Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

Forensic Experts Warned of Default BitLocker Encryption in Windows 11

Comment

Forensic Experts Warned of Default BitLocker Encryption in Windows 11

Netvora May 9, 2025 at 10:00 AM Security
Forensic Experts Warned of Default BitLocker Encryption in Windows 11

Forensic Experts Warned of Default BitLocker Encryption in Windows 11

By Netvora Tech News

Forensic experts are being warned to expect nearly all seized Windows 11 devices, including consumer-grade models, to be fully encrypted from now on. This change is due to the default disk encryption feature introduced in Windows 11 version 24H2, which is automatically enabled on most modern hardware when Windows is installed with a Microsoft account.

According to Oleg Afonin, a forensic expert at Elcomsoft, the Windows 11 24H2 update marks a significant shift in Microsoft's approach to disk encryption, which will have far-reaching implications for digital forensic research. "With this release, BitLocker encryption is automatically enabled on most modern hardware when Windows is installed with a Microsoft account," Afonin explains.

The encryption, which takes place in the background, affects even the Home editions and consumer devices, where full disk encryption was not typically enabled before. Afonin notes that the encryption only applies to new installations of Windows 11 24H2, not updates to this version. Microsoft has also removed a workaround that allowed users to bypass the encryption by not using a Microsoft account during installation, making it more difficult to circumvent the default encryption.

Recovery keys, which are needed to access an encrypted system, are automatically uploaded to the user's Microsoft account for personal devices. Law enforcement agencies can request these recovery keys through legal channels, but this introduces delays and procedural complexities, according to Afonin.

Afonin warns that Microsoft's change will have long-term consequences for forensic research. Seized hard drives will be unusable unless recovery keys are obtained. As a result, forensic experts must prepare for the fact that almost all seized Windows 11 devices, including consumer-grade models, will be fully encrypted from now on.

  • The default encryption feature is automatically enabled on most modern hardware when Windows is installed with a Microsoft account.
  • The encryption affects even Home editions and consumer devices, where full disk encryption was not typically enabled before.
  • Recovery keys are automatically uploaded to the user's Microsoft account for personal devices.
  • Law enforcement agencies can request recovery keys through legal channels, but this introduces delays and procedural complexities.

Forensic experts are urged to take note of this significant change and prepare for the challenges it presents.

Comments (0)

Leave a comment

Back to homepage

You might also like