Using Windows “BitLocker”
BitLocker is the whole-volume encryption technology in Windows. Under BitLocker, the contents of the hard disk can only be accessed once the appropriate password (“key”) has been provided.
BitLocker is available in the following editions of Windows:
- Windows Vista Ultimate & Enterprise;
- Windows 7 Ultimate & Enterprise;
- Windows 8/8.1 Pro & Enterprise; and
- Windows 10 Pro & Enterprise.
Depending on the capabilities of your computer, the password may be in the form of a PIN or password that is entered when the machine is turned on, or by the use of a USB key. If the machine has a TPM (Trusted Platform Module) chip, the password is stored in the hardware, so no intervention is required at startup.
- If using a PIN, do not write the PIN on the machine. You should memorise it only.
- If the machine is in an environment where theft is a possibility, it should be shut down.
This could be if it is left in a car, at the office, or in your home when you are not there. The machine being in transit also poses a risk, such as in taxis, aircraft etc.
This is particularly important for notebook machines, which can be easily moved without powering off. Desktop machines can only be moved by disconnecting from the power, and so the need to shut them down when left unattended is not as great.
BitLocker is most useful to mitigate against the loss of data if a machine is stolen. However, this only works if the machine is off when the attacker attempts to gain access. If the machine is on, some methods of data retrieval are available.