door and you pull the plug on your computer, there is still a chance they can get the decryption keys if they have a forensics tech immediately try a cold boot (or rapidly cool the ram to try it on a bench shortly after). – AJ Henderson Oct 13 '17 at 14:51