Behavior of Bit locker when windows vista based computer resumes from sleep mode

Neither Bitlocker drive encyption feature nor TPM chip provide protection against online attacks against the operating system when resuming from sleep mode (sleep = suspend to memory). The standard Windows protections take care of this if they are enabled. If the machine was set to require a password upon resume, then the thief will have to provide a valid username/password in order to unlock the system and use the OS.

The recommendation is that for increased security you use TPM+PIN or TPM+USB and disable sleep (use hibernation). This is a classic convenience vs. security tradeoff choice. BitLocker does not attempt to protect data that is in memory - neither when the machine is running nor when it is sleeping. The best practice when running BitLocker is to configure your machine to hibernate, not sleep.

This posting is provided "AS IS" with no warranties, and confers no rights.

Gaurav Anand