Volatility plugin to extract BitLocker Full Volume Encryption Keys
Computer attacks constantly worry administrators and computer users. Earlier we already talked about volatility.
Plugin for the platform Volatility Framework, whose goal is to extract the encryption keys Full Volume Encryption Keys (FVEK) from memory. It works from Windows 7 to Windows 10. Unfortunately, the support for Windows 8 – 10 is very experimental, but it works in most cases with a few quirks.
This article describes the volatility plugin for extracting encryption keys with a full BitLocker volume. You can refresh the memory of how the plugin works and common problems.