Difference between pages "User:Lenageraghty" and "Full Disk Encryption"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m (Lena's Page)
 
m (Supplemental Hardware / External Chassis: rm dead links)
 
Line 1: Line 1:
== Lena's Page ==
+
'''Full Disk Encryption''' or '''Whole Disk Encryption''' is a phrase that was coined by [[Seagate]] to describe their encrypting [[hard drive]]. Under such a system, the entire contents of a hard drive are encrypted. This is different from [[Full Volume Encryption]] where only certain partitions are encrypted.
  
''It would be better to put this information below on the actual wiki pages, where other people could find it. Thanks!''
+
Some examples of full disk encryption:
  
=== Cryptographical File System: ===
+
== Hardware Solutions ==
 +
=== Embedded into internal HDD ===
 +
; Hitachi ''Bulk Data Encryption'' ("BDE")
 +
: http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
  
[http://http://www.crypto.com/papers/cfskey.pdf|Key Management in an Encrypting File System], Matt Blaze, USENIX Summer 1994 Technical Conference, Boston, MA, June 1994.
+
; Seagate ''Full Disk Encryption'' ("FDE")
 +
: http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
  
[http://http://www.crypto.com/papers/cfs.pdf|A Cryptographic File System for Unix], Matt Blaze, Proceedings of the First ACM Conference on Computer and Communications Security, Fairfax, VA, November 1993.
+
; Toshiba ''Self-Encrypting Drives'' ("SED")
 +
: http://sdd.toshiba.com/main.aspx?Path=TrendsTechnology/Self-EncryptingDrives
  
=== Vendor's product overview: ===
+
=== Supplemental Hardware / External Chassis ===
 +
; Addonics product lines
 +
: http://www.addonics.com/products/cipher/CPD256U.asp
  
Seagate FDE: http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
+
; Apricorn product lines
 +
: http://www.apricorn.com/products.php?cat_id=72
  
Network Appliance: http://www.netapp.com/ftp/decru-fileshredding.pdf
+
; Eracom Technology DiskProtect
 +
: http://www.eracom-tech.com/drive_encryption.0.html
  
=== Other useful site: ===
+
; iStorage DiskCrypt Mobile
Transparent Cryptographic File System: http://www.tcfs.it/index.php?pc=2
+
: http://www.istorage-uk.com/diskcryptmobile.php
  
=== Hexlisgroup's page ===
+
; Network Appliance (Decru)
[[User:Helixgroup]] Helix page with links.
+
: http://www.netapp.com/ftp/decru-fileshredding.pdf
 +
: http://www.netapp.com/us/products/storage-security-systems/
 +
: http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)
 +
 
 +
== Software Solutions ==
 +
 
 +
; beCrypt
 +
: http://www.becrypt.com/our_products/disk_protect.php
 +
 
 +
; [[BitArmor]] [[DataControl]]
 +
: FDE tool that protects fixed and removable media.
 +
 
 +
; [[BitLocker]]
 +
: Part of Windows Vista that uses [[AES]] 128 or 256 bit encryption
 +
 
 +
; [[CGD]]
 +
: Cryptographic Device Driver. Provides transparent full disk encryption for [[NetBSD]].
 +
: Supports various [[ciphers]]: [[AES]] (128 bit blocksize and accepts 128, 192 or 256 bit keys), [[Blowfish]] (64 bit blocksize and accepts 128 bit keys) and [[3DES]] (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
 +
: http://www.netbsd.org/docs/guide/en/chap-cgd.html
 +
 
 +
; [[Checkpoint Full Disk Encryption]]
 +
: http://www.checkpoint.com/products/datasecurity/pc/
 +
 
 +
; [[dm-crypt]]
 +
: Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the Linux 2.6 device mapper. Supports various [[ciphers]] and [[LUKS]] (Linux Unified Key Setup).
 +
: http://www.saout.de/misc/dm-crypt/
 +
 
 +
; [[FreeOTFE]]
 +
: Transparent on the fly encryption for [[Windows|MS Windows]] and [[Microsoft Windows Mobile|Windows Mobile]] PDAs. Also supports mounting [[Linux]] [[dm-crypt]] and [[LUKS]] volumes
 +
: http://www.FreeOTFE.org/
 +
 
 +
; [[GBDE]]
 +
: [[GEOM]] Based Disk Encryption. Provides transparent full disk and swap encryption for [[FreeBSD]]. Supported  [[ciphers]]: [[AES]] (128 bit).
 +
: Supports hidden volumes and Pre-Boot Authentification.
 +
: Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
 +
: http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
 +
: http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
 +
 
 +
; [[GELI]]
 +
: Cryptographic [[GEOM]] class. Provides transparent full disk encryption for [[FreeBSD]]. Supports various [[ciphers]]: [[AES]], [[Blowfish]] and [[3DES]].
 +
: Supports hidden volumes and Pre-Boot Authentification.
 +
: http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
 +
 
 +
; Jetico BestCrypt
 +
: http://www.jetico.com/
 +
 
 +
; [[loop-AES]]
 +
: Transparent [[file system]] and [[swap]] encryption for [[Linux]] using the loopback device and [[AES]].
 +
: http://sourceforge.net/projects/loop-aes/
 +
 
 +
; [[PGPDisk]]
 +
: Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for [[Windows]]. Also supports [[MacOS]] X 10.4 (non-boot disks only).
 +
: Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
 +
: Supports USB Tokens for authentification.
 +
: Supported [[ciphers]]: [[AES]] (256 bit keys).
 +
: http://www.pgp.com/products/wholediskencryption/
 +
 
 +
; [[SafeGuard Easy]]
 +
: Certified according to [[Common Criteria]] EAL3 and FIPS 140-2
 +
: Encryption algorithms supported: [[AES]] (128 and 256 bit) and [[IDEA]] (128 bit)
 +
: Provides complete [[hard drive]] encryption including the boot disk.
 +
: http://www.utimaco.us/products
 +
 
 +
; [[SECUDE]]
 +
: [[SECUDE]] provides a software and hardware solution for full disk encryption.
 +
: http://www.secude.com
 +
 
 +
; Securstar DriveCrypt
 +
: http://www.securstar.com/products_drivecryptpp.php
 +
 
 +
; [[TrueCrypt]]
 +
: Transparent full disk encryption for [[Linux]] and [[Windows]]. Supports [[AES]] (256 bit), [[Serpent]] and [[Twofish]].
 +
: Supports hidden volumes within TrueCrypt volumes (plausible deniability).
 +
: http://www.truecrypt.org/
 +
 
 +
; [[DiskCryptor]]
 +
: Free solution provided under GNU General Public License.
 +
: http://diskcryptor.net/index.php/DiskCryptor_en
 +
 
 +
; [[vnconfig]]
 +
: The -K option of [[OpenBSD]] vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported [[ciphers]]: [[Blowfish]].
 +
: http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8
 +
 
 +
[[Category:Encryption]]
 +
[[Category:Anti-Forensics]]
 +
[[Category:Disk encryption]]

Revision as of 03:34, 19 June 2011

Full Disk Encryption or Whole Disk Encryption is a phrase that was coined by Seagate to describe their encrypting hard drive. Under such a system, the entire contents of a hard drive are encrypted. This is different from Full Volume Encryption where only certain partitions are encrypted.

Some examples of full disk encryption:

Hardware Solutions

Embedded into internal HDD

Hitachi Bulk Data Encryption ("BDE")
http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
Seagate Full Disk Encryption ("FDE")
http://www.seagate.com/docs/pdf/marketing/PO-Momentus-FDE.pdf
Toshiba Self-Encrypting Drives ("SED")
http://sdd.toshiba.com/main.aspx?Path=TrendsTechnology/Self-EncryptingDrives

Supplemental Hardware / External Chassis

Addonics product lines
http://www.addonics.com/products/cipher/CPD256U.asp
Apricorn product lines
http://www.apricorn.com/products.php?cat_id=72
Eracom Technology DiskProtect
http://www.eracom-tech.com/drive_encryption.0.html
iStorage DiskCrypt Mobile
http://www.istorage-uk.com/diskcryptmobile.php
Network Appliance (Decru)
http://www.netapp.com/ftp/decru-fileshredding.pdf
http://www.netapp.com/us/products/storage-security-systems/
http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)

Software Solutions

beCrypt
http://www.becrypt.com/our_products/disk_protect.php
BitArmor DataControl
FDE tool that protects fixed and removable media.
BitLocker
Part of Windows Vista that uses AES 128 or 256 bit encryption
CGD
Cryptographic Device Driver. Provides transparent full disk encryption for NetBSD.
Supports various ciphers: AES (128 bit blocksize and accepts 128, 192 or 256 bit keys), Blowfish (64 bit blocksize and accepts 128 bit keys) and 3DES (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
http://www.netbsd.org/docs/guide/en/chap-cgd.html
Checkpoint Full Disk Encryption
http://www.checkpoint.com/products/datasecurity/pc/
dm-crypt
Transparent file system and swap encryption for Linux using the Linux 2.6 device mapper. Supports various ciphers and LUKS (Linux Unified Key Setup).
http://www.saout.de/misc/dm-crypt/
FreeOTFE
Transparent on the fly encryption for MS Windows and Windows Mobile PDAs. Also supports mounting Linux dm-crypt and LUKS volumes
http://www.FreeOTFE.org/
GBDE
GEOM Based Disk Encryption. Provides transparent full disk and swap encryption for FreeBSD. Supported ciphers: AES (128 bit).
Supports hidden volumes and Pre-Boot Authentification.
Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
GELI
Cryptographic GEOM class. Provides transparent full disk encryption for FreeBSD. Supports various ciphers: AES, Blowfish and 3DES.
Supports hidden volumes and Pre-Boot Authentification.
http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
Jetico BestCrypt
http://www.jetico.com/
loop-AES
Transparent file system and swap encryption for Linux using the loopback device and AES.
http://sourceforge.net/projects/loop-aes/
PGPDisk
Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for Windows. Also supports MacOS X 10.4 (non-boot disks only).
Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
Supports USB Tokens for authentification.
Supported ciphers: AES (256 bit keys).
http://www.pgp.com/products/wholediskencryption/
SafeGuard Easy
Certified according to Common Criteria EAL3 and FIPS 140-2
Encryption algorithms supported: AES (128 and 256 bit) and IDEA (128 bit)
Provides complete hard drive encryption including the boot disk.
http://www.utimaco.us/products
SECUDE
SECUDE provides a software and hardware solution for full disk encryption.
http://www.secude.com
Securstar DriveCrypt
http://www.securstar.com/products_drivecryptpp.php
TrueCrypt
Transparent full disk encryption for Linux and Windows. Supports AES (256 bit), Serpent and Twofish.
Supports hidden volumes within TrueCrypt volumes (plausible deniability).
http://www.truecrypt.org/
DiskCryptor
Free solution provided under GNU General Public License.
http://diskcryptor.net/index.php/DiskCryptor_en
vnconfig
The -K option of OpenBSD vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported ciphers: Blowfish.
http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8