Difference between pages "Full Disk Encryption" and "File:Huawei-u8655-front.jpg"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
 
 
Line 1: Line 1:
'''Full Disk Encryption''' or '''Whole Disk Encryption''' is a phrase that was coined by [[Seagate]] to describe their encrypting [[hard drive]]. Under such a system, the entire contents of a hard drive are encrypted. This is different from [[Full Volume Encryption]] where only certain partitions are encrypted.
 
  
Some examples of full disk encryption:
 
 
== Hardware Solutions ==
 
=== Embedded into internal HDD ===
 
; Hitachi ''Bulk Data Encryption'' ("BDE")
 
: http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
 
* FIPS 197 (Federal Information Processing Standard 197 certification issued by NIST)
 
* [http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html AES-128]
 
; Seagate ''Full Disk Encryption'' ("FDE")
 
: http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
 
: Seagate's encrypted drives are only available as OEM products.  Seagate provides no software to utilize encrypted drive features (such as key management).  There is a proprietary Windows-only API, but it is not available to the public.
 
* [http://www.seagate.com/ww/v/index.jsp?name=st9500422as-momentus-7200-fde-fips-140-2-sata-500gb-hd&vgnextoid=0be9f080d2c55210VgnVCM1000001a48090aRCRD&locale=en-US&pf=1 FIPS 140-2] (Federal Information Processing Standard 140-2 certification issued by NIST)
 
; Toshiba ''Self-Encrypting Drives'' ("SED")
 
* [http://sdd.toshiba.com/main.aspx?Path=ServicesSupport/Self-EncryptingDrives AES-256] (certification issued by NIST)
 
 
=== Supplemental Hardware / External Chassis ===
 
; Addonics product lines
 
: http://www.addonics.com/products/cipher/CPD256U.asp
 
 
; Apricorn product lines
 
: http://www.apricorn.com/products.php?cat_id=72
 
 
; DigiSafe
 
: http://www.digisafe.com/products/products_DiskCryptMobile.htm
 
 
; Eracom Technology DiskProtect
 
: http://www.eracom-tech.com/drive_encryption.0.html
 
 
; iStorage DiskCrypt Mobile
 
: http://www.istorage-uk.com/diskcryptmobile.php
 
 
; Network Appliance (Decru)
 
: http://www.netapp.com/ftp/decru-fileshredding.pdf
 
: http://www.netapp.com/us/products/storage-security-systems/
 
: http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)
 
 
== Software Solutions ==
 
 
; beCrypt
 
: http://www.becrypt.com/our_products/disk_protect.php
 
 
; [[BitArmor]] [[DataControl]]
 
: FDE tool that protects fixed and removable media.
 
 
; [[BitLocker]]
 
: Part of Windows Vista that uses [[AES]] 128 or 256 bit encryption
 
 
; [[CGD]]
 
: Cryptographic Device Driver. Provides transparent full disk encryption for [[NetBSD]].
 
: Supports various [[ciphers]]: [[AES]] (128 bit blocksize and accepts 128, 192 or 256 bit keys), [[Blowfish]] (64 bit blocksize and accepts 128 bit keys) and [[3DES]] (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
 
: http://www.netbsd.org/docs/guide/en/chap-cgd.html
 
 
; [[Checkpoint Full Disk Encryption]]
 
: http://www.checkpoint.com/products/datasecurity/pc/
 
 
; [[dm-crypt]]
 
: Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the Linux 2.6 device mapper. Supports various [[ciphers]] and [[Linux Unified Key Setup (LUKS)]].
 
: http://www.saout.de/misc/dm-crypt/
 
: http://clemens.endorphin.org/nmihde/nmihde-A4-ds.pdf
 
 
; [[FreeOTFE]]
 
: Transparent on the fly encryption for [[Windows|MS Windows]] and [[Microsoft Windows Mobile|Windows Mobile]] PDAs. Also supports mounting [[Linux]] [[dm-crypt]] and [[Linux Unified Key Setup (LUKS)|LUKS]] volumes
 
: http://www.FreeOTFE.org/
 
 
; [[GBDE]]
 
: [[GEOM]] Based Disk Encryption. Provides transparent full disk and swap encryption for [[FreeBSD]]. Supported  [[ciphers]]: [[AES]] (128 bit).
 
: Supports hidden volumes and Pre-Boot Authentification.
 
: Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
 
: http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
 
: http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
 
 
; [[GELI]]
 
: Cryptographic [[GEOM]] class. Provides transparent full disk encryption for [[FreeBSD]]. Supports various [[ciphers]]: [[AES]], [[Blowfish]] and [[3DES]].
 
: Supports hidden volumes and Pre-Boot Authentification.
 
: http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
 
 
; Jetico BestCrypt
 
: http://www.jetico.com/
 
 
; [[loop-AES]]
 
: Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the loopback device and [[AES]].
 
: http://sourceforge.net/projects/loop-aes/
 
 
; [[PGPDisk]]
 
: Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for [[Windows]]. Also supports [[MacOS]] X 10.4 (non-boot disks only).
 
: Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
 
: Supports USB Tokens for authentification.
 
: Supported [[ciphers]]: [[AES]] (256 bit keys).
 
: http://www.pgp.com/products/wholediskencryption/
 
 
; [[SafeGuard Easy]]
 
: Certified according to [[Common Criteria]] EAL3 and FIPS 140-2
 
: Encryption algorithms supported: [[AES]] (128 and 256 bit) and [[IDEA]] (128 bit)
 
: Provides complete [[hard drive]] encryption including the boot disk.
 
: http://www.utimaco.us/products
 
 
; [[SECUDE]]
 
: [[SECUDE]] provides a software and hardware solution for full disk encryption.
 
: http://www.secude.com
 
 
; Securstar DriveCrypt
 
: http://www.securstar.com/products_drivecryptpp.php
 
 
; [[TrueCrypt]]
 
: Transparent full disk encryption for [[Linux]] and [[Windows]]. Supports [[AES]] (256 bit), [[Serpent]] and [[Twofish]].
 
: Supports hidden volumes within TrueCrypt volumes (plausible deniability).
 
: http://www.truecrypt.org/
 
 
; [[DiskCryptor]]
 
: Free solution provided under GNU General Public License.
 
: http://diskcryptor.net/index.php/DiskCryptor_en
 
 
; [[vnconfig]]
 
: The -K option of [[OpenBSD]] vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported [[ciphers]]: [[Blowfish]].
 
: http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8
 
 
==Exernal Links==
 
[http://www.thinkwiki.org/wiki/Full_Disk_Encryption_(FDE) Wiki page for FDE on Thinkpads]
 
 
[[Category:Encryption]]
 
[[Category:Anti-Forensics]]
 
[[Category:Disk encryption]]
 

Latest revision as of 20:32, 12 September 2013