14 DAY TRIAL // BitLocker is a security feature introduced in Windows Vista in response to the threat posed by data theft from lost, stolen or inappropriately decommissioned hardware, via full volume encryption and secure startup. Microsoft has made BitLocker available only in Windows Vista Ultimate and Enterprise editions and has announced that it will be integrated into Windows Server Longhorn.
As early back as Windows Vista Beta 2, NASA has evaluated BitLocker and has warned of a loophole of the feature that exists in concordance with the operating system's Sleep and Hibernate modes. NASA claims that through the way Vista handles recovery from Sleep and Hibernate modes, BitLocker can be circumvented.
This is because of the fact that a Vista computer that is reinstated from Sleep mode will not require and USB authentication key. In this context, the data on a machine that boots from Sleep mode will be accessible to anyone, despite BitLocker.
"The normal "Sleep" does not require the insertion of the USB key, so administrators should take care to configure machines with a set of policies that match the organization's needs. An administrator can reduce the risk of circumvention of BitLocker (through theft of a "sleeping" rather than "hibernating" machine) by reducing the duration before the machine goes into "Hibernation." Administrators ought to be wary, though, because too frequent hibernation might induce PC users into leaving the USB key plugged into the machine at all times thus rendering the USB key irrelevant," is NASA'a advice.
However, the tests performed by NASA were on Windows Vista Beta 2, and have not been updated since.