I am trying to create a full forensic SSD image in FTK Imager (Free Version) by using the BitLocker Recovery Key then creating the BitLocker Unlocked image in FTK Imager then ingesting it into Autopsy but every attempt has failed with a warning of BitLocker Encrypted Volume Detected in Autopsy and it being clear that no data was analyzed even though I verified that the image was decrypted with the correct recovery key.
When checking settings on the Windows server that I am using for Forensics I found that BitLocker Components are not enabled. Is this causing the issue or is the fact that I made the image with the FTK Imager Default Image Fragment Size left at 1500MB?
Would another tool like Magnet Acquire work better?
Autopsy can handle the Bitlocker encrypted image of a drive.
Create an image of the encrypted drive using a tool like FTK Imager or a similar program.
Add the image to Autopsy as a new case.
Autopsy will recognize that the image is encrypted with BitLocker and will ask for the BitLocker recovery key or password.
Once you enter the correct key, Autopsy will be able to unlock the drive and analyze the data.
I made a post with a similar question for APFS (Apple File system) encrypted volumes that is pending approval. Does Autopsy also auto detect APFS images? In my case it did not detect it, but it was a physical copy (entire disk with multiple partitions) perhaps Autopsy requires just a copy of the APFS encrypted partition in order to recognize it.