Hard drives crash, solid state drives fail, it is not a matter of if but when. On personal PCs we store personal information including tax filings and businesses store a vast amount of sensitive data, disk level encryption has become common. In the event you don’t have a backup how does disk level encryption affect the chances of BitLocker data recovery?
If your hard drive fails for semi-catastrophic failure such as a power spike damaging the Printed Circuit Board (PCB), chances are there will be no problem recovering the data. The damaged PCB can be repaired and in most cases all of the sectors can be read or recovered. In contrast, read/write head crashes can pose a serious problem for the recovery of an encrypted hard drive. BitLocker uses meta data to provide the users “Key ID” and other user related data.
When doing a BitLocker data recovery from a head crash the defective head assembly is removed and a compatible donor set is installed and aligned to replace the failed set.
In the best case scenario, the defective heads did not impact the platter surfaces and all sectors are recovered and cloned to a donor drive. In many cases the defective heads have impacted the platter surface in varying degrees and compromised the ability of the new read/write heads to read them. This can cause problems when company administrators store encryption keys sorted by “Key Id’. In the event there are unreadable sectors where the BitLocker stores metadata i.e. the Key ID, the administrator may have no way of knowing what the encryption key is for that particular hard drive.
The reason for this is in Enterprise versions of Windows supporting and deploying BitLocker to users, encryption keys and the Key Id are stored in Active Directory. When you insert a drive with BitLocker encryption into a Windows system that supports BitLocker as a secondary or non-boot drive, you will see a dialog box appear stating this drive is protect with BitLocker and it will provide the Key id.
In the corporate world, it is always a good idea to know your encryption key and keep it in a safe place or make sure the keys are not only stored in Active Directory but an additional reference such as a drive serial number can be used to identify the encryption key.
If you are a home user the same will apply, keep your key on a thumb drive you keep with you are even back it up to your Microsoft account.
Finally, never format a BitLocker or any other encrypted drive without making absolutely sure that you have your data backed up. There is no way to do BitLocker data recovery from a hard drive, solid state drive or any other storage media that was encrypted after format.
In the event all else fails there are some tools to help retrieve your key id and other info: M3 Bitlocker Recovery