1.    21 Jul 2017 #1
    Join Date : Nov 2015
    Posts : 195
    Win10

    BitLocker - Used Space Encryption on used Laptop?


    I tried several times to encrypt the entire disk after reinstalling Windows 10 but it always took for ever (usually 10 hours) to fully encrypt my internal 320GB drive. I managed to run bitlocker successfully by encrypting only used space. My question is should I run cipher.exe /w to wipe all unused space as this is an old laptop?

    I have found manage-bde -w c: to wipe free disk and this is now working ok.

    How does Bitlocker work when only encrypting used space - i.e. if I write a file to the disk I assume it automatically encrypts it, but if I then delete that file is the space no longer encrypted and therefore open to hackers?


    Look forward to your comments.
    Thanks!
      My ComputerSystem Spec
  2.    21 Jul 2017 #2
    Join Date : Jul 2015
    Posts : 3,694
    10 Pro

    Quote Originally Posted by win10freak View Post
    How does Bitlocker work when only encrypting used space - i.e. if I write a file to the disk I assume it automatically encrypts it, but if I then delete that file is the space no longer encrypted and therefore open to hackers?
    If you take a disk and set bitlocker to encrypt only used space it will encrypt the blocks used by the filesystem. If there was some old deleted stuff on the disk when you started that could in theory be recovered. After turning on bitlocker all new files are encrypted. They are not decrypted when you delete them and these deleted files can't be retrieved.

    Quote Originally Posted by win10freak View Post
    I tried several times to encrypt the entire disk after reinstalling Windows 10 but it always took for ever (usually 10 hours) to fully encrypt my internal 320GB drive.
    If you have ever encrypted the whole disk you only need to encrypt used space if re-installing. It will not be possible to retrieve anything from the remaining space on the disk as it was previously encrypted.
      My ComputerSystem Spec
  3.    21 Jul 2017 #3
    Join Date : Nov 2015
    Posts : 195
    Win10
    Thread Starter

    When one has a new drive for example with no data on it, and chose the option to encrypt only the used space, all data that is being added will be encrypted. That part I understand clearly.

    But what if that user decides to delete a confidential data or file?
    Will that deleted data still be encrypted even if used space option was selected?

    Remember, in the scenario above I am only referring to a new hard drive with no data at all that will be encrypted using the Used Space Only option.

    Scenario B

    Suppose the new drive is encrypted with Used Space Only and a user then decided to delete a bunch of data and the user then decides to reinstall Windows again by removing all the previous partitions that were there before should the user now select to encrypt the Entire Space?

    Or, the user should still select Used Space if the deleted files from before are still encrypted?
      My ComputerSystem Spec
  4.    21 Jul 2017 #4
    Join Date : Jul 2015
    Posts : 3,694
    10 Pro

    Quote Originally Posted by win10freak View Post
    But what if that user decides to delete a confidential data or file?
    Will that deleted data still be encrypted even if used space option was selected?
    Yes. Files are not decrypted when they are deleted. They just are removed from the master file table. If you tried to scan the free space to recover the file all you'd find is the encrypted data.

    Quote Originally Posted by win10freak View Post
    Remember, in the scenario above I am only referring to a new hard drive with no data at all that will be encrypted using the Used Space Only option.
    There is no point encrypting the whole drive if it is new.

    Quote Originally Posted by win10freak View Post
    Suppose the new drive is encrypted with Used Space Only and a user then decided to delete a bunch of data and the user then decides to reinstall Windows again by removing all the previous partitions that were there before should the user now select to encrypt the Entire Space?
    You could but there is no point. All of the data ever written to the drive was written encrypted so all that is on the disk once you destroy the partition table is fragments of encrypted files (unrecoverable) and unwritten space.

    The only time you need to encrypt the whole disk is when it has been used without bitlocker as (even if you destroy the partition table) there may be recoverable fragments from the previous installation and due to fragmentation they could be anywhere on the disk and not necessarily overwritten by a subsequent install.

    Note that in bitlocker environment there is also the system partition which contains the Windows boot loader and various files required by bitlocker. This is never encrypted (whether you choose to encrypt the whole disk or used space) but as no user data is stored in this partition it can be ignored for the sake of this discussion.

    Quote Originally Posted by win10freak View Post
    Or, the user should still select Used Space if the deleted files from before are still encrypted?
    If I had bought a new drive I'd encrypt it used space only (assuming this was done immediately after installing Windows) and if I deleted stuff and reinstalled Windows I'd still encrypt it used space only.
      My ComputerSystem Spec
  5.    21 Jul 2017 #5
    Join Date : Nov 2015
    Posts : 195
    Win10
    Thread Starter

    Thanks for the super informative explanation on this - I might as well save this Thread. Very great information here.

    So once again, just to confirm this, once a new drive is encrypted (after Windows installation) with the Used Space option, and I add data on there, which of course, will automatically encrypt the data and then when I decide to delete the data, the data will still be encrypted EVEN if that data is deleted from the encrypted Used Space.

    And when I decide to reinstall Windows 10 again by wiping all the previous partitions and only leaving the Unallocated space for installation, It would be fine to select the Used Space option again (on the same drive)?
    Am I correct?

    Hopefully I got this one statement correct?
      My ComputerSystem Spec
  6.    21 Jul 2017 #6
    Join Date : Jul 2015
    Posts : 3,694
    10 Pro

    Quote Originally Posted by win10freak View Post
    So once again, just to confirm this, once a new drive is encrypted (after Windows installation) with the Used Space option, and I add data on there, which of course, will automatically encrypt the data
    Correct.
    Quote Originally Posted by win10freak View Post
    ...and then when I decide to delete the data, the data will still be encrypted
    Correct

    Quote Originally Posted by win10freak View Post
    ... EVEN if that data is deleted from the encrypted Used Space.
    In terms of what you are concerned about, yes.

    When you delete a file the record in the master file table (MFT) is deleted. This means that the address to the space on the disk where the data resided is no longer there (so it can't be seen in the file system) but what is on the disk may remain.

    This encrypted data remains on disk until it is overwritten by something else. It isn't "deleted from the encrypted used space" as such. The used space (which is files referenced in the mft) gets smaller and the space that was occupied by the deleted files becomes available for other files to be written to. Adding a new (encrypted) file may overwrite this immediately, or, it may be written elsewhere on the disk entirely.

    A better way of looking at it is when you encrypt used space you encrypt all parts of the disk containing files at the time you do it. The used space (according to the file system) can grow and shrink as you add and delete files but the space on disk containing encrypted files (whether visible through the file system or deleted) can only ever grow as all new files are encrypted and deleted files are not decrypted. .

    Quote Originally Posted by win10freak View Post
    [/B]And when I decide to reinstall Windows 10 again by wiping all the previous partitions and only leaving the Unallocated space for installation, It would be fine to select the Used Space option again (on the same drive)?
    Am I correct?
    Correct. That would be fine.
      My ComputerSystem Spec
  7.    21 Jul 2017 #7
    Join Date : Nov 2015
    Posts : 195
    Win10
    Thread Starter

    I would like to use the Used Space Only option as that is still the only faster way of encrypting.
    Let me make a correction here regarding my original Thread question.
    As I recall, I did select to encrypt the Used Space Only option since I did not have any deleted data that was sensitive. However, I did a few clean reinstalls with choosing BitLocker to encrypt the Used Space.

    So my only concerns was these:

    1. Will deleted files be De-crypted if Used Space Only was encrypted?
    2. If I were to reinstall Windows again, would it be fine to select Used Space Only again?

    So those were my only two concerns, since I ALWAYS used BitLocker to encrypt the Used Space only.
      My ComputerSystem Spec
  8.    21 Jul 2017 #8
    Join Date : Jul 2015
    Posts : 3,694
    10 Pro

    1. No. Deleted files are not decrypted.
    2. As long as the original deleted data was not sensitive (as you say) then yes it would be fine.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Bitlocker Device Encryption enabled after imaging
I am trying to create a Windows 10 image for my organization, and cannot figure out one particular issue with Bitlocker. It seems that after I sysprep, and throw the image on a new computer, it then has BitLocker partially enabled. What I mean is...
AntiVirus, Firewalls and System Security
Cannot resume bitlocker encryption after restart
I was trying to encrypt my USB external hard drive (1 TB, mounted to E:) using BitLocker, and after the encryption got 10.1% finished, I accidentally shut down the computer. After restarting, I tried to resume the encryption, but it gives me an...
AntiVirus, Firewalls and System Security
Solved New BitLocker Encryption Settings in version 1511?
Hi, I have Win 10 Pro and I set the Encryption method in Group Policy as being XTS-AES 256 instead of the default XTS-AES 128. Is XTS-AES 256 more secure than XTS-AES 128? https://technet.microsoft.com/en-us/library/mt403325(v=vs.85).aspx
AntiVirus, Firewalls and System Security
BitLocker Encryption Process? Used or Entire Disk Space?
Hello everyone, Since choosing to encrypt the ENTIRE drive with BitLocker which can take very long time to complete, can I encrypt the Used Disk Space only when re-installing Windows 10? When there is a need for me to reinstall Windows, here is...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 00:09.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums