According to the Bitlocker FAQs:
Suspend keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased."
My question is regarding that last part. Does anyone know how the clear key is "erased"?
Is it simply deleted from the file system but left physically intact on the drive? (meaning that it could be recovered by a data recovery application?)
Or is it also overwritten / destroyed / made useless in some way?
Basically I am thinking of enabling Bitlocker on an OS drive on a SSD. But I am concerned that all any thief or attacker would need to do is run a data recovery application on the drive, and then potentially recover a working clear key that was left behind following a past suspension.