Difference between pages "Bibliography" and "Full Disk Encryption"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
m
 
(Software Solutions: - Cleanup and making new links)
 
Line 1: Line 1:
=Disk Disposal and Data Recovery=
+
'''Full Disk Encryption''' or '''Whole Disk Encryption''' is a phrase that was coined by [[Seagate]] to describe their encrypting [[hard drive]]. Under such a system, the entire contents of a hard drive are encrypted. This is different from [[Full Volume Encryption]] where only certain partitions are encrypted.
* [http://www.deepspar.com/pdf/DeepSparDiskImagingWhitepaper3.pdf Disk Imaging: A Vital Step in Data Recovery], DeepSpar Data Recovery Systems, November 2006. An in depth look at the many issues that cause data loss / irretrievable data in the data recovery imaging process and how to overcome them.
+
* [http://www.actionfront.com/ts_whitepaper.asp Drive-Independent Data Recovery: The Current State-of-the-Art], ActionFront Data Recovery Labs, August 2005.
+
* [[Recovering Overwritten Data#The Gutmann Paper|Secure Deletion of Data from Magnetic and Solid-State Memory]], Peter Gutmann, Proceedings of the Sixth Usenix Security Symposium, 1996. [http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html]
+
* [http://www-03.ibm.com/financing/pdf/us/recovery/igf4-a032.pdf Hard Drive Disposal: The Overlooked Confidentiality Exposure], FInancial Perspectives, IBM White Paper, November 2003.
+
  
=Evidence Gathering=
+
Some examples of full disk encryption:
  
* [http://utdallas.edu/~sxs018540/index/docs/byteprints_itcc05.pdf Byteprints: A Tool to Gather Digital Evidence], Sriranjani Sitaraman, Srinivasan Krishnamurthy and S. Venkatesan, Proceedings of the International Conference on Information Technology (ITCC 2005), Las Vegas, Nevada, USA, April 4 - 6, 2005
+
== Hardware Solutions ==
  
=Fake Information=
+
; beCrypt
 +
: http://www.becrypt.com/our_products/disk_protect.php
  
* [https://analysis.mitre.org/proceedings/Final_Papers_Files/84_Camera_Ready_Paper.pdf Automatic Detection of Fake File Systems], Neil C. Rowe, International Conference on Intelligence Analysis Methods and Tools, McLean, Virginia, May 2005.
+
; Eracom Technology DiskProtect
 +
: http://www.eracom-tech.com/drive_encryption.0.html
  
=Feature Extraction and Data Fusion=
+
; Hitachi Bulk Data Encryption
Computer Location Determination Through Geoparsing and Geocoding of
+
: http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
Extracted Features
+
http://www2.chadsteel.com:8080/Publications/drive_location2.doc
+
  
 +
; Network Appliance (Decru)
 +
: http://www.netapp.com/ftp/decru-fileshredding.pdf
 +
: http://www.decru.com/products/pdf/dsEseries.pdf (NetApps DataFort)
 +
: http://www.decru.com/products/ltkm.htm (Decru Lifetime key Management)
 +
: http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)
  
=File Carving=
+
; Seagate FDE
 +
: http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
  
* [http://citeseer.ist.psu.edu/shanmugasundaram03automatic.html  Automatic Reassembly of Document Fragments via Context Based Statistical Models], Kulesh Shanmugasundaram and Nasir Memon.  
+
; SecureDoc
 +
: http://www.smart-cardsys.com/security/securedoc.htm
  
 +
== Software Solutions ==
  
=Text Mining=
+
; [[BitArmor]] [[DataControl]]
 +
: FDE tool that protects fixed and removable media.
  
'''Computer Forensic Text Analysis with Open Source Software,''' Christian Johansson, Masters Thesis, Blekinge Tekniska Hogskola, June 2003  http://www.fukt.bth.se/~uncle/papers/master/thesis.pdf
+
; [[BitLocker]]
 +
: Part of Windows Vista that uses [[AES]] 128 or 256 bit encryption
  
=Signed Evidence=
+
; [[CGD]]
<bibtex>
+
: Cryptographic Device Driver. Provides transparent full disk encryption for [[NetBSD]].
@article{duerr-2004,
+
: Supports various [[ciphers]]: [[AES]] (128 bit blocksize and accepts 128, 192 or 256 bit keys), [[Blowfish]] (64 bit blocksize and accepts 128 bit keys) and [[3DES]] (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
  title="Information Assurance Applied to Authentication of Digital Evidence",
+
: http://www.netbsd.org/docs/guide/en/chap-cgd.html
  author="Thomas E. Duerr and Nicholas D. Beser and Gregory P. Staisiunas",
+
  year=2004,
+
  journal="Forensic Science Communications",
+
  volume=6,
+
  number=4,
+
  url="http://www.fbi.gov/hq/lab/fsc/backissu/oct2004/research/2004_10_research01.htm"
+
}
+
</bibtex>
+
  
 +
; [[Checkpoint Full Disk Encryption]]
 +
: http://www.checkpoint.com/products/datasecurity/pc/
  
<bibtex>
+
; [[dm-crypt]]
@article{OppligerR03,
+
: Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the Linux 2.6 device mapper. Supports various [[ciphers]] and [[LUKS]] (Linux Unified Key Setup).
  author    = {Rolf Oppliger and Ruedi Rytz},
+
: http://www.saout.de/misc/dm-crypt/
  title    = {Digital Evidence: Dream and Reality},
+
  journal  = {IEEE Security {\&} Privacy},
+
  volume    = {1},
+
  number    = {5},
+
  year      = {2003},
+
  pages    = {44-48},
+
  url      = {http://doi.ieeecomputersociety.org/10.1109/MSECP.2003.1236234},
+
  abstract="Digital evidence is inherently weak. New evidence-gathering technologies-digital black boxes-must be developed and deployed to support investigations of irreproducible events such as digitally signing a document."
+
}
+
</bibtex>
+
  
=Theory=
+
; [[FreeOTFE]]
'''A Hypothesis-Based Approach to Digital Forensic Investigations,''' Brian D. Carrier, Ph.D. Dissertation
+
: Transparent on the fly encryption for [[Windows|MS Windows]] and [[Microsoft Windows Mobile|Windows Mobile]] PDAs. Also supports mounting [[Linux]] [[dm-crypt]] and [[LUKS]] volumes
Purdue University, May 2006 https://www.cerias.purdue.edu/tools_and_resources/bibtex_archive/archive/2006-06.pdf
+
: http://www.FreeOTFE.org/
  
=Other Papers=
+
; [[GBDE]]
 +
: [[GEOM]] Based Disk Encryption. Provides transparent full disk and swap encryption for [[FreeBSD]]. Supported  [[ciphers]]: [[AES]] (128 bit).
 +
: Supports hidden volumes and Pre-Boot Authentification.
 +
: Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
 +
: http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
 +
: http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
  
* [http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?], Peter P. Swire, Moritz College of Law of the Ohio State University, Journal on Telecommunications and High Technology Law, Vol. 2, 2004.
+
; [[GELI]]
 +
: Cryptographic [[GEOM]] class. Provides transparent full disk encryption for [[FreeBSD]]. Supports various [[ciphers]]: [[AES]], [[Blowfish]] and [[3DES]].
 +
: Supports hidden volumes and Pre-Boot Authentification.
 +
: http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
 +
 
 +
; Jetico BestCrypt
 +
: http://www.jetico.com/
 +
 
 +
; [[loop-AES]]
 +
: Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the loopback device and [[AES]].
 +
: http://sourceforge.net/projects/loop-aes/
 +
 
 +
; [[PGPDisk]]
 +
: Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for [[Windows]]. Also supports [[MacOS]] X 10.4 (non-boot disks only).
 +
: Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
 +
: Supports USB Tokens for authentification.
 +
: Supported [[ciphers]]: [[AES]] (256 bit keys).
 +
: http://www.pgp.com/products/wholediskencryption/
 +
 
 +
; [[SafeGuard Easy]]
 +
: Certified according to [[Common Criteria]] EAL3 and FIPS 140-2
 +
: Encryption algorithms supported: [[AES]] (128 and 256 bit) and [[IDEA]] (128 bit)
 +
: Provides complete [[hard drive]] encryption including the boot disk.
 +
: http://www.utimaco.us/products
 +
 
 +
; [[SECUDE]]
 +
: [[SECUDE]] provides a software and hardware solution for full disk encryption.
 +
: http://www.secude.com
 +
 
 +
; Securstar DriveCrypt
 +
: http://www.securstar.com/products_drivecryptpp.php
 +
 
 +
; [[TrueCrypt]]
 +
: Transparent full disk encryption for [[Linux]] and [[Windows]]. Supports [[AES]] (256 bit), [[Serpent]] and [[Twofish]].
 +
: Supports hidden volumes within TrueCrypt volumes (plausible deniability).
 +
: http://www.truecrypt.org/
 +
 
 +
; [[vnconfig]]
 +
: The -K option of [[OpenBSD]] vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported [[ciphers]]: [[Blowfish]].
 +
: http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8
 +
 
 +
[[Category:Encryption]]
 +
[[Category:Anti-Forensics]]
 +
[[Category:Disk encryption]]

Revision as of 07:27, 3 April 2009

Full Disk Encryption or Whole Disk Encryption is a phrase that was coined by Seagate to describe their encrypting hard drive. Under such a system, the entire contents of a hard drive are encrypted. This is different from Full Volume Encryption where only certain partitions are encrypted.

Some examples of full disk encryption:

Hardware Solutions

beCrypt
http://www.becrypt.com/our_products/disk_protect.php
Eracom Technology DiskProtect
http://www.eracom-tech.com/drive_encryption.0.html
Hitachi Bulk Data Encryption
http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
Network Appliance (Decru)
http://www.netapp.com/ftp/decru-fileshredding.pdf
http://www.decru.com/products/pdf/dsEseries.pdf (NetApps DataFort)
http://www.decru.com/products/ltkm.htm (Decru Lifetime key Management)
http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)
Seagate FDE
http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
SecureDoc
http://www.smart-cardsys.com/security/securedoc.htm

Software Solutions

BitArmor DataControl
FDE tool that protects fixed and removable media.
BitLocker
Part of Windows Vista that uses AES 128 or 256 bit encryption
CGD
Cryptographic Device Driver. Provides transparent full disk encryption for NetBSD.
Supports various ciphers: AES (128 bit blocksize and accepts 128, 192 or 256 bit keys), Blowfish (64 bit blocksize and accepts 128 bit keys) and 3DES (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
http://www.netbsd.org/docs/guide/en/chap-cgd.html
Checkpoint Full Disk Encryption
http://www.checkpoint.com/products/datasecurity/pc/
dm-crypt
Transparent file system and swap encryption for Linux using the Linux 2.6 device mapper. Supports various ciphers and LUKS (Linux Unified Key Setup).
http://www.saout.de/misc/dm-crypt/
FreeOTFE
Transparent on the fly encryption for MS Windows and Windows Mobile PDAs. Also supports mounting Linux dm-crypt and LUKS volumes
http://www.FreeOTFE.org/
GBDE
GEOM Based Disk Encryption. Provides transparent full disk and swap encryption for FreeBSD. Supported ciphers: AES (128 bit).
Supports hidden volumes and Pre-Boot Authentification.
Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
GELI
Cryptographic GEOM class. Provides transparent full disk encryption for FreeBSD. Supports various ciphers: AES, Blowfish and 3DES.
Supports hidden volumes and Pre-Boot Authentification.
http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
Jetico BestCrypt
http://www.jetico.com/
loop-AES
Transparent file system and swap encryption for Linux using the loopback device and AES.
http://sourceforge.net/projects/loop-aes/
PGPDisk
Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for Windows. Also supports MacOS X 10.4 (non-boot disks only).
Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
Supports USB Tokens for authentification.
Supported ciphers: AES (256 bit keys).
http://www.pgp.com/products/wholediskencryption/
SafeGuard Easy
Certified according to Common Criteria EAL3 and FIPS 140-2
Encryption algorithms supported: AES (128 and 256 bit) and IDEA (128 bit)
Provides complete hard drive encryption including the boot disk.
http://www.utimaco.us/products
SECUDE
SECUDE provides a software and hardware solution for full disk encryption.
http://www.secude.com
Securstar DriveCrypt
http://www.securstar.com/products_drivecryptpp.php
TrueCrypt
Transparent full disk encryption for Linux and Windows. Supports AES (256 bit), Serpent and Twofish.
Supports hidden volumes within TrueCrypt volumes (plausible deniability).
http://www.truecrypt.org/
vnconfig
The -K option of OpenBSD vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported ciphers: Blowfish.
http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8