I only know that Bitlocker have Master Key Backup if we forgot our password. But how to prevent if there's bad sector or corruption at the Headers?
Asked
Active
Viewed 597 times
2
-
You should make a unmounted byte-by-byte backup of the entire thing if possible. https://askleo.com/back-up-encrypted-disk/ – Gantendo Apr 18 '22 at 10:24
-
BitLocker has its recovery key – Ramhound Apr 18 '22 at 11:52
-
@Ramjound But if I remember correctly the recovery key does not directly generates the Full Volume Encryption Key, instead it is just an additional key protector so you can get the Volume Master Key. This means if the FVE metadata part(s) are gone where the encrypted Full Volume Encryption Key is saved in, the master key can not be recovered. If I understand the Bitlocker header description correctly the FVE metadata is kept in three copies. – Robert Apr 18 '22 at 13:17
-
@Robert - You are correct. The BitLocker recovery key cannot be used to decrypt the drive. However, it's required, in the event of any applicable system configuration. You can really only prevent a header corruption or bad sectors by creating 1:1 clones of the drive. I suppose you could in theory just backup the BitLocker header using the appropriate third-party software. – Ramhound Apr 18 '22 at 14:28
-
@Ramhound is that kind third party software exist? I think it's too risky to use encryption if we cant backup the header like veracrypt. Do you think its better for me to not using bitlocker anymore? – Apr 18 '22 at 20:10
-
@anyanya - There are dozens of disk imaging software that exist that have no problem creating 1:1 images of a disk. I can't tell you if you should or shouldn't use BitLocker. You shouldn't be using BitLocker if you don't have a data recovery plan, nor should your data, only exist on encrypted volumes. However, I know nothing about your workflow, so my opinion on the subject would be worthless. – Ramhound Apr 18 '22 at 20:40
-
1no i mean is there any software that can backup bitlocker header only? just like veracrypt? I cant do 1:1 backup because I only bitlock my backup external, not the source daily use. So I have desktop with non encrypted drive.. and I make backup of my desktop to external drive and encrypt it with bitlocker. So of course I cant do 1:1 backup. I want to make header backup only if I can – Apr 18 '22 at 20:45