Bitlocker protects against unauthorized data access on either a lost or stolen hard drive through encryption; Bitlocker encryption the entire contents of the operating system partition and a special Bitlocker key is generated when Bitlocker is activated and is required to access the contents of the encrypted volume Bitlocker uses integrity checking early in the boot process to ensure that the drive contents have not been altered and that the drive is still in the original computer if any problems are occurred the system will not boot and the drive contents remain encrypted the integrity checks prevents drives from being moved from one computer to another to provide insurance that only authorized individuals can access the drive.
BitLocker requirement and activation
Implementing Bitlocker requires two NTFS partitions first is the system partition which is roughly a 100 MB VOLUME THAT contains the boot files with BitLocker this partition is set to active and is not encrypted by the BitLocker process and in the other partition is the operating system OS itself which is much larger to support the operating system and everything on this partition is encrypted.
A trusted platform module TPM is a special hardware chip is required for BitLocker to work this chip is included on the computer motherboard that contains software and firmware that generate and store cryptographic keys the TPM chip must be enabled in the BIOS before Bitlocker can be activated if the TPM is not activated you will receive a notification msg as below:
Saying that you cant enable Bitlocker without the trusted platform module is enabled and having ownership the TPM chip stores the Bitlocker key that is used to unlock the drive and the partitions, and stores information about the system for the integrity checking at boot;
Notice that if you don’t have trusted platform module TPM chip on your motherboard, you can use USB drive for key to unlock the encrypted partition so instead of the key is stored on the TPM it is actually stored on the USB just keep in mind that you will need the USB plugged into your computer at each boot
HOW THE TPM WORKS
For the Bitlocker to read the encrypted key is the integrity check is going to follow this path right here first of all before the Bitlocker encrypts the drive, the TPM is going to examine the startup files of the unencrypted partition of the TPM the generates a system identifier based on the components of that partition after the encryption the files are examined and a new identifier is generated,the identifiers are compared to one another at boot if they match, the system will boot up if not the system will display a msg at this moment the Bitlocker is not the same as the encryption file system and windows in a few different ways so try to not get them confused so for Bitlocker it's going to encrypt the entire volume where the Encrypted individual Files EFS only encrypts individual files.
Bitlocker ENCRYPTS the volume for use on the computer regardless of the user wich basically means any user who has the PIN or the Startup key and it can successfully log on can access the BitLocker volume with EFS access is specific to the user has granted permission to other users on the computer or the network and with Bitlocker it only provides offline access once the computer is booted anybody can the drive and access the data on the volume.
The encrypted filesystem protects against online and offline access to the encrypted files from unauthorized users but it has no way to protect against compromised credentials.