BitLocker drive encryption, which is only available in Windows Vista Enterprise and Ultimate editions, helps protect data on a client computer. When an attacker gains physical access to a computer, the potential consequences include:
• The attacker can log on to Windows Vista and copy files.
• The attacker can restart the client computer by booting another operating system to view file names, copy files, and read the contents of the hibernation or page file to discover plaintext copies of sensitive information.
Even if the files are encrypted using Encrypting File System (EFS), a careless user might move or copy a file from an encrypted location to an unencrypted location, which could leave the file in plaintext. Attackers could also tamper with the system and boot files, which may prevent normal system operation. BitLocker mitigates this risk by encrypting the entire Windows volume to help prevent unauthorized users from breaking Windows file and system protections or viewing information offline on the secured drive. Early in the startup process, BitLocker checks the client computer’s system and hardware integrity. If BitLocker determines an attempt has been made to tamper with any system files or data, the client computer will not complete the startup process. This protection is obtained if the computer has a Trusted Platform Module (TPM 1.2) to protect user data and to help ensure that a client computer running Windows Vista cannot be tampered with while the system is offline. If no TPM is available, BitLocker can still help protect the data, but no system integrity validation is performed. BitLocker does not encrypt data stored outside the Windows partition, but does provide an extra added security layer for EFS by encrypting the EFS keys within the Windows partition