1
I am trying to recover files from an old laptop where the Windows 10 installation broke. The drives (system drive C: and data drive D:) were encrypted using BitLocker, but the recovery key for D: was unretrievable. As I understand it, only the system drive uses the TPM to store the BitLocker keys.
When the system booted, D: could be decrypted using the "auto unlock" feature, and the key is saved in the registry (see e.g. Windows Bitlocker and automatic unlock password storage safety).
Now, since the installation on C: is unable to boot, I can no longer use that key to retrieve the files. Since the C: drive is fully recovered (but not bootable), is there any way of retrieving the original keys offline? Failing that, could I somehow reinstall Windows on the target hardware and transplant the keys back to that? (Since the keys are encrypted using the SYSTEM account, I suppose I must make sure that this stays the same, as well as anything else that Windows uses for salt).
Krumelur
Posted 2017-06-22T14:29:34.293
Reputation: 587
"Since the C: drive is fully recovered (but not bootable), is there any way of retrieving the original keys offline?" - If you do not have a copy of the key, then you are out of luck, there is no way to recover your files without the recovery key. – Ramhound – 2017-06-22T17:37:01.690
If it was that easy to bypass BitLocker encryption it would defeat the entire purpose of using it. – Moab – 2017-06-22T23:56:03.963
As I said, I have the key, it is stored in the registry, protected by the BitLocker encryption on the system partition. This is why you can't enable auto unlock unless the system partition is also encrypted. – Krumelur – 2017-06-23T06:49:08.430
This link seems to have all the steps I'd expect: https://social.technet.microsoft.com/Forums/Azure/en-US/d691044a-1888-47dd-bec5-105066ebe41a/bitlocker-autounlock-restore-data-without-recovery-key?forum=win10itprosecurity
– Jeremy Visser – 2019-08-15T13:36:35.227