Difference between revisions of "Full Disk Encryption"

From Forensics Wiki
Jump to: navigation, search
m (add to cat anti-forensics and encryption)
Line 39: Line 39:
 
: Supports hidden volumes within TrueCrypt volumes (plausible deniability).
 
: Supports hidden volumes within TrueCrypt volumes (plausible deniability).
 
: http://www.truecrypt.org/
 
: http://www.truecrypt.org/
 +
 +
; [[SECUDE]]
 +
: [[SECUDE]] provides a software and hardware solution for [[Full Disk Encryption]].
 +
: http://www.secude.com
  
 
; [[GBDE]]
 
; [[GBDE]]

Revision as of 02:58, 8 October 2008

Full Disk Encryption or Whole Disk Encryption is a phrase that was coined by Seagate to describe their encrypting hard drive. Under such a system, the entire contents of a hard drive are encrypted. This is different from Full Volume Encryption where only certain partitions are encrypted.

Some examples of full disk encryption:

Hardware Solutions

Seagate FDE
http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
Network Appliance (Decru)
http://www.netapp.com/ftp/decru-fileshredding.pdf
http://www.decru.com/products/pdf/dsEseries.pdf (NetApps DataFort)
http://www.decru.com/products/ltkm.htm (Decru Lifetime key Management)
http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)
Jetico BestCrypt
http://www.jetico.com/
beCrypt
http://www.becrypt.com/our_products/disk_protect.php
SecureDoc
http://www.smart-cardsys.com/security/securedoc.htm
Securstar driveCrypt DriveCrypt 4.20 - 1344Bit Hard Disk Encryption
http://www.securstar.com/products_drivecryptpp.php
Eracom Technology DiskProtect
http://www.eracom-tech.com/drive_encryption.0.html
Hitachi Bulk Data Encryption
http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf

Software Solutions

TrueCrypt
Transparent full disk encryption for Linux and Windows. Supports various ciphers: AES (256 bit), Serpent and Twofish.
It provides protection from watermarking and inference attacks (volumes cannot be distinguished from random data).
Supports hidden volumes within TrueCrypt volumes (plausible deniability).
http://www.truecrypt.org/
SECUDE
SECUDE provides a software and hardware solution for Full Disk Encryption.
http://www.secude.com
GBDE
GEOM Based Disk Encryption. Provides transparent full disk and swap encryption for FreeBSD. Supported ciphers: AES (128 bit).
Supports hidden volumes and Pre-Boot Authentification.
Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
GELI
Cryptographic GEOM class. Provides transparent full disk encryption for FreeBSD. Supports various ciphers: AES, Blowfish and 3DES.
Supports hidden volumes and Pre-Boot Authentification.
http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
CGD
Cryptographic Device Driver. Provides transparent full disk encryption for NetBSD.
Supports various ciphers: AES (128 bit blocksize and accepts 128, 192 or 256 bit keys), Blowfish (64 bit blocksize and accepts 128 bit keys) and 3DES (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
http://www.netbsd.org/docs/guide/en/chap-cgd.html
vnconfig
The -K option of OpenBSD vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported ciphers: Blowfish.
http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8
PGPDisk
Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for Windows. Also supports MacOS X 10.4 (non-boot disks only).
Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
Supports USB Tokens for authentification.
Supported ciphers: AES (256 bit keys).
http://www.pgp.com/products/wholediskencryption/
BitLocker
Part of Windows Vista that uses AES 128 or 256 bit encryption
BitArmor
http://www.bitarmor.com/
dm-crypt
Transparent file system and swap encryption for Linux using the Linux 2.6 device mapper. Supports various ciphers and LUKS (Linux Unified Key Setup).
http://www.saout.de/misc/dm-crypt/
loop-AES
Transparent file system and swap encryption for Linux using the loopback device and AES.
http://sourceforge.net/projects/loop-aes/
SafeGuard Easy
Certified according to Common Criteria EAL3 and FIPS 140-2
Encryption algorithms supported: AES (128 and 256 bit) and IDEA (128 bit)
Provides complete hard drive encryption including the boot disk.
http://www.utimaco.us/products
Checkpoint Full Disk Encryption
http://www.checkpoint.com/products/datasecurity/pc/