Erasing drives for security

There are times when we want to erase all the data on a drive for security reasons, such as before we sell a computer we will want to be sure all private information is erased.

Other reasons to erase a drive include legal requirements and to be sure a virus is removed from a drive, for example, one hiding in the boot sector.

Erasing a drive is also called destroying the data, shredding the data, overwriting the data, wiping the data, sanitizing the drive and other terms.

When an operating system (Windows, MacOS, Linux) deletes a file, the data is merely marked for deletion and the data often can be recovered.  Formatting and partitioning drives to not explicitly destroy data either.  Data can also be found in drive slack space, bad blocks (remapped sectors) and Hidden Areas.

To erase a drive therefore requires that data (zeros or random numbers) be written to the entire drive.  The only way to really be sure all data is impossible to recover is to physically destroy the drive.

There are many applications that can overwrite data on a drive.  Some are freeware, some are commercial and Unix/Linux contains a utility that will do the job called “dd.”


DBAN (Darik’s Boot and Nuke) is a free utility that has been a favorite for years.  It has many methods of overwriting data including DOD methods.  Download it and make a bootable CD or USB.


KillDisk is a commercial product that is very popular.  It has many methods of overwriting data including DOD methods.  KillDisk has a free demo version that will only overwrite with zeros but this meets most needs.  KillDisk will generate a certificate to document the erasing of the drive and can run from a boot disk or an app in Windows or Linux.  The full Professional software license starts at $49.95.

Other sources of drive erasing utilities

Drive erasing is included in some applications such as CCleaner, Acronis True Image, MacOS.

Proprietary software such as those mentioned are closed source so we don’t know how they work.  Another issue is they may not work with RAID array controllers.  Some RAID array controllers have utilities built in to erase drives.

Unix/Linux dd utility

Unix and Linux have a very powerful utility included called “dd” which copies blocks of data from source to destination.  Copying zeros to every block of a drive can be as simple as

dd if=/dev/zero of=/dev/sda

The dd command requires knowledge of Unix/Linux.  Use caution, it will overwrite what you tell it to.   The “lsblk” command will show you your drives.  The dd utility can be used in a bash script to document a method and include information like start time, elapsed time, computer MAC address, drive serial number, drive size, type and more.  See below for an example script.

Using a disk editor you can prove to yourself that the drive is indeed filled with zeros (or random numbers if this is what  you choose to overwrite data with).

All drive overwriting methods take time, a lot of time, hours and even days for large arrays.

Example of a Linux bash script for deleting data on a server array set to RAID 0 and screen capture of a dd script.

echo “wiper”
echo “Run with root account command line: bash wiper &> outputfile.txt”
echo “Dell server”
echo “serial number”
echo “SCSI controller ”
echo “drive /dev/”
echo “SCSI”
echo “MAC Addresses:”
cat /sys/class/net/*/address
echo “Block Devices:”
echo “Start time:”
STARTTIME=$(date +%s)
echo “dd command: (example: dd if=/dev/zero of=/dev/cciss/c0d0 bs=512)”
dd if=/dev/zero of=/dev/sda bs=512
dd if=/dev/zero of=/dev/sdb bs=512
dd if=/dev/zero of=/dev/sdc bs=512
# dd if=/dev/zero of=/dev/sdd bs=512
# dd if=/dev/zero of=/dev/sde bs=512
# dd if=/dev/zero of=/dev/sdf bs=512
echo “End time:”
ENDTIME=$(date +%s)
echo “Elapsed time: (Integer values)”
echo “$(($ENDTIME – $STARTTIME)) seconds.”
echo “$((((($ENDTIME – $STARTTIME)) / 60))) minutes.”
echo “$((((($ENDTIME – $STARTTIME)) / 3600))) hours.”
echo “Task finished. ”

wiper.sd_linux_dd_Screenshot from 2017-09-12 16_09_59

Posted in Uncategorized | Tagged , , , | Leave a comment

ransomeware and WannaCry (WanaDecrypt0r, Wanna Decryptor)

Ransomeware holds your data for ransom by encrypting it then demanding a payment to unencrypt it.  If you don’t have a backup of your data or pay the ransom, you loose your data.  Your data includes all photos, videos, music, art, documents, financial and business data, in other words everything that you care about stored on your computer.

This version of ransomeware, WannaCry, was launched Friday May 12, 2017 and has infected more than 200,000 computers in 150 countries.  It asks for a payment of $300 or more for you to get back the data it has stolen. (1)

Screen capture of WannaCrypt

Screen capture of WannaCrypt

Example of WannaCry in the wild - at a train station in East Germany.

Example of WannaCry in the wild – at a train station in East Germany.

This virus attacks Microsoft Windows Computers.  Microsoft says that if you have the Windows Updates of March 2017 or later installed and Microsoft Antivirus you are probably not at risk. (2)  Most of the computers affected so far are on business LANs and have not been updated recently.

To protect yourself from this and other viruses, make sure your Windows and antivirus are up to date and automatically updating.

The Windows Update that you need

Check that you have the minimum required Windows security update by looking for it in Windows Update – Type Windows Update in your search box, Click on Windows Update, Click on Review your update history and look for an entry that reads something like

  • March, 2017 Security Monthly Quality Rollup for Windows …
  • 2017-05 Security Monthly Quality Rollup for Windows …

MS_windows_update_showing_March,_2017_Security_Monthly_Quality_Rollup window_update_2017-05_Security_Monthly_Quality_Rollup_for_Windows

Note the inconsistent naming.  Rollups are supposed to include previous months patches.  Also this particular SMS bug was patched singly by Security Update for Microsoft Windows SMB Server (4013389) described in Microsoft Security Bulletin MS17-010 – Critical March 14, 2017.

Suggestions to avoid viruses

Do not open attachments, links or documents in emails that you do not completely trust.

Keep your computer up to date – enable updates for the operating system and all software.

Use an antivirus and enable updates for it.

Back up your important data.


Ransomware has been around for a couple of years and will never go away, only get worse.

Microsoft has even offered a patch for this problem for the long shunned Windows XP.  Microsoft may be allowing some patching for “not genuine” copies of Windows.

This ransomware leverages code written/purchased/hoarded by the NSA which was stolen and released to Wikileaks.  This is a good example of why no government or organization should hoard bugs for their personal gain.  The responsible thing to do with bugs is to disclose them to the vendor so that they can be fixed to keep us all more secure.

Linux (and Unix variants OS X, iOS and Android) were not affected.  Just saying.

This ransomware leverages a bug in SMB to spread through a network.  A good router will block SMB traffic from the Internet to your LAN.  If a computer on the LAN gets infected it can infect every computer on the LAN.  The first computer usually gets infected by the user opening a phishing email and installing the virus on their computer from where it spreads.

Businesses will often delay updates to computers on their networks because they are afraid that the update will adversely interact with their critical business software.  Thousands of businesses just got bit in the ass because of this.

Backups are the only way to protect your data from any calamity.  The more important the data, the more copies you need, stored in more places.




A technical deep dive –

Posted in Uncategorized | Tagged , , , , , , , | Leave a comment

False security alerts and 800 phone number scams active now

Recently I have seen two computers taken over by false security alerts and 800 phone number scams.  Fortunately these two incidents were not destructive but they did require removing the scam settings to resume normal Internet web browsing.   Unfortunately some victims are falling for the scam, believing that their computer is infected with a bad virus and calling the 800 number on the screen to purchase the fix.

Example of a scam from the Internet.

Example of a scam from the Internet.

How these scams work

Suddenly the victim sees a big bold message on the screen saying that your computer is infected with viruses and that you must call the 800 phone number to fix it.

The big bold message is persistent – you can’t close the window or the pop-ups.  Rebooting the computer does not get rid of the message.

It blocks your Internet web browsing.

It tries to be convincing by stating a lot of technical jargon and using famous company names.

This is called “scareware” because it tries to scare you into buying bogus support or software.  It is criminal extortion.

Technically these scams work by setting your web browser’s home page their screen of false security warnings then make it difficult to close the windows or navigate away.

These threats are not destructive but remember there are plenty of destructive threats out there such as cryptoware and identity theft.


I have seen two versions of the scareware 800 phone number scam.  The first is a persistent web home page.  The second is a registry entry that will autorun to display a web page after installing Chromium.  Both are not viruses or destructive.  Both can be removed.

Scareware #1

virus warning

Appearance:  A persistent web page saying that the computer is infected and to call the 800 phone number.  You can’t close the web page and restarting the browser returns the web page.  Rebooting does not help.

Audio.  There may be an audio track with warnings.

Screen:  Contains scare words including Trojan, worm, Infection, hijack, virus, threats.”

What the scammers want you to do:  The 800 number routes to India where a “tech” will remote into your PC using logmein and convince the user that they have viruses in their PC and network.  They will offer to fix it for a 1 year subscription $199, or a lifetime subscription for $500, payable by credit card.

How it works:  The scam sets your browser home page to their scare web page or a local copy and makes navigating away difficult.

Repair:  What you need to do is reset your home page.  A little technical, here is the outline for Windows.  Start process manager <ctrl><shift><esc>, application tab, find your browser, right click on it, left click End Process, restart browser, when it asks restore say no.  Done!


Scareware #2

Appearance:  Upon booting the computer a Chromium browser web page takes up the screen saying that the computer is infected and to call the 800 number.  You can’t close the web page and restarting the browser returns the web page.  Rebooting does not help.  The scare page may run popup windows that will not close.  Note that this is the Chromium browser not the Google Chrome web browser.  Malware bytes will find malware and remove it but the scam returns next boot.

Screen:  Various threats, explanations, including “Hyper-V”

The Hyper-V scam popup window.

The Hyper-V scam popup window.

How it works:  The scam has installed Chromium browser and added an autorun entry to the registry to autorun chromium with their web page (local file) as the home page.

Repair:  What you need to do is remove the registry autorun entry and delete the Chromium directory.  A little technical, here is the outline for Windows.  Run MalwareBytes and make note of the chromium autorun entry and directory.  Manually delete the chromium autorun entry (run regedit, back up your registry, find and delete the entry) and delete the directory that contains the bogus Chromium installation.

Nerds and Geeks can help

If you are not sure about the repair steps, consult with your local nerd or geek.


These steps will remove this fake scareware scam but there is always the threat that other malware may have been installed along with it or your computer has vulnerabilities.  Update all software.   Run anti-virus scans and software or reinstall Windows.

Your antivirus is a good first line of defense.

I recommend MalwareBytes as an on demand anti-malware scanner or as a realtime scanner with a subscription.

Time to re-educate yourself on safe Internet –

  • Email: Do not open attachments or click links in email that you are not certain are OK
  • Software: Do not accept software, downloads, or links that are offered
  • Be smart: Do not give out personal information
  • Backup: Make copies of your important data
  • No: If you are not sure, don’t do it


Cryptovirus, Encrypting virus.  This is an especially bad virus; it will encrypt your data and ask for money to unencrypt it.  This is extortion.  If you have backups you can recover.  If you don’t have backups and the bad guys wrote a good virus likely your only way to get the data back is to pay the ransom.  There are some loopholes – there may be file backups with shadow copies not deleted, possibly the crypto virus will have been cracked and keys available or you may have some backups in the cloud (Google Drive, Microsoft OneDrive, Dropbox) or on another device.


Today show host gets caught by the scam, Jeff Rossen explains:

YouTube video of Jason Smart removing this scam:

YouTube video of Dylan interacting with the scammers:

Posted in Uncategorized | Tagged , , , , | Leave a comment

Using Windows Part 1

Windows 7, 8 and 10 logos

Windows 7, 8 and 10 logos

There are a lot of user guides out there.  Here is one more.  This guide is based on my experience using Windows and teaching others to use Windows.  It  has information for both beginners and experienced users.


Part 1 covers the following skills

  • Mouse
  • Navigating Windows
  • Copy and paste


The mouse cursor shows where the mouse location is on the screen.  The cursor will change depending on its location and function.  Some examples

  • Pointer
  • Insert text location
  • Click link
  • Resize window


The mouse has a left button, right button and center scroll wheel.

The left button can be clicked, double clicked or clicked and held down.

One left click can be used to select an object or menu option or open a web page (follow a link).

A rapid double click on an icon will start the application.  If you are too slow with your double click or move the mouse during the double click you won’t get the expected result.

Holding the left mouse button down while moving the mouse is called dragging.   Dragging is useful for highlighting text, resizing windows and moving objects.  The drag operation  consists of first pointing to the object, pressing down and holding down the left mouse button, moving the mouse to the  end or destination then releasing the left mouse button.

Highlighting text and dragging are important useful skills and further discussed below.

The right mouse button is used to right click on an object to bring up a convenient menu of things that can be done to the object such as copy, delete or view the properties.

The center scroll wheel is convenient for scrolling up and down long web pages and documents.


Highlighting text is also called selecting text.  The highlighted text will be shown with a different background indicating that it is selected and looks like it was highlighted with a text highlighter pen.

Yes it can be confusing – click or double click.  Icons are little pictures that represent an application and are double clicked.  Links are text,  typically a different color and underlined, that are single clicked to take you to a web page or open an application.

Navigating Windows

The computer screen

The main features of the Windows computer screen are the desktop and a taskbar running across the bottom of the screen.   Clicking the Start Button will bring up the applications menu.


The desktop is where windows will open when you run applications (programs) such as the calculator.   Each open window will have a corresponding button on the taskbar.


Using application windows on the desktop

Note that “Windows” capitalized refers to Microsoft Windows Operating System whereas “windows” is a viewing area on the computer display screen.

Windows is a multitasking operating system so open as many windows as you need.  You will learn to move between windows and resize them.

Only one window at a time will have focus.  Focus means where mouse clicks and commands will go.  The window with focus will be on top of all the windows, “in the foreground.”

Parts of a window

Each window has edges, corners and a title bar that runs across the top of the window.

Moving and resizing windows

To move the window, point to the title bar then left click down and hold the button down while moving the mouse to move the window.  This is dragging.

To resize the window, point to an edge or corner, the cursor will change to a double head arrow, then  left click down and hold the button down while moving the  mouse to resize the window.

The 3 buttons in the upper right of the window will minimize, maximize or close the window.  The minimized window will shrink to a button on the taskbar and the application will still be running.  The maximize button toggles the window between its current size and previous size.


Moving between windows

  • Click the corresponding button on the taskbar
  • Click on any portion of the window that is visible
  • Hold the Alt key down, press tab until you see the window that you want to have focus, release keys
  • Windows 10 – click the Task View icon on the taskbar (it looks like a box with ears)

Moving within the viewport

The viewing area of a window is called the viewport and shows the visible area of the web page or document that fits in the viewport.


The scroll bars allow you to move up/down and left/right on a page when it does not all fit in the viewport.   Scroll bars have several ways to move the viewport  – click the arrows at the ends to move incrementally, click in a space on the scroll bar to move a page in that direction, left click and hold down the button on the scroll bar (called a “thumbtrack”) and drag to any location on the page.  The thumbtrack size indicates how big the page is and the current location on the page (ie a small thumbtrack towards the bottom indicates the page is lengthy and the current position is towards the end).


A mouse with a scroll wheel makes it easier to scroll up and down by rolling the wheel forward and backward.  Clicking the scroll wheel puts the mouse into an autoscroll mode, the speed and direction controlled by the position of the mouse.

Keyboard keys Page Up, Page Down will move the page up and down by one page respectively.  The Home key will take you to the top of the page, the End key will take you to the bottom of the page although some windows require Control-Home and Control-End.


The mouse pointer must be in the viewport for the scroll or page up/down functions to work.

The taskbar button icons for open windows can be configured to combine when taskbar is full, always combine or never combine according to user preference.

Laptop trackpads typically can be set up to scroll by finger movement on the right and bottom edges of the trackpad or by using 2 fingers to scroll up and down.

Close a window by pressing Alt-F4 (when it has focus).

Close a window by right clicking on its taskbar button and clicking Close window.

When the window title bar is not visible, move the window with the following keystroke sequence – Alt-Space bar, M, use arrow keys to move window.

Two features of the taskbar – on the left end is the start button to bring up the menus of applications installed on the computer and on the right end is the time.

Copy and paste

Copy and paste is a valuable technique for copying text from one place to another.  Why retype text when you can copy and paste it?  Here are some examples

  • Copy a web address and paste it into your web browser address bar
  • Copy information (like text) from one window to another
  • Copy a picture and paste it into a document

The copy and paste operation is 3 steps – highlighting, copy and paste.

Highlighting (selecting)

Before you can copy text, you must first highlight what you want to copy.

How to highlight what you want to copy with the mouse – point the mouse cursor where you want to start highlighting, hold down the left mouse button, move the mouse to where you want to end highlighting, release the left mouse button to complete the highlighting.  The highlighted text will be shown with a different background indicating that it is selected and looks like it was highlighted with a text highlighter pen.


Copy and paste with the keyboard

After highlighting your selection, copy it by holding down the Control key and tapping the C key.  This keystroke procedure is abbreviated in documentation as Control-C or <Ctrl><C>.

To paste your selection, click the mouse cursor where you want the text to be pasted then hold down the Control key and tap the V key.  The text will paste there.  Control-V.

And that is the basic copy and paste operation.  Highlighting, Control-C and Control-V.  Practice in a test document.


Two additional useful operations are cut and paste, and undo

Just as you can copy and paste you can cut and paste.  Cut means the original text will be removed by the cut operation.  The keystrokes to cut are Control-X.

Undo is useful to restore the previous copy-paste or cut-paste operation back to the way the text was before the operation.

More ways to highlight (also known as select) text

  • Double clicking on a word will highlight the word.
  • Triple clicking on a sentence will select the sentence (or sometimes paragraph).
  • Control-A will select all.
  • Highlighting text with the keyboard -place the cursor where to start highlighting, hold Shift key down, use arrow keys to  highlight (select) text.

To remove highlighting simply click anywhere.

More ways to copy and paste

Windows gives us two more ways to access the copy, cut, paste and undo functions – via the Menu Bar and by right clicking the mouse on the selection to pop up a menu of options.



When the Menu Bar is enabled, the Edit drop-down menu lists the operations to click on and conveniently shows the keyboard shortcuts.

Newer versions of Microsoft Office and WordPad have a ribbon instead of a menu bar.


The right click menu available in word processing and browser fields will show the operations available.  The paste operation is not available where text cannot be pasted.

  • The Undo operation will also restore deleted text.


The  text that is cut or copied is stored in a memory location called the clipboard or edit buffer.

The clipboard holds one item.  The clipboard can be pasted from multiple times.  The next copy command replaces the old item with the new item in the clipboard.  When the computer is turned off, the clipboard is cleared.

The copy, cut, paste and undo operations work with pictures and files also.

The file manager (also called the computer folder) has a few more selection functions including click and drag to select a group of files, Control-click to select/unselect files, and select a range by clicking the first item of the range then Shift click the last item of the range.

A similar operation will move text – highlighting, click on the text, drag and drop.

These commands also work in Linux and Mac OS X.  For Mac OS X substitute the Command key (it looks like a freeway interchange) for the Control key.

Similar commands work in Android and Apple iOS.  Press and hold the text that you want to select, a menu will appear with options – SELECT ALL, CUT, COPY.  Tap an option.  Press and hold where  you’d like to paste to and a menu will appear with options – PASTE and tap that to paste there.

action keyboard menu bar right click
copy Control-C Edit, Copy Copy
paste Control-V Edit, Paste Paste
cut Control-X Edit, Cut Cut
undo Control-Z
Posted in Uncategorized | Tagged , , , , , | 1 Comment

Whole Disk Encryption (WDE) is good security for your data

disk_with_chainWhole Disk Encryption (WDE) is the technology to encrypt the entire drive of a computer to prevent unauthorized access to the data on the drive.

WDE is required for laptops used by many organizations such as government, health care, finance and business.

WDE is good for anyone who wishes to securely protect their data.

All Operating Systems and all drives can be encrypted with built in software or add on software.

This document is about encrypting the computer’s system drive so that a password is required to boot and access any data on the drive.  This document covers Windows (BitLocker and alternatives), Mac and Linux WDE.

Note that WDE adds an additional level of security by encrypting the entire system disk in addition to your computer’s logon account (username and password).  You will have 2 account passwords (also known as keys) to manage.  Depending on  how WDE is installed, you may or may not be prompted for the WDE key.


Microsoft calls their WDE solution BitLocker and it is available in some versions of Windows.  The Home versions do not have WDE available.  BitLocker and is available with the following versions  of Windows.

  • Windows Vista Ultimate and Enterprise (not Business)
  • Windows 7 Ultimate and Enterprise (not Professional)
  • Windows 8.1 Pro and Enterprise
  • Windows 10 Pro and Enterprise

If you have a Home version of Windows or a version not listed above you are out of luck with BitLocker unless you want to upgrade to an available version that does have BitLocker.   Windows 7 and 8.1 Anytime Upgrades apparently are no longer available from Microsoft.  Windows 10 Home to Pro is available for 99USD (Click Start > Settings > Update & security > Activation > Go to store to see options).  Windows Pro full version or OEM can be found for 199USD or less.  Don’t buy cheap licenses from questionable sources.

Fortunately there are some non-Microsoft WDE solutions available discussed later.

BitLocker is designed for business class and enterprise computers with a Trusted Platform Module (TPM) and loaded with a Pro or Enterprise version of Windows that contains BitLocker.  Business class computers are built more durable, have a TPM and are more expensive than home computers and laptops.

The TPM is a hardware module that performs cryptography functions and interacts with the computer hardware and software to strengthen encryption.

If you are encrypting your business laptop, let your IT department help you.

Bitlocker with a TPM  is straightforward to install and invisible to the user.

There are workarounds for Windows computers without a TPM.

For the home or small business user you can enable BitLocker with or without a TPM.  BitLocker without a TPM requires a USB drive with the key file stored on it or typing in the lengthy key when the PC boots.

Here are my experiences with Bitlocker without a TPM and with a USB

The PC must recognize the USB drive in BIOS during the boot to work with BitLocker.  A wonky USB drive (ie partition issues) can prevent BitLocker from installing or working.  After a successful encryption with BitLocker, the booting PC will present you with a black screen saying “Remove disks or other media.  Press any key to restart”  I found this message confusing.  Don’t remove your USB drive with the key file, just press Enter.

The USB drive can be removed after booting to free the USB port.  The USB drive with the key file must be plugged into a PC USB port, not a USB hub port.  There are reports that direct motherboard USB ports and not USB 3.0 ports are better so if you have issues, try a different USB port.

How to enable BitLocker with a USB drive

First you need to change two settings with the Local Group Policy Editor.  Click Start, type in gpedit.msc in the search box.  In the Local Group Policy Editor snap-in, navigate the tree Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives  then double click Require additional authentication at startup.  This will open a window, click Enabled, check the box Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive) then click Apply then OK and exit Group Policy Editor.

Local Group Policy Editor - BitLocker require additional authentication at startup  - screen

Local Group Policy Editor – BitLocker require additional authentication at startup – screen

Next we will use the Manage BitLocker utility to encrypt the drive.  Click Start, type in BitLocker and click on Manage BitLocker.  Here you’ll see your C: drive.  Click the link Turn on BitLocker.  Follow prompts.  See BitLocker resources below.

BitLocker Drive Encryption - manage Bitlocker

BitLocker Drive Encryption – manage Bitlocker

The Run BitLocker system check always puts me in a loop so I uncheck that box when I see it.

The Run BitLocker system check always puts me in a loop so I uncheck that box when I see it.

BitLocker Windows 7 Ultimate in the process of encrypting the system drive.

BitLocker Windows 7 Ultimate in the process of encrypting the system drive.

BitLocker resources

SecureDoc by is a WDE solution for all versions of Windows, does not require a TPM and is FIPS 140-2 certified. The standalone/unmanaged version is about 110USD.

There are free WDE solutions for Windows that do not require a TPM and are secure.

VeraCrypt is a fork of TrueCrypt.

TrueCrypt is still used even though support has been discontinued.  A recent independent audit of the code found it sound.


WDE is available on Mac computers with OS X Lion or later.  It is called FileVault.


WDE is available in modern Linux distributions and can be easily enabled during the installation of Linux on the computer.  It is called Linux Unified Key Setup (LUKS) and dm-crypt.

TrueCrypt is still used even though support has been discontinued.  A recent independent audit of the code found it sound.

DiskCryptor – full disk encryption only.  I have no experience with this product.

Don’t lose or forget your keys and passwords!

Forgetting or losing your passwords or keys can result in total loss of your data!  In an enterprise situation, your IT department can help recover passwords.  But in a standalone, unmanaged, you own your personal computer situation losing passwords can be a disaster.  Encrypted data cannot be recovered.  That is why it is encrypted.

Always backup your data before encrypting.

Always make copies of your WDE key.  The BitLocker key is a 48 character long number.  It is stored in a file on the USB drive for easy unlocking during booting.  If you don’t have the USB you can manually type in the key to unlock during booting.

Make copies of the USB drive with the key file, make copies of the file, print the file and/or store it at your Microsoft account, whatever works for you.

A BitLocker key file.

A BitLocker key file. The identification ID identifies the computer this recovery key is for (useful if you have multiple computers protected by BitLocker).

Safeguards for keys.


Microsoft Enterprise networks and commercial WDE software for Windows Enterprises can be configured to store WDE passwords so the data can be accessed if the user forgets the password.

See the information in the section above “Don’t lose or forget your keys and passwords!”

When you are logged on to a Windows PC with BitLocker enabled, the key information can be displayed by the command (run as administrator) “manage-bde –protectors c: -get”


Demonstrating the command to reveal the ID and Password for WDE. This will unlock WDE but you still need your computer account credentials to log on.


Mac FileVault can be recovered with a password or recovery key.  Recovery can be configured with an iCloud account to assist with disk unlocking.


VeraCrypt and TrueCrypt both require that you burn a rescue disk CD during system drive WDE which will help recover damaged boot loaders but you still must know your account password.

How secure is WDE?

Windows BitLocker is closed source software so we don’t know exactly how it works and if it has a back door.  There is a driver available that allows Linux to read a BitLocker drive and that makes me wonder about the security of BitLocker – if these people could reverse engineer or figure out the API for BitLocker, what else is known?

SecureDoc is closed source.

TrueCrypt is open source and has passed audit.

VeraCrypt is open source.

Who knows what the NSA can do.


WDE programs can also encrypt other drives and USB drives.

FIPS 140-2 is a Federal Information Processing Standard that is used to approve and certify cryptographic modules including WDE.  Organizations may require that hardware and software is FIPS 140-2 certified.


Posted in Uncategorized | Tagged , , , , , , | 2 Comments