Windows10 FVEK是否有新的搜索方法?

[ly20180228]

经过多次测试，根据 https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/ 中插件提取到的FVEK并非正确的bitlocker FVEK，Elcomsoft Forensic Disk Decryptor可以搜索到VMK，并且猜测极有可能是正确的结果(没有该软件注册版)。 所以，现在是否有新的方法，可以提取到正确的bitlocker FVEK，或者通过VMK直接解锁加密卷？

[joachimmetz]

Using Google translate: After many tests, according to https://tribalchicken.io/recovering-bitlocker-keys-on-windows-8-1-and-10/

The FVEK extracted by the plugin is not the correct bitlocker FVEK, Elcomsoft Forensic Disk Decryptor can search for VMK, and guessing is most likely the correct result (no software registered version). So, is there a new way to extract the correct bitlocker FVEK or unlock the encrypted volume directly via VMK?

[joachimmetz]

Recovery of BitLocker keys is out of scope for this project. The library provides functionality to pass key data but the various methods of obtaining this key data is out of scope.

[ly20180228]

那么，我已经得到VMK，是否可以通过libbde解锁卷？比如通过FVEK解锁

[joachimmetz]

Using Google translate: So, I have got VMK, can I unlock the volume through libbde? For example, unlocking via FVEK

At the moment you can only pass the FVEK and TWEAK keys, there is a request to add support to pass the VMK directly: https://github.com/libyal/libbde/issues/35

I'll have a look at this when time permits, but note that my time is very limited,

[ly20180228]

非常感谢，如果可以，我们就可以通过Elcomsoft Forensic Disk Decryptor搜索到正确的VMK，然后利用libbde解锁，很早以前就有这个想法，没有提出，前面看到有人也提出了类似的需要！

[joachimmetz]

Using Google translate: Thank you very much, if you can, we can search for the correct VMK through Elcomsoft Forensic Disk Decryptor, and then use libbde to unlock, long ago there was this idea, did not propose, I saw some people have also raised similar needs!

Ack, I'll close this issue then.