BitLocker prevent unauthorized access to data on lost or stolen computers by combining two major data-protection procedures:
• The integrity of early boot components and boot configuration data must be verified.
• The entire Windows operating system volume on the hard disk must be encrypted.
Bitlocker’s most secured implementation of leverages is the enhanced security capabilities of a Trusted Platform Module (TPM) version 1.2. Many newer computers have TPM hardware installed in it by computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer running Windows Vista has not been tampered with while the system was offline.
In addition to this, BitLocker gives the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable USB device, such as a flash drive, that contains a startup key. Without this startup key, the computer will not start or resume from hibernation until the correct PIN is given. These security measures provide assurance and authentication that the computer is being used by the right user.
For computers that do not have a TPM version 1.2, computer users can still use BitLocker to encrypt the Windows operating system volume. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation, and does not provide the pre-startup system integrity verification offered by BitLocker working with a TPM.
Offline data enhancements
BitLocker also helps protect data while the system is offline by:
• Providing an umbrella protection for non-Microsoft applications, which benefit automatically when installed on the encrypted volume.
• Encrypting the entire Windows operating system volume, including both user data and system files, the hibernation file, the page file, and temporary files.