Urgent questions regarding recovery of DATA from encrypted Bitlocker Drive

Question

Hey All, 
 
 So I have a major issue, I have an HP pavillion X360 
 It had a 1TB HDD and a 16GB Optane Intel module . 
 This had Sophos endpoint with encryption on it, I booted into it did the decryption this said it had been completed. I rebooted did not ask for a bitlocker password and went into windows 10. 
 I then changed the memory to 16GB, It then rebooted and it just did nothing. I put the old RAM back in and still nothing. 
 So I decided to take out the Optane memory, I then rebooted it then leaving the normal HDD inside it then asked for a bitlocker password I dunno how this is possible since it shouldve decrypted it before. I entered it and kept going into windows repair. It just stood with a black screen. 
 I then put the HDD into a USB case put it into machine where it says the drive is locked I must use the key to unlock it, I would but because i disabled the machine in central I cannot get the key. 
 I then put the HDD back into the original laptop with the original TPM, It now says there's no OS . But if i plug back into my machine in the case it still asks for a recovery key . 
 Any suggestions , I really need help on this one . 
 
 Please !!!!!!!!

RichardP · Answer

Hi, 
 There is too little information here to have a definitive diagnosis - however, based on how Optane works (a cache of highly used files), it could definitely be why the machine can't boot even though the bitlocker encryption is "decrypted". 
 Let's consider the following scenario: 
 HDD1 holds the OS and is encrypted by Bitlocker 
 Optane holds the most used files for the OS and is encrypted by Bitlocker 
 If some of the files held in Optane are critical for the boot (are dlls or are pointed to by dlls) then you need both in an "decrypted" state for the machine to boot - in other words, the UEFI needs to load, detect the two locations and access them to get the rig up. 
 However, there is also a scenario where the files were put into Optane but aren't there any more - either they were marked for write back to HDD1 or something has damaged the data in the Optane. Now you are in a state where HDD1 is missing some critical files it is expecting to be on the Optane (through reference points) but they aren't. 
 You said you took the Optane memory out of the rig - I am not sure what level of permanence that tech has once it is removed from the rig. SSDs have batteries to help charge the cells. I also notice that Intel says you can't remove the modules without de-linking them first: 
 // https://www.intel.ca/content/www/ca/en/support/articles/000024018/memory-and-storage/intel-optane-memory.html Can I disconnect the drive being accelerated from the system after it's enabled with Intel &reg; Optane &trade; memory and move it to another computer? 
 
 No, you have to disable Intel&reg; Optane&trade; memory before you can move it to another computer. You can disable it via the Intel&reg; Optane&trade; memory or Intel RST applications. Refer to the Intel Optane Memory User and Installation Guide or video for more information. 
 
 All, in all, with what you are describing it certainly seems that an issue occurred in the rig that critically damaged the data structures. Data recover should be possible by slaving the HDD to another bitlocker encrypted drive and entering the recovery key. For getting the machine to boot again - you might be able to get it operational again (I am not optimistic on this one) - but you would probably have better success and save yourself a lot of time by just starting fresh, format it, and encrypt again. 
 If you have any further questions, please let me know.