Showing posts with label encryption. Show all posts
Showing posts with label encryption. Show all posts

Feature Spotlight: SED Unlock with EnCase & WinMagic SecureDoc

Ken Mizota

Self-encrypting drives represent a very specific problem for digital investigators. The direction of technology is clear: within the next few years, strong encryption will be baked into the silicon of every hard drive from every major manufacturer. Self-encrypting drives (SED) offer greater data security than traditional full-disk encryption in that the data stored is always encrypted at rest and the keys to decrypt the data never leave the device, which means they cannot be practically brute-forced through traditional means.

SEDs render “cold boot” and “evil maid” attacks useless and offer instant encryption and crypto-erase when a drive needs to be repurposed. SEDs are very attractive, but present significant obstacles to traditional disk-based forensics. In this post, we’ll walk through how EnCase 7.10 works with WinMagic SecureDoc to enable forensic investigation of self-encrypting drives.

Evidence Encryption in the Post-TrueCrypt Era

Ken Mizota


In the news last week, the anonymous developers of TrueCrypt very publicly announced the discontinuation of TrueCrypt development, and declared TrueCrypt "not secure." The vagaries and abruptness of the announcement have caused a disturbance in the interweb at large. A search on "TrueCrypt" yields no less than 27,000 hits categorized as "News."

TrueCrypt has been a double-edged sword for digital investigators. On one edge, TrueCrypt's wide availability means it has been used to hide data from the eyes of investigators. Full disk, container, and hidden container encryption have created "game over" situations for investigators for years. Attendees of Guidance Software's Training courses learn about common uses of TrueCrypt and practical techniques to deal with them, including use of EnCase with tools like Passware.