ForensicsWiki will continue to operate as it has before and will not be shutting down. Thank you for your continued support of ForensicsWiki.

Full Disk Encryption

From ForensicsWiki
Revision as of 07:32, 17 December 2007 by Cmihai (Talk | contribs) (Added TrueCrypt, FreeBSD GBDE and GELI, NetBSD CGD, OpenBSD vnconfig and PGPdisk.)

Jump to: navigation, search

Full Disk Encryption or Whole Disk Encryption is a phrase that was coined by Seagate to describe their encrypting hard drive. Under such a system, the entire contents of a hard drive are encrypted. This is different from Full Volume Encryption where only certain partitions are encrypted.

Some examples of full disk encryption:

Hardware Solutions

Seagate FDE
Network Appliance (Decru) (NetApps DataFort) (Decru Lifetime key Management) (Decru white paper)
Jetico BestCrypt
Securstar driveCrypt DriveCrypt 4.20 - 1344Bit Hard Disk Encryption
Eracom Technology DiskProtect
Hitachi Bulk Data Encryption$file/bulk_encryption_white_paper.pdf

Software Solutions

Transparent full disk encryption for Linux and [[Windows]. Supports various ciphers: AES (256 bit), Serpent and Twofish.
It provides protection from watermarking and inference attacks (volumes cannot be distinguished from random data).
Supports hidden volumes within TrueCrypt volumes (plausible deniability).
GEOM Based Disk Encryption. Provides transparent full disk and swap encryption for FreeBSD. Supported ciphers: AES (128 bit).
Supports hidden volumes and Pre-Boot Authentification.
Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
Cryptographic GEOM class. Provides transparent full disk encryption for FreeBSD. Supports various ciphers: AES, Blowfish and 3DES.
Supports hidden volumes and Pre-Boot Authentification.
Cryptographic Device Driver. Provides transparent full disk encryption for NetBSD.
Supports various ciphers: AES (128 bit blocksize and accepts 128, 192 or 256 bit keys), Blowfish (64 bit blocksize and accepts 128 bit keys) and 3DES (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
The -K option of OpenBSD vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported ciphers: Blowfish.
Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for Windows. Also supports MacOS X 10.4 (non-boot disks only).
Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
Supports USB Tokens for authentification.
Supported ciphers: AES (256 bit keys).
Part of Windows Vista that uses AES 128 or 256 bit encryption
Transparent file system and swap encryption for Linux using the Linux 2.6 device mapper. Supports various ciphers and LUKS (Linux Unified Key Setup).
Transparent file system and swap encryption for Linux using the loopback device and AES.
SafeGuard Easy
Certified according to Common Criteria EAL3 and FIPS 140-2
Encryption algorithms supported: AES (128 and 256 bit) and IDEA (128 bit)
Provides complete hard drive encryption including the boot disk.