An attacker with physical access can abruptly restart the device and dump RAM, as analysis of this memory may reveal FVEK keys from recently running Windows instances, compromising data encryption.

The effectiveness of this attack is, however, limited because the data stored in RAM degrades rapidly after the power is cut off.

  • optional@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    6 months ago

    What’s the advantage of disk encryption if you don’t require a password to boot? Couldn’t you just boot the device and extract the data using Explorer anyway?

    • Limonene@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      I assume they think the Windows login password will keep them safe. I don’t know. But many corporate computers (several I’ve been forced to use) do use Bitlocker without a password.