Re: Bitlocker swap file

Posted: 12-12-2006, 04:32 AM

Jamie Hunter [MS]

Guest
Posts: n/a

BitLocker encrypts the page file (swap file), and even encrypts crash-dump
files and hibernation files (things often overlooked). Only the boot files
and portions of metadata are in clear text, none of which provide any
sensitive information.

Because BitLocker was designed in conjunction with Vista, these special
files are handled seamlessly, allowing all the OS functionality you would
expect... securely without requiring special workarounds.

When BitLocker is enabled, it encrypts the volume carefully to ensure that
no data is left unencrypted, and to ensure that if the computer crashes in
the middle of conversion of the volume, it is recoverable.

As I've never installed CompuSec, I can't give you a comparison, but why not
try both out and see which meets your needs better?

Things to consider when comparing products, for example, is if you use a
user-remembered password for boot authentication, how easy is it to crack?
When using TPM+PIN, then the TPM hardware helps mitigate brute-force
attacks, making an easily remembered PIN harder to crack than many password
solutions. The TPM also detects tampering of pre-boot files.

-
Jamie Hunter [MS]

"lvjobhunt" <lvjobhunt@discussions.microsoft.com> wrote in message
news

3186967-544F-4776-9FFA-8A123A438E28@microsoft.com...

> Does bitlocker ecrypt the swap file? Is there anything on a bitlocker
> driver
> that can be recovered?
>
> How does this compare to freeware like compusec.

Responses to "Re: Bitlocker swap file"

Roof Fiddler

Guest
Posts: n/a

Re: Bitlocker swap file

Posted: 12-12-2006, 02:54 PM

"Jamie Hunter [MS]" <jamiehun@nospam.microsoft.com> wrote in message
news:E830023B-789D-4F6C-ACF5-B9D6D55B02F3@microsoft.com...

> portions of metadata are in clear text

Which portions exactly?

niknik

Guest
Posts: n/a

Re: Bitlocker swap file

Posted: 12-12-2006, 05:56 PM

The three .fve blob in system volume information. when you read thos
under a live system they are filled with \x00
The $Boot file is also not encrypted. There are probably other boo
files
How does BitLocker know which files are encrypted and which are not

--
nikni
-----------------------------------------------------------------------
niknik's Profile: http://vista64.net/forums/member.php?userid=63
View this thread: http://vista64.net/forums/showthread.php?t=2909

Jamie Hunter [MS]

Guest
Posts: n/a

Re: Bitlocker swap file

Posted: 12-12-2006, 06:59 PM

Specifically $BOOT is the first 8K of the disk, and contains information
such as file-system size; unused boot code; and some "snapshot" information.
It also points to the first copy of BitLocker metadata (see
http://blogs.msdn.com/si_team/archiv...bitlocker.aspx).
Each copy of metadata (shadowed by the three .fve files in system volume
information) point to each other. The primary structure is decrypted, but
contains encrypted components. The entire structure has a MAC (Message
Authenticity Check).
The final piece of decrypted data is the backup boot sector at the end of
the volume immediately after the file-system. That's 5 decrypted and easily
identifiable regions in total. None of which contain sensitive information.

An example of decrypted data in the metadata is a label that helps identify
the volume and key labels to help find the recovery key.
An example of encrypted data in the metadata is the VMK (Volume Master Key)
encrypted by an externally provided (or TPM provided) key; and the FVEK
(Full Volume Encryption Key) encrypted by the VMK.

Hope this helps?
-
Jamie Hunter [MS]

"niknik" <niknik.2ipsca@no-mx.vista64.net> wrote in message
news:niknik.2ipsca@no-mx.vista64.net...

>
> The three .fve blob in system volume information. when you read those
> under a live system they are filled with \x00.
> The $Boot file is also not encrypted. There are probably other boot
> files.
> How does BitLocker know which files are encrypted and which are not?
>
>
> --
> niknik
> ------------------------------------------------------------------------
> niknik's Profile: http://vista64.net/forums/member.php?userid=637
> View this thread: http://vista64.net/forums/showthread.php?t=29093
>

niknik

Guest
Posts: n/a

Re: Bitlocker swap file

Posted: 12-13-2006, 01:58 AM

Yes - this completely answers my last question.

I guess since BitLocker is a Full Volume Encryption (hence the .FVE
extension) it only encrypts the OS volume and not the BCD partition
needed for the booting or any other partitions.

Does BitLocker support external volumes yet?

Thank you.

--
niknik
------------------------------------------------------------------------
niknik's Profile: http://vista64.net/forums/member.php?userid=637
View this thread: http://vista64.net/forums/showthread.php?t=29093

Josh

Guest
Posts: n/a

Re: Bitlocker swap file

Posted: 12-13-2006, 04:22 AM

you can encrypt other volumes if you use the managebde script. Tread
lightly however is my best advice as you really need to understand what you
are doing here to do it correctly. Be sure to escrow that key.

--
Josh
http://windowsconnected.com

"niknik" <niknik.2iqeln@no-mx.vista64.net> wrote in message
news:niknik.2iqeln@no-mx.vista64.net...

>
> Yes - this completely answers my last question.
>
> I guess since BitLocker is a Full Volume Encryption (hence the .FVE
> extension) it only encrypts the OS volume and not the BCD partition
> needed for the booting or any other partitions.
>
> Does BitLocker support external volumes yet?
>
>
> Thank you.
>
>
> --
> niknik
> ------------------------------------------------------------------------
> niknik's Profile: http://vista64.net/forums/member.php?userid=637
> View this thread: http://vista64.net/forums/showthread.php?t=29093
>

niknik

Guest
Posts: n/a

Re: Bitlocker swap file

Posted: 12-13-2006, 06:25 PM

Thank you!

--
niknik
------------------------------------------------------------------------
niknik's Profile: http://vista64.net/forums/member.php?userid=637
View this thread: http://vista64.net/forums/showthread.php?t=29093

LinkBack

Thread Tools

Display Modes

« Can't Disable Startup Items in Defender | How to track focus? »

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Posting Rules
You may not post new threads You may post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Trackbacks are On Pingbacks are On Refbacks are On

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Swap file	~Jeff~	Windows XP Configuration & Management	4	12-10-2004 05:50 PM
Moving the swap file	Daniel Byrne	Windows XP Device Drivers	2	08-27-2004 07:21 PM
Swap file problems	null	Windows XP Basics	1	08-12-2003 10:11 PM
Swap file size	Donald Link	Windows XP Basics	4	07-01-2003 04:31 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90