BitLocker - Used Space Encryption on used Laptop?


  1. Posts : 523
    Win10
       #1

    BitLocker - Used Space Encryption on used Laptop?


    I tried several times to encrypt the entire disk after reinstalling Windows 10 but it always took for ever (usually 10 hours) to fully encrypt my internal 320GB drive. I managed to run bitlocker successfully by encrypting only used space. My question is should I run cipher.exe /w to wipe all unused space as this is an old laptop?

    I have found manage-bde -w c: to wipe free disk and this is now working ok.

    How does Bitlocker work when only encrypting used space - i.e. if I write a file to the disk I assume it automatically encrypts it, but if I then delete that file is the space no longer encrypted and therefore open to hackers?


    Look forward to your comments.
    Thanks!
      My Computer

  2. lx07's Avatar
    Posts : 5,477
    1903
       #2

    win10freak said:
    How does Bitlocker work when only encrypting used space - i.e. if I write a file to the disk I assume it automatically encrypts it, but if I then delete that file is the space no longer encrypted and therefore open to hackers?
    If you take a disk and set bitlocker to encrypt only used space it will encrypt the blocks used by the filesystem. If there was some old deleted stuff on the disk when you started that could in theory be recovered. After turning on bitlocker all new files are encrypted. They are not decrypted when you delete them and these deleted files can't be retrieved.

    win10freak said:
    I tried several times to encrypt the entire disk after reinstalling Windows 10 but it always took for ever (usually 10 hours) to fully encrypt my internal 320GB drive.
    If you have ever encrypted the whole disk you only need to encrypt used space if re-installing. It will not be possible to retrieve anything from the remaining space on the disk as it was previously encrypted.
      My Computer


  3. Posts : 523
    Win10
    Thread Starter
       #3

    When one has a new drive for example with no data on it, and chose the option to encrypt only the used space, all data that is being added will be encrypted. That part I understand clearly.

    But what if that user decides to delete a confidential data or file?
    Will that deleted data still be encrypted even if used space option was selected?

    Remember, in the scenario above I am only referring to a new hard drive with no data at all that will be encrypted using the Used Space Only option.

    Scenario B

    Suppose the new drive is encrypted with Used Space Only and a user then decided to delete a bunch of data and the user then decides to reinstall Windows again by removing all the previous partitions that were there before should the user now select to encrypt the Entire Space?

    Or, the user should still select Used Space if the deleted files from before are still encrypted?
      My Computer

  4. lx07's Avatar
    Posts : 5,477
    1903
       #4

    win10freak said:
    But what if that user decides to delete a confidential data or file?
    Will that deleted data still be encrypted even if used space option was selected?
    Yes. Files are not decrypted when they are deleted. They just are removed from the master file table. If you tried to scan the free space to recover the file all you'd find is the encrypted data.

    win10freak said:
    Remember, in the scenario above I am only referring to a new hard drive with no data at all that will be encrypted using the Used Space Only option.
    There is no point encrypting the whole drive if it is new.

    win10freak said:
    Suppose the new drive is encrypted with Used Space Only and a user then decided to delete a bunch of data and the user then decides to reinstall Windows again by removing all the previous partitions that were there before should the user now select to encrypt the Entire Space?
    You could but there is no point. All of the data ever written to the drive was written encrypted so all that is on the disk once you destroy the partition table is fragments of encrypted files (unrecoverable) and unwritten space.

    The only time you need to encrypt the whole disk is when it has been used without bitlocker as (even if you destroy the partition table) there may be recoverable fragments from the previous installation and due to fragmentation they could be anywhere on the disk and not necessarily overwritten by a subsequent install.

    Note that in bitlocker environment there is also the system partition which contains the Windows boot loader and various files required by bitlocker. This is never encrypted (whether you choose to encrypt the whole disk or used space) but as no user data is stored in this partition it can be ignored for the sake of this discussion.

    win10freak said:
    Or, the user should still select Used Space if the deleted files from before are still encrypted?
    If I had bought a new drive I'd encrypt it used space only (assuming this was done immediately after installing Windows) and if I deleted stuff and reinstalled Windows I'd still encrypt it used space only.
      My Computer


  5. Posts : 523
    Win10
    Thread Starter
       #5

    Thanks for the super informative explanation on this - I might as well save this Thread. Very great information here.

    So once again, just to confirm this, once a new drive is encrypted (after Windows installation) with the Used Space option, and I add data on there, which of course, will automatically encrypt the data and then when I decide to delete the data, the data will still be encrypted EVEN if that data is deleted from the encrypted Used Space.

    And when I decide to reinstall Windows 10 again by wiping all the previous partitions and only leaving the Unallocated space for installation, It would be fine to select the Used Space option again (on the same drive)?
    Am I correct?

    Hopefully I got this one statement correct?
      My Computer

  6. lx07's Avatar
    Posts : 5,477
    1903
       #6

    win10freak said:
    So once again, just to confirm this, once a new drive is encrypted (after Windows installation) with the Used Space option, and I add data on there, which of course, will automatically encrypt the data
    Correct.
    win10freak said:
    ...and then when I decide to delete the data, the data will still be encrypted
    Correct

    win10freak said:
    ... EVEN if that data is deleted from the encrypted Used Space.
    In terms of what you are concerned about, yes.

    When you delete a file the record in the master file table (MFT) is deleted. This means that the address to the space on the disk where the data resided is no longer there (so it can't be seen in the file system) but what is on the disk may remain.

    This encrypted data remains on disk until it is overwritten by something else. It isn't "deleted from the encrypted used space" as such. The used space (which is files referenced in the mft) gets smaller and the space that was occupied by the deleted files becomes available for other files to be written to. Adding a new (encrypted) file may overwrite this immediately, or, it may be written elsewhere on the disk entirely.

    A better way of looking at it is when you encrypt used space you encrypt all parts of the disk containing files at the time you do it. The used space (according to the file system) can grow and shrink as you add and delete files but the space on disk containing encrypted files (whether visible through the file system or deleted) can only ever grow as all new files are encrypted and deleted files are not decrypted. .

    win10freak said:
    [/B]And when I decide to reinstall Windows 10 again by wiping all the previous partitions and only leaving the Unallocated space for installation, It would be fine to select the Used Space option again (on the same drive)?
    Am I correct?
    Correct. That would be fine.
      My Computer



  7. Posts : 523
    Win10
    Thread Starter
       #7

    I would like to use the Used Space Only option as that is still the only faster way of encrypting.
    Let me make a correction here regarding my original Thread question.
    As I recall, I did select to encrypt the Used Space Only option since I did not have any deleted data that was sensitive. However, I did a few clean reinstalls with choosing BitLocker to encrypt the Used Space.

    So my only concerns was these:

    1. Will deleted files be De-crypted if Used Space Only was encrypted?
    2. If I were to reinstall Windows again, would it be fine to select Used Space Only again?

    So those were my only two concerns, since I ALWAYS used BitLocker to encrypt the Used Space only.
      My Computer

  8. lx07's Avatar
    Posts : 5,477
    1903
       #8

    1. No. Deleted files are not decrypted.
    2. As long as the original deleted data was not sensitive (as you say) then yes it would be fine.
      My Computer


 

Related Threads
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 06:39.
Find Us




Windows 10 Forums