Hello readers, While the performance of the laptop is rather OK during the initial encryption of a drive, we are wondering if it is OK to hand over a freshly deployed laptop to a user before the OS filesystem encryption is finished. How secure are the files on the volume before it is fully encrypted? Is there (security) documentation about this?You know you're an engineer when you have no life and can prove it mathematically

Hi, When you start to encrypt the drive via BitLocker, it cannot be canceled until the encryption is finished. Hence, you need not be worry about the security of the drive. For more information about BitLocker, please refer to the following article. Windows 7 BitLocker Executive Overview Thanks, Novak

Hi Novak, Thanks for your reply. You are right about the fact that the encryption cannot be canceled by a user. But let me outline a scenario: - The laptop is handed over to the user;- The user logs on for the first time. Offline mail file (ost) is created and offline folders are cached. Maybe some files are explicitely copied to the hard drive;- The encryption is still running (say it is about 25%);- User closes the lid and catches a flight;- Laptop is stolen. My question now is: Is, in this scenario, the data safe or not? Thanks in advance, Stephan van der PlasYou know you're an engineer when you have no life and can prove it mathematically

Hi, Based on my test, I would like to answer you that the data will be safe if other people does not have password to access the machine or access the encryption drive. If the machine is turned off or sleep when the encryption is running, the encryption procedure will be hold on until it is completed. Hence, the encryption drive can only be accessed by password or BitLocker Recovery Key. Thanks, Novak

Hello Novak, What exactly did your test look like? Have you been able to mount a disk that was halfway in the process of encryption to an other computer and try to recover the data on the disk? Regards, StephanYou know you're an engineer when you have no life and can prove it mathematically

Hi, I just turned off or made the machine to Sleep Mode when the encryption was still running. (Since you closed the lid, your stolen laptop should enter in Sleep Mode or turned off.) When I turned on the machine or reverted back from Sleep Mode, I should type the user name and password to login on the machine. If others do not have the password, they will not login on the machine. Even though they login on the machine, the drive which you would like to encrypt would already be encrypted and it need type the BitLocker password to access the drive. Hence, if other people does not have the password, the drive should be safe. Regards, Novak

Hi Novak, Ok you're right about that, but when the laptop is stolen, the disk can be removed from the laptop and mounted to another machine. My (still unanswered)question is, is the data safe (scrambled) or are there possible "plain text" files on the disk? Regards, StephanYou know you're an engineer when you have no life and can prove it mathematically

Hi Stephan, After mounting the drive to another machine, the drive is still encrypted actually and other people still need the password or Recovery key to enter it. If there is no password or Recovery key, the drive will be safe. Thanks,Novak