Some options for cloning a Bitlocker-enabled system drive:
Decrypt, clone, encrypt
Use dd or similar to clone sector by sector
Boot into Windows, clone live system, encrypt
Boot from TBWinRE1, unlock via manage-bde.exe, clone2, encrypt
Boot from Casper Secure Startup Disk3, unlock4, clone
TBWinPE does not include manage-bde.exe.
Select "Read from Volume", which "allows things like the ability to see BitLocker volumes unencrypted" (if unselected, a sector-by-sector clone will be made, even if the Bitlocker partition was unlocked). Other options worth considering: Scale to Fit, Scale to Target, Align to Target, and Remove Gaps on Copy. Could not find an option or set of options that correctly resized a larger target; fixed with Paragon's Partition Manager Community Edition.
A number of useful tools lie hidden beneath the surface: Explore > Quick Access Toolbar arrow > Save As > click the now-showing Save As button > This PC > X:
right click desired tool > Open. You can also reveal the Menu Bar in the main menu via F10.
If you missed the GUI prompt to unlock, make it reappear by clicking the SmartStart Wizard icon in the upper right hand corner (alternatively, run manage-bde -unlock inside cmd.exe).
While testing TBWinRE, the source drive's Windows install became unbootable (Error code: 0xc000000e), despite issuing no write operations to the drive. As always, backup beforehand and ideally use a hardware write blocker on the source drive.
Acronis True Image's rescue boot disc does not support cloning an encrypted drive, even when unlocked: "encrypted and unlocked disks cannot be read by Acronis Bootable Media". Further, "This is expected behavior, current by-design limitation."
/windows | Aug 19, 2020
