The article details how to bypass BitLocker encryption on Windows 11 by extracting FVEK from memory. The process involves abruptly restarting the system, creating a bootable USB device, and running Memory-Dump-UEFI. The author mentions potential issues with secure boot and provides scripts to assist with analyzing memory dumps. They commend Microsoft for marking cryptographic keys in memory. The FVEK key is found under the ‘dFVE’ and ‘None’ pool tags. The article concludes with instructions on how to obtain and use the FVEK key to unlock a BitLocker-protected partition. The author recommends using the dislocker suite for this process.
https://noinitrd.github.io/Memory-Dump-UEFI/