Summary: Milad Aslaner, a Microsoft Premier Field Engineer based in Germany, walks us through a real-life scenario and lessons learned on how he managed to recover a hard drive that was partially decrypted. Enjoy!
Recently a good friend of mine was decrypting the secondary hard drive of his laptop. While decrypting, his computer crashed and then his painful journey started. First of all, when trying to boot again, Windows was stuck in the OS Loader instance, so he was just seeing the Windows Logo and a spinning wheel. He waited more than 20 minutes without any success. After a bit of panic he then decided to take out the secondary hard drive to try to access the operating system.
Since he changed the hardware configuration (removed an internal HDD), the primary HDD was requesting his recovery key. Luckily he is one of the rare people who actually saved their BitLocker recovery key so at least this was not another problem.
Once in Windows he plugged in his secondary hard drive and you could see on the screen that the decryption work was continuing. But nada! After a few seconds it resulted in a blue screen.
Very frustrating, as you can imagine, and he gave it a few more tries but the issue persisted. The computer always ended up in a blue screen. That was the time when I came to play. I took a look and was thinking about what the best approach would be. To be honest, I did not want to spend hours of analyzing memory dumps but I was of course willing to help since he’s a good friend of mine.
The solution came about by using the manage-bde command line tool (which can be used in place of the BitLocker Drive Encryption Control Panel item). First I tried using manage-bde –off <drive> but that didn’t help at all. Then I thought, alright, what happens if we use manage-bde –resume <drive>, but that didn’t help either. What finally helped was manage-bde –on <drive>.
Manage-bde –on <drive> is used to start the encryption process. So what happened on the screen was that the decryption progress GUI (which was at around 60%) changed to a encryption progress GUI and had 40% of the encryption completed.
After waiting some time the encryption was in the end successful and my friend didn’t lose his important data.