BitLocker Drive Failed or Won't Unlock? Don't Reformat — We Can Help.
UK BitLocker data recovery specialists since 2002. Failed hardware, lost recovery keys, corrupt volumes. Windows 10, 11, Server. Free collection across the UK. No-fix-no-fee.
What this means and what to do next
BitLocker is the standard full-disk encryption on Windows Pro, Enterprise and Server editions, and increasingly the default on Windows 11 Home via Device Encryption. When it works it is invisible — the disk decrypts on boot using a TPM-stored key, the user sees a normal Windows desktop. When it fails it is total: a corrupt sector, a TPM reset, a motherboard replacement, or a forgotten password and the entire volume is unreadable without the 48-digit recovery key. Most users discover BitLocker only at the moment they need to recover from it.
Data Clinic recovers BitLocker volumes in three main scenarios: hardware failure of the underlying drive (with the key still available), volume corruption (filesystem damage on top of an otherwise working encrypted volume), and 'key issues' (the prompt for the recovery key appears unexpectedly and the user cannot find it). The first two are technical recoveries. The third is partly a search exercise — Microsoft account, Active Directory, organisational MDM systems, or printed recovery sheets often hold the key even when the user thinks it is lost.
The single most important fact about BitLocker recovery is that the encrypted data is still on the drive after almost every failure that does not involve a physical destruction of platters or NAND chips. As long as the encrypted volume is intact and the recovery key is recoverable from any source, the data is recoverable. The challenge is preventing well-meaning recovery attempts — Windows automatic repair, format-and-reinstall, chkdsk on the encrypted volume — from destroying the volume header before the decryption can be attempted.
The common BitLocker recovery scenarios — and what they mean
1. BitLocker prompts for recovery key after motherboard change or TPM reset. Symptom: the BitLocker recovery prompt appears at boot, asking for the 48-digit key. Common after a motherboard replacement, BIOS firmware update, secure boot setting change, or TPM clear. The drive itself is fine; BitLocker has detected a hardware change and is requiring the recovery key for re-binding. Recovery: locate the recovery key — Microsoft account (account.microsoft.com/devices/recoverykey), Active Directory, Azure AD/Entra, organisational MDM, or printed recovery sheet from when the drive was first encrypted. Entering the key unlocks the volume; no Data Clinic work is needed for this case unless the key cannot be found.
2. Drive hardware has failed but the recovery key is available. Symptom: the drive itself is clicking, beeping, not detected, or returning read errors. The recovery key is known. Recovery: image the drive using cleanroom or PCB-swap techniques as required, then mount the image with the recovery key — BitLocker decrypts cleanly from any forensic image of the volume regardless of which device produced it. Recovery success depends on the imaging step, not the BitLocker layer.
3. Volume corruption inside the BitLocker container. Symptom: drive is healthy, BitLocker accepts the key, but Windows reports the volume as RAW or unreadable after decryption. The encryption is fine; the underlying NTFS filesystem has corrupted. Recovery: decrypt the volume into an image, then perform standard NTFS recovery on the decrypted image. This is the most common 'I have the key, why won't it work' case.
4. Recovery key lost across all sources. Symptom: drive prompts for recovery key, all of the user's accounts and printouts have been searched, no key has been found. Recovery: in nearly all cases, without the key the data cannot be recovered. BitLocker uses AES-128 or AES-256; brute force is not feasible. The exceptions are: the original user password if the volume was unlocked by password (we can sometimes work with a list of likely passwords), or a key file if one was stored separately. We will be honest about feasibility on the call — most lost-key cases end in 'unrecoverable' and we say so before any work starts.
How Data Clinic recovers BitLocker-encrypted drives
The first call is mostly about understanding which recovery scenario applies. We will ask about the failure symptoms, the device history (recent hardware changes, BIOS updates), the encryption method (TPM, TPM + PIN, password, USB key), and the user's options for recovering the key. For TPM-backed encryption, the recovery key is the only path; we will help you search the sources Microsoft writes it to, and we will not start lab work until either the key is in hand or you have decided to proceed knowing recovery may not be possible.
Once the key situation is resolved, the technical recovery follows the same pattern as any other drive recovery. Failed hardware is imaged using PC-3000 with cleanroom or PCB-swap techniques as required. The image is mounted with the recovery key using forensic tools, the decrypted volume is exposed read-only, and the data is extracted. NTFS corruption on top of the encrypted volume is repaired against the decrypted image rather than the original drive.
Recovered data is returned on a new external drive, and we provide a written report detailing the failure mode, the BitLocker configuration encountered, and the recovery actions taken. The report is suitable for ICO incident records and corporate compliance audits, which we are seeing more requests for as BitLocker becomes standard in business environments. More about our hard drive data recovery service →.
Get a free initial diagnosis in 60 seconds
In the tool below, tell us what kind of BitLocker issue you have — drive hardware failure, lost recovery key, prompt for the key when there shouldn't be one, or corrupt volume. The recovery path is different for each.
What our customers say
"Three years of family photos on a drive that suddenly failed. Data Clinic collected next day, kept me updated through the cleanroom work, and got everything back. Worth every penny."
"Honest, fixed-price, no-fix-no-fee. Quoted by another lab at three times the price. Recovered 100% of my files."
"Reasonable cost, clear communication, and they were straight with me about what was recoverable and what wasn't. Recommended."
Frequently asked questions
Where can I find my BitLocker recovery key?
Most common locations: (1) your Microsoft account at account.microsoft.com/devices/recoverykey — Windows 10/11 home installations write the key here automatically if you signed in; (2) your work or school Azure AD/Entra account — the key is in your Azure AD device record; (3) Active Directory if your PC is domain-joined — the key is in the BitLocker tab of the computer object; (4) your organisation's MDM (Intune, Jamf for Windows); (5) a printed sheet from when you enabled BitLocker; (6) a USB stick if you chose USB-key unlock. Try all six before assuming it is lost.
BitLocker is asking for the key after I changed my motherboard. Is my data lost?
No — the data is intact. The TPM on the new motherboard is different from the old one, so BitLocker cannot use TPM unlock and is requiring the recovery key. Locate the recovery key (see above) and you will get full access. Once in Windows, you can re-bind BitLocker to the new TPM via the BitLocker control panel. No Data Clinic work is required for this case.
My drive has failed AND BitLocker is on it. Can you still recover?
Yes, provided you have the recovery key. We image the drive using the same hardware recovery techniques we use for any failed drive, then decrypt the image using your key. The encryption does not affect the imaging step — encrypted data images exactly like unencrypted data. The drive failure and the encryption are independent problems with independent solutions.
Can you crack BitLocker if I have completely lost the key?
No. BitLocker uses AES-128 or AES-256 encryption with high-entropy keys derived from your recovery key, TPM, or password. Brute force is not computationally feasible. If you used a password to unlock the volume and you remember the password, we can attempt to use it. If TPM unlock was the only method and the TPM is gone, recovery requires the 48-digit recovery key — there is no alternative path. We will not take money for work that cannot succeed; we will tell you on the phone if your case is in this category.
How long does BitLocker recovery take if the drive has failed and I have the key?
Typical case: 3–5 working days from drive arrival. Imaging the drive is the time-consuming step — same as for any failed drive recovery. Decryption is fast once the image exists, usually a few hours regardless of capacity. For business-critical drives we offer emergency service at a premium.
Does the recovery report cover what we need for an ICO data breach assessment?
Yes. The report identifies the device, the encryption configuration in use, the failure mode, the recovery actions taken, and the integrity of the recovered data. For a data breach assessment, the key information is usually whether the data left BitLocker protection at any point during the recovery — our standard process keeps the data encrypted at rest throughout (the decrypted image is processed on isolated equipment), and we document this in the report.