Passware, a software firm that provides password recovery, decryption, and evidence discovery software for computer forensics, has updated its flagship application this week to support breaking Microsoft's BitLocker hard drive encryption. Passware Kit Forensic version 9.5 can recover encryption keys for hard drives protected with BitLocker in just a few minutes. It scans a physical memory image file of the target computer and extracts all the encryption keys for a given BitLocker disk. As a result, Passware has crowned itself the creator of the first commercially available software to crack BitLocker Drive Encryption.
Passware claims that full disk encryption was a major problem for investigators and that its tool helps police, law enforcement, and private investigators bypass BitLocker encryption for seized computers. That may be, but since this is a commercially available product, anyone with $795 can now circumvent the encryption. Add to that the fact that previous versions of this software have been pirated (version 9.0 was released earlier this year), and it's only a matter of time before even the price point doesn't matter.
Passware Kit Forensic is a tool that can recover passwords from various file types, decrypt Microsoft Word and Excel files up to version 2003, and reset passwords for local and domain Windows administrators. It is a complete encrypted evidence discovery solution that reports all password-protected items on a computer and gains access to these items using the fastest decryption and password recovery algorithms at its disposal. There's also a portable version of the software that runs from a USB drive and finds encrypted files, plus recovers files and website passwords without making any changes to the target computer.
BitLocker Drive Encryption is a full disk encryption feature available in the Ultimate and Enterprise editions of Windows Vista and Windows 7, as well as the Windows Server 2008 and Windows Server 2008 R2 operating systems. It is designed to protect data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in CBC mode with a 128 bit-key, combined with the Elephant diffuser for additional disk encryption security not provided by AES. It is meant to prevent a thief or thieves from using another operating system or hacking tool to get around file and system protections provided by Windows in order to view files stored on the drive. Update
As pointed out in the comments, this isn't exactly a "crack" for BitLocker. Like most similar digital forensics analysis software, Passware Kit Forensic requires access to a physical memory image file of the target computer before it can extract all the encryption keys for a BitLocker disk. If a forensics analyst or thief has physical access to a running system, it is possible to take advantage of the fact that the contents are in the computer's memory. Other drive encryption programs have similar issues.