BitLocker Icon

To protect sensitive and personal information, you may encrypt the file with data encryption software. BitLocker is a disk encryption software comes with the Ultimate and Enterprise editions of Windows Vista / 7, the Pro and Enterprise editions of Windows 8 / 8.1. By default it uses the AES encryption algorithm in cipher block chaining (CBC) mode with a 256-bit key. 256-bit AES encryption is a strong encryption standard adopted by the US government.

Warning: It is important to note that once information is encrypted by any encryption software, it can only be opened with the CORRECT password. Losing the password means losing the information for good.

The followings are procedures in using BitLocker to protect sensitive data on an office PC or on a USB thumb drive:

  • Create a Virtual Hard Disk (VHD) file as a container
  • How to dismount a Virtual Hard Disk
  • How to mount a Virtual Hard Disk
  • Protecting sensitive data on a USB thumb drive using "BitLocker To Go"

  • Create a Virtual Hard Disk (VHD) file as a container

    BitLocker is a disk-based encryption tool, you are recommended to create a Virtual Hard Disk as a container for data protection.

    1. Create a new Virtual Hard Disk (VHD) file . Open the Computer Management window then right click the Computer or PC icon and select Manage.
      BitLocker setup
    2. Select the Disk Management item.
      BitLocker setup
    3. Select Action -> Create VHD from the menu bar.
      BitLocker setup
    4. Provide the file location and size for the VHD file from the "Create and Attach Virtual Hard Disk" windows. And choose the option "Fixed size" and click "OK". (Note: The maximium size of a VHD file is 2,040 GB. If you are using Windows 8, you can choose VHDX which supports up to 64 terabytes (TB) in size.)
      BitLocker setup
    5. Initialize the new virtual drive. Click the new disk icon using the right mouse button and select Initialize Disk.
      BitLocker setup
    6. Make sure "MBR" partition style is selected. Then press "OK". When done, the disk status will becomes "online",
      BitLocker setup
    7. Then create a partition on the virtual drive. Right click the Unallocated space and select "New Simple Volume"
      BitLocker setup
      • Press Next for the welcome screen.
        BitLocker setup
      • Press Next for the Volume Size (It will use all available size by default).
        BitLocker setup
      • Assign a drive letter for your virtual disk and press Next.
        BitLocker setup
      • Use the default settings for the partition format and press Next.
        BitLocker setup
      • Press Finish to start format the virtual disk.
        BitLocker setup
    8. Now we need to encrypt the new virtual drive using BitLocker. Right click the drive in Explorer and select "Turn on BitLocker...". (Warning: Please be careful to choose the Virtual Hard Disk for encryption rather than the physical disk.)
      BitLocker setup
    9. Tick the option "Use a password to unlock the drive" and enter your password. Then press "Next".
      BitLocker setup
    10. Choose a way to store the recovery key. Then press "Next".
      (Warning: It is important to note that once information is encrypted, it can only be opened with the CORRECT password. Losing the password and the recovery key means losing the information for good.)
      BitLocker setup
    11. Press "Start Encrypting".
      BitLocker setup
      BitLocker setup
    12. Press "Close" when completed.
      BitLocker setup
    13. Then you can store data to the new virtual drive encrypted by BitLocker.


    How to dismount a Virtual Hard Disk

    For Window 8:

    • To dismount the drive, right click on the drive and choose "Eject".
      BitLocker eject

    For Window 7:

    • To dismount the drive, choose "Detach VHD" in "Computer Management ".
      BitLocker detach
    • Press "OK" when prompt.
      BitLocker detach


    How to mount a Virtual Hard Disk

    For Window 8:

    • To mount the drive again, right click your VHD file and choose "Mount" from the menu bar.
      BitLocker setup
    • Enter your password when prompt.

    For Window 7:

    • To mount the drive again, choose "Action" -> "Attach VHD" from the menu bar.
      BitLocker setup
    • Select the VHD file location and press "OK".
      BitLocker setup
    • Enter your password when prompt.

    Note: Do NOT delete the VHD volume (i.e. the file "My Encrypted Disk" in this example). Otherwise, all the files stored in the container will also be deleted.



    Protecting sensitive data on a USB thumb drive using "BitLocker To Go"

    Basically, "BitLocker To Go" allows you to encrypt a USB drive and restrict access with a password. When you connect the USB drive to a Windows 7 computer, you are prompted for the password, and upon entering it you can read and write to the drive as you normally would.

    During the encryption process, Windows 7/8 installs a special reader on the USB drive. When you connect the USB drive to a computer running XP or Vista, the BitLocker To Go Reader takes control, prompts for the password, and then basically makes the USB drive a read-only device.


    Setting up a USB drive:

    1. Once you insert a USB drive, right-click on it and select the Turn on BitLocker
    2. "BitLocker To Go" will begin initializing your USB drive. (When BitLocker To Go initializes your USB drive, you don't have to worry about any data that is already on the drive.)
    3. Once the initialization process is complete, BitLocker To Go will prompt you to set up a password that you will use to unlock the drive.
    4. After you set up a password, BitLocker To Go will prompt you to store a recovery key. (You can use the recovery key to unlock your drive in the event that you forget the password.)
    5. To ensure that you don't lock yourself out of your drive, BitLocker To Go will create a recovery key.
    6. When the encryption is complete, you'll notice that the drive icon shows a lock on the drive.

    To access the USB thumb drive using another PC:

    Using a BitLocker To Go encrypted drive:
    1. When you insert the BitLocker To Go encrypted drive in the Windows 7/8 system, you will be prompted to enter the password. (If you wish, you can select the "Show Password Characters as I Type Them" check box, so that you can see the letters)
      BitLocker enter password
    2. Then press "Unlock".