Once I had a situation, my work laptop (based on M$ win7 as per choice of organisation) entered into most infamous “Blue screen of Death”. The hard disk was BitLocker encrypted and the data on it was very important for me due to its research value. Do you know how Linux helped me to recover my data ?
Dislocker can access BitLocker
Thanks to Romain Coltel who has designed dislocker to read BitLocker encrypted partition under Linux and Mac OSX systems
http://www.hsc.fr/ressources/outils/dislocker/
Dislocker into Live Linux
Any Live Linux image with gcc compiler, make, FUSE & PolarSSL Headers works well. I preferred lightweight Lubuntu/Xubuntu. 16.04 was the version I worked with. Download the iso image and prepare the USB bootable stick with unetbootin
Boot the system with this Live stick and become root
sudo -i
Install following for compiling dislocker. FILE or FUSE two decryption modes are available for dislocker. I went with fuse because each request for a piece of data in this mode takes the time to decrypt that data only.
apt-get install gcc cmake make libfuse-dev libmbedtls-dev ruby-dev
Download Dislocker, compile and install
wget http://www.hsc.fr/ressources/outils/dislocker/download/dislocker-0.7.1.tar.gz tar -xzf dislocker-0.7.1.tar.gz cd dislocker-0.7.1 cmake <strong>.</strong> #check the dot make make install
Find the target partition by
fdisk -l
decrypt BitLocker disk (assuming the partition /dev/sdcX in this example) either by user_password method -u or recovery_password -p
mkdir /mnt/bitlocker dislocker-fuse -r -V /dev/sdcX -u<password> -- /mnt/bitlocker OR dislocker-fuse -r -V /dev/sdcX -pxxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxx -- /mnt/bitlocker
Note: replace xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxx with BitLocker recovery_password -V = BitLocker volume -- = mark the end of program's options and the beginning of FUSE's ones -p = recovery_password -u = user_password -r = read only BitLocker volume
This generates a file dislocker-file which can be mounted by loop device for accessing the file as block device
mkdir /mnt/data mount -r -o loop /mnt/bitlocker/dislocker-file /mnt/data
All decrypted data are now available at /mnt/data
