Full Disk Encryption
From Forensics Wiki
Full Disk Encryption or Whole Disk Encryption is a phrase that was coined by Seagate to describe their encrypting hard drive. Under such a system, the entire contents of a hard drive are encrypted. This is different from Full Volume Encryption where only certain partitions are encrypted.
Some examples of full disk encryption:
Hardware Solutions
- Eracom Technology DiskProtect
- http://www.eracom-tech.com/drive_encryption.0.html
- Hitachi Bulk Data Encryption
- http://www.hitachigst.com/tech/techlib.nsf/techdocs/74D8260832F2F75E862572D7004AE077/$file/bulk_encryption_white_paper.pdf
- Network Appliance (Decru)
- http://www.netapp.com/ftp/decru-fileshredding.pdf
- http://www.decru.com/products/pdf/dsEseries.pdf (NetApps DataFort)
- http://www.decru.com/products/ltkm.htm (Decru Lifetime key Management)
- http://www.forensicswiki.org/images/6/6f/Securing_Storage_White_Paper.pdf (Decru white paper)
Software Solutions
- BitArmor DataControl
- FDE tool that protects fixed and removable media.
- CGD
- Cryptographic Device Driver. Provides transparent full disk encryption for NetBSD.
- Supports various ciphers: AES (128 bit blocksize and accepts 128, 192 or 256 bit keys), Blowfish (64 bit blocksize and accepts 128 bit keys) and 3DES (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).
- http://www.netbsd.org/docs/guide/en/chap-cgd.html
- dm-crypt
- Transparent file system and swap encryption for Linux using the Linux 2.6 device mapper. Supports various ciphers and LUKS (Linux Unified Key Setup).
- http://www.saout.de/misc/dm-crypt/
- FreeOTFE
- Transparent on the fly encryption for MS Windows and Windows Mobile PDAs. Also supports mounting Linux dm-crypt and LUKS volumes
- http://www.FreeOTFE.org/
- GBDE
- GEOM Based Disk Encryption. Provides transparent full disk and swap encryption for FreeBSD. Supported ciphers: AES (128 bit).
- Supports hidden volumes and Pre-Boot Authentification.
- Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.
- http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=8&manpath=FreeBSD+6.2-RELEASE&format=html
- http://phk.freebsd.dk/pubs/bsdcon-03.gbde.paper.pdf
- GELI
- Cryptographic GEOM class. Provides transparent full disk encryption for FreeBSD. Supports various ciphers: AES, Blowfish and 3DES.
- Supports hidden volumes and Pre-Boot Authentification.
- http://www.freebsd.org/cgi/man.cgi?query=geli&sektion=8
- Jetico BestCrypt
- http://www.jetico.com/
- loop-AES
- Transparent file system and swap encryption for Linux using the loopback device and AES.
- http://sourceforge.net/projects/loop-aes/
- PGPDisk
- Pretty Good Privacy Whole Disk Encryption provides transparent whole disk encryption with Pre-Boot authentification for Windows. Also supports MacOS X 10.4 (non-boot disks only).
- Can use OpenPGP RFC 2440 keys and X.509 keys for authentification.
- Supports USB Tokens for authentification.
- Supported ciphers: AES (256 bit keys).
- http://www.pgp.com/products/wholediskencryption/
- SafeGuard Easy
- Certified according to Common Criteria EAL3 and FIPS 140-2
- Encryption algorithms supported: AES (128 and 256 bit) and IDEA (128 bit)
- Provides complete hard drive encryption including the boot disk.
- http://www.utimaco.us/products
- SECUDE
- SECUDE provides a software and hardware solution for full disk encryption.
- http://www.secude.com
- Securstar DriveCrypt
- http://www.securstar.com/products_drivecryptpp.php
- TrueCrypt
- Transparent full disk encryption for Linux and Windows. Supports AES (256 bit), Serpent and Twofish.
- Supports hidden volumes within TrueCrypt volumes (plausible deniability).
- http://www.truecrypt.org/
- DiskCryptor
- Free solution provided under GNU General Public License.
- http://diskcryptor.net/index.php/DiskCryptor_en
- vnconfig
- The -K option of OpenBSD vnconfig(8) associates and encryption key with the svnd device. Supports saltfiles. Supported ciphers: Blowfish.
- http://www.openbsd.org/cgi-bin/man.cgi?query=vnconfig&sektion=8
