Using USB containing BEK key to access HDD from a different machine

Question

Hello, 
 I have a USB containing a startup key (.BEK file) for a computer that has the boot partition encrypted with Bitlocker. I was wondering if I was to take out the encrypted hard drive from that machine and then connect it to a machine using a different OS like Kali linux, could that startup key that was created with the original computer be used to decrypt the HDD on the machine it is now attached to and access the files or would the HDD require the bit locker recovery key instead of that startup key? If anyone could provide me with more information, it would be greatly appreciated.

Adithyan Thangaraj · Answer

Hi Yohan, 
 Using BEK file for decrypting a Bit locker encrypted drive is absolutely possible by slaving the drives to a machine that also has BitLocker installed in it, thereby making other Operating Systems not effective in this process natively. 
 After slaving the encrypted data volume on a Windows machine with Bitlocker in it, you will be prompted for a password. The drive will normally be unlocked with a password, but if this doesn&rsquo;t work, select &lsquo;I forgot my password&rsquo;. Enter your recovery key and &lsquo;Voila' all the data on the encrypted data volume will be recovered. 
 Hope this helps!

Adithyan Thangaraj · Answer

Hi Yohan, 
 This KBA should explain the recovery process on slaving BL encrypted drives! 
 https://community.sophos.com/kb/en-us/120256

Adithyan Thangaraj · Answer

Hi Yohan, 
 Thank you for your response! Ah! Understood your question perfectly. I would say that the BEK file is not machine specific and is meant to be used for the encrypted drive. This BEK file generated is merely a copy of the recovery key that Bitlocker makes and is hence usable on any other machine where the drive can be slaved. In short - anyone with access to the BEK file (or the token with the file in it) and the corresponding encrypted drive 'can' access the drive's data.