Windows 10: BitLocker - Used Space Encryption on used Laptop?

I tried several times to encrypt the entire disk after reinstalling Windows 10 but it always took for ever (usually 10 hours) to fully encrypt my internal 320GB drive. I managed to run bitlocker successfully by encrypting only used space. My question is should I run cipher.exe /w to wipe all unused space as this is an old laptop?

I have found manage-bde -w c: to wipe free disk and this is now working ok.

How does Bitlocker work when only encrypting used space - i.e. if I write a file to the disk I assume it automatically encrypts it, but if I then delete that file is the space no longer encrypted and therefore open to hackers?


Look forward to your comments.
Thanks!

:)

 

Bitlocker - How secure is encrypting used space only?

Hi

In a nutshell, I bought windows 10 pro and wanted to use Bitlocker. I tried several times to encrypt the whole disk but it always got stuck at 54.2%. I ran chkdsk /f and sfc /scannow and no errors were found. I decrypted sucessfully and tried encrypting
again but it still got stuck in the same place.

I managed to run bitlocker successfully by encrypting only used space. My question is should I run cipher.exe /w to wipe all unused space as this is an old laptop?

Also, how does Bitlocker work when only encrypting used space - i.e. if I write a file to the disk I assume it automatically encrypts it, but if I then delete that file is the space no longer encrypted and therefore open to hackers?

Look forward to your comments.

 

Bit Locker

1. To set up BitLocker Drive Encryption, open the SEARCH (Windows Key + S, for example), type BitLocker, then click Manage BitLocker.



2. Select the drive that you want to encrypt, and click Turn on BitLocker.



3. Select how you want to unlock the drive.



4. Choose where you want to save the recovery key in case you forget your password.



5. Choose whether you want to encrypt the entire drive, or only the used space. If you encrypt only the used space, it will encrypt new data as added.



Start like this:

 

If you take a disk and set bitlocker to encrypt only used space it will encrypt the blocks used by the filesystem. If there was some old deleted stuff on the disk when you started that could in theory be recovered. After turning on bitlocker all new files are encrypted. They are not decrypted when you delete them and these deleted files can't be retrieved.

If you have ever encrypted the whole disk you only need to encrypt used space if re-installing. It will not be possible to retrieve anything from the remaining space on the disk as it was previously encrypted.

 

When one has a new drive for example with no data on it, and chose the option to encrypt only the used space, all data that is being added will be encrypted. That part I understand clearly.

But what if that user decides to delete a confidential data or file?
Will that deleted data still be encrypted even if used space option was selected?

Remember, in the scenario above I am only referring to a new hard drive with no data at all that will be encrypted using the Used Space Only option.

Scenario B

Suppose the new drive is encrypted with Used Space Only and a user then decided to delete a bunch of data and the user then decides to reinstall Windows again by removing all the previous partitions that were there before should the user now select to encrypt the Entire Space?

Or, the user should still select Used Space if the deleted files from before are still encrypted?

 

Yes. Files are not decrypted when they are deleted. They just are removed from the master file table. If you tried to scan the free space to recover the file all you'd find is the encrypted data.

There is no point encrypting the whole drive if it is new.

You could but there is no point. All of the data ever written to the drive was written encrypted so all that is on the disk once you destroy the partition table is fragments of encrypted files (unrecoverable) and unwritten space.

The only time you need to encrypt the whole disk is when it has been used without bitlocker as (even if you destroy the partition table) there may be recoverable fragments from the previous installation and due to fragmentation they could be anywhere on the disk and not necessarily overwritten by a subsequent install.

Note that in bitlocker environment there is also the system partition which contains the Windows boot loader and various files required by bitlocker. This is never encrypted (whether you choose to encrypt the whole disk or used space) but as no user data is stored in this partition it can be ignored for the sake of this discussion.

If I had bought a new drive I'd encrypt it used space only (assuming this was done immediately after installing Windows) and if I deleted stuff and reinstalled Windows I'd still encrypt it used space only.

 

Thanks for the super informative explanation on this - I might as well save this Thread. Very great information here.

So once again, just to confirm this, once a new drive is encrypted (after Windows installation) with the Used Space option, and I add data on there, which of course, will automatically encrypt the data and then when I decide to delete the data, the data will still be encrypted EVEN if that data is deleted from the encrypted Used Space.

And when I decide to reinstall Windows 10 again by wiping all the previous partitions and only leaving the Unallocated space for installation, It would be fine to select the Used Space option again (on the same drive)?
Am I correct?

Hopefully I got this one statement correct?

 

Correct.

Correct

In terms of what you are concerned about, yes.

When you delete a file the record in the master file table (MFT) is deleted. This means that the address to the space on the disk where the data resided is no longer there (so it can't be seen in the file system) but what is on the disk may remain.

This encrypted data remains on disk until it is overwritten by something else. It isn't "deleted from the encrypted used space" as such. The used space (which is files referenced in the mft) gets smaller and the space that was occupied by the deleted files becomes available for other files to be written to. Adding a new (encrypted) file may overwrite this immediately, or, it may be written elsewhere on the disk entirely.

A better way of looking at it is when you encrypt used space you encrypt all parts of the disk containing files at the time you do it. The used space (according to the file system) can grow and shrink as you add and delete files but the space on disk containing encrypted files (whether visible through the file system or deleted) can only ever grow as all new files are encrypted and deleted files are not decrypted. .

Correct. That would be fine.

 

I would like to use the Used Space Only option as that is still the only faster way of encrypting.
Let me make a correction here regarding my original Thread question.
As I recall, I did select to encrypt the Used Space Only option since I did not have any deleted data that was sensitive. However, I did a few clean reinstalls with choosing BitLocker to encrypt the Used Space.

So my only concerns was these:

1. Will deleted files be De-crypted if Used Space Only was encrypted?
2. If I were to reinstall Windows again, would it be fine to select Used Space Only again?

So those were my only two concerns, since I ALWAYS used BitLocker to encrypt the Used Space only.

 

1. No. Deleted files are not decrypted.
2. As long as the original deleted data was not sensitive (as you say) then yes it would be fine.