Advanced Image Restores
      Back to home
      1. Macrium Reflect X
      2. Restoring Data and Disaster Recovery
      3. Advanced Image Restores

      Restoring BitLocker Encrypted Partitions

      - Overview

      - BitLocker Restore Outcomes

      - BitLocker Live Restore

      - BitLocker Encrypted Restore

      - BitLocker Removal Restore

      Overview

      Macrium Reflect can be used to image, restore, and clone volumes encrypted with Microsoft BitLocker encryption. Unlocked BitLocker-encrypted volumes are presented to the OS "in the clear", meaning they appear like any other file system. When creating a disk image that includes an unlocked BitLocker-encrypted volume, the image will contain the file system in an unencrypted state. This has the advantage that intelligent incremental images are possible and also reduces the image size considerably. Unused clusters aren’t backed up, and the unencrypted data will more readily compress.

      This article discusses the outcomes when restoring a BitLocker-encrypted volume, but the same outcomes also apply when cloning BitLocker-encrypted volumes.

      Since BitLocker-encrypted volumes are imaged in an unencrypted state, we recommend enabling AES backup file encryption to prevent unauthorized access to data.

      BitLocker Restore Outcomes

      When restoring a BitLocker-encrypted volume, there are three possible outcomes:

      Icon Description

      BitLocker Live Restore

      The BitLocker state is preserved for the restored partition, and the volume is unlocked.

      BitLocker Encrypted

      The volume is restored/cloned in a locked BitLocker state and can be unlocked using the source volume password or TPM chip.
      No Icon

      BitLocker Removal

      The file system is restored/cloned "in the clear," and BitLocker encryption must be manually re-enabled on the restored volume to maintain the BitLocker encryption.

      BitLocker Live Restore

      Outcome: A Rapid Delta Restore of the source file system on top of the existing unlocked BitLocker encrypted volume.

      A 'BitLocker Live Restore' will happen if the target file system is BitLocker unlocked, is the same volume as the source volume, and is the same size. In this case, the BitLocker encryption state of the file system is preserved after restoring/cloning. When restoring a system partition, the system will boot normally using the TPM protector key or password to decrypt the system volume. 

      The restore wizard will show the 'Unlocked Padlock' icon for both the source and target partition, indicating a live restore will take place.

      In the example below, an image of a BitLocker-encrypted C: drive is being restored to the original unlocked C: drive.

      When reviewing the log file of a 'BitLocker Live Restore' operation, 'Live Restore' will be displayed under the BitLocker-encrypted partition:

      After the restore has completed, Windows Explorer will show the drive with an unlocked padlock symbol:

      To restore to an unlocked BitLocker-encrypted volume using the rescue media, the necessary components must be added to the rescue media to enable the target volume to be unlocked. More information about adding BitLocker support to the rescue media can be found here.

      BitLocker Encrypted Restore

      Outcome: The restored file system will be in a locked BitLocker-encrypted state and can be unlocked after restoring or cloning.

      An image of a locked BitLocker-encrypted volume will be approximately the same size as the entire imaged file system. The file system cannot be read, so unused space cannot be omitted, and encrypted data does not readily compress.

      An image of a locked BitLocker-encrypted volume can be restored to any available position on the target disk with the following exceptions:

      1. The source encrypted volume cannot be restored to a 'legacy' logical drive in an extended partition unless the source was also a logical drive.
      2. The source encrypted volume cannot be restored to a Windows dynamic volume, as dynamic volumes do not support BitLocker encryption. 

      In the example below, the locked partition from the source image is being restored to a different location on Disk 3. This partition can be restored to any position on the disk and retain its BitLocker locked state after the restore:

      When reviewing the log file of a 'BitLocker Encrypted Restore' operation, 'Encrypted Restore' will be displayed under the BitLocker-encrypted partition:

      After the restore has completed, the drive will be in a locked state and must be unlocked before the data on the partition can be accessed:

      BitLocker Removal Restore

      Outcome: The entire file system is restored "in the clear," and BitLocker must be manually re-enabled on the restored file system.

      BitLocker encryption on the source file system will be removed if the target file system did not originate from the same format command, is a different size, or is not BitLocker unlocked.

      In the example below, an unlocked BitLocker-encrypted C: partition is being restored to an empty disk. The 'BitLocker Removal' restore is indicated by the lack of a padlock icon on the destination partiton:

      Selecting 'Next' will display the following warning, indicating that the partition will be restored without BitLocker encryption.

      When reviewing the log file of a 'BitLocker Removal Restore' operation, 'Removal Restore' will be displayed under the previously BitLocker-encrypted partition:

      To continue protecting the data on the drive with BitLocker encryption, BitLocker must be re-enabled:

      If the 'Automatically unlock BitLocker Volumes' option has been enabled when creating rescue media, we recommend recreating the rescue media after re-enabling BitLocker encryption to ensure that the newly encrypted volume will unlock automatically. More information about this can be found here.