How to avoid explicit signs of BITLOCKER encryption


  1. wosxis
    Posts : 12
    windows 10
       New #1

    How to avoid explicit signs of BITLOCKER encryption


    Please only replies from people who have at least some knowledge of the topic.

    Is there any solution to create a Windows 10 Bitlocker encrypted installation and to remove as many indicators as possible that indicate the system is actually Bitlocker encrypted?
    This would be useful, for example, in case that someone who wants to access your data and sees there is a Bitlocker encrypted system in your device forces you to divulge the password. The solution isn't meant to counter forensic analysis or create full plausible deniability but at least to achieve some plausible deniability by removing clear and obvious signs of a Bitlocker encrypted system and if possible remove them all.

    I was thinking a solution could be by having two installations of Windows 10 on the same device, one installation is clear and the other is Bitlocker encrypted but in this case the clear signs of Bitlocker would be:
    - the boot manager displaying two Windows options
    - the Bitlocker bootloader asking for password (it would be useful to be able to store it in an external usb key)
    - the Windows system reserved partitions which, I'm not sure, could store Bitlocker reserved data
    - the clear Windows installations would show the Bitlocker encrypted partition

    Do you have any solution or suggestions to achieve this?
      My Computer
    Quote Quote

  3. sygnus21
    Posts : 5,899
    Win 11 Pro (x64) 22H2
       New #2

    Not quite sure I understand your question/reasoning?

    I use BitLocker, and have been using it a while. Currently using it now. There are indicators a drive is BitLockered via a lock icon on the drive using BitLocker, and from the BitLocker Drive Encryption panel telling you what drives are using BitLocker.

    You can also find the status using Command Prompt, or Powershell... Check BitLocker Drive Encryption Status in Windows 10

    All that said, I'm not aware that this info can be hidden. Fact is, I never thought about it. Anyway, and to be clear, forensics will detect the status of a drive and whether it was encrypted or not. Some things are deeply embedded only to be found with the correct tools.

    Oh, BTW, you can save a BitLocker key anywhere you want except on the drive being encrypted. That makes sense since you'd need to access the key to get into the drive. You can also have the key automatically saved to your Microsoft Account - this is the default setting if you have one.
      My Computers
    Quote Quote

  4. wosxis
    Posts : 12
    windows 10
    Thread Starter
       New #3

    Obviously I'm talking about "indicators" that the system is Bitlocker encrypted when it is shutdown, there is no reason if the system in on and the wrong user has already access to it :/
      My Computer
    Quote Quote

 

  Related Discussions
BitLocker encryption on Internal SSD drives?
in AntiVirus, Firewalls and System Security

I always enable BitLocker so that the ENTIRE SSD DRIVE is encrypted. My question is, does it really matter if I turn on BitLocker encryption before or after adding my data onto the Internal SSD drive of my laptop? I also use TPM with pre-boot...
BitLocker encryption on USB flash drives?
in AntiVirus, Firewalls and System Security

I just got myself a 64gb USB flash stick drive and would like to encrypt it with BitLocker encrypting the ENTIRE drive which is the way I prefer it to be. Is it safe to just encrypt the USB stick BEFORE adding data to it? Or, will it also be...
Disable Automatic Bitlocker Encryption
in AntiVirus, Firewalls and System Security

I purchased a new laptop and I noticed that right after my clean install of Windows 10 1903 using a Local Account, BitLocker was automatically encrypting my drive. This isn’t good, because I prefer to use the AES-256 cipher as opposed to the...
BitLocker - Used Space Encryption on used Laptop?
in AntiVirus, Firewalls and System Security

I tried several times to encrypt the entire disk after reinstalling Windows 10 but it always took for ever (usually 10 hours) to fully encrypt my internal 320GB drive. I managed to run bitlocker successfully by encrypting only used space. My...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 01:10.
Find Us




Windows 10 Forums