I have a question about how file deletion works on a BitLocker-encrypted volume. When you delete a file from a BitLocker-protected space, does it only remove the reference to the file and leave the actual encrypted data on the disk? Or does it decrypt the file before deleting it and reduce the storage size? It seems like leaving decrypted data behind could be a significant security risk, so I'm curious to clarify this. Thanks for any insights!
1 Answer
When you delete a file on a BitLocker volume, Windows only removes it from the file table without touching the actual data. So, in short, it leaves the encrypted data intact on the disk as an encrypted blob. It's not decrypted during this process.
That makes sense! So essentially, the data is still there; just the file reference is gone.