Quantcast

Maximum PC

It is currently Mon Jul 28, 2014 4:30 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 10 posts ] 
Author Message
 Post subject: What is the safest way to protect data on a HDD ?
PostPosted: Mon Apr 15, 2013 11:42 pm 
8086
8086

Joined: Fri Mar 23, 2012 8:22 pm
Posts: 11
Hi,
I want to send my hard disk overseas in mail ( Courier ) which has important data.
The HDD has 5 Partitions, 4 of which are data partitions.
How do I protect my data in case if the HDD ends up in wrong hands ?
The only way I thought of was BitLocker or TrueCrypt but do I need to encrypt the system partition OR do I need a system partition at all, because the HDD would be used on a different machine & Windows won’t boot on that machine anyway. So why not just format or delete the system partition after I have encrypted the data partitions ? Would that be good solution ?
Also can I encrypt few folders in one partitions with ” Folder Lock software “ with a different password so I have more protection ?
The reason being a software called “ Forensic Disk Decrypter “ by Elcom soft which claims to decrypt major 3 encryption software namely BitLocker, TryeCrypt & PGP.
So where does that leave us ?
Thanks


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Tue Apr 16, 2013 5:46 am 
Smithfield
Smithfield

Joined: Sun Jun 18, 2006 7:37 pm
Posts: 5064
TrueCrypt, with another encrypted partition inside the encrypted partition.


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Tue Apr 16, 2013 7:12 am 
Million Club - 5 Plus
Million Club - 5 Plus
User avatar

Joined: Sat Jul 08, 2006 6:23 am
Posts: 2625
Location: Folding as BlackSun59
dan99t wrote:
The reason being a software called “ Forensic Disk Decrypter “ by Elcom soft which claims to decrypt major 3 encryption software namely BitLocker, TryeCrypt & PGP.
So where does that leave us ?
Thanks

Elcomsoft http://www.elcomsoft.com/efdd.html says this:

" Three Ways to Acquire Encryption Keys

Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be derived from hibernation files or memory dump files acquired while the encrypted volume was mounted. There are three ways available to acquire the original encryption keys:

By analyzing the hibernation file (if the PC being analyzed is turned off);
By analyzing a memory dump file *
By performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).

* A memory dump of a running PC can be acquired with one of the readily available forensic tools such as MoonSols Windows Memory Toolkit
** A free tool launched on investigator’s PC is required to perform the FireWire attack (e.g. Inception)"

1. If you don't have a hibernation file (hiberfil.sys), there's one way that foils the program. How to delete the hibernation file is detailed here: http://www.howtogeek.com/howto/15140/wh ... delete-it/
2. If you have memory dumps set to not write (Start -> Settings -> Control Panel -> System -> Advanced System Settings -> Startup and Recovery Settings -> uncheck the "Write an event to the system log" box) then there won't be any memory dumps to view. Either that, or regularly check for memory dumps (file extension .dmp) and erase them. Besides, the encrypted volume has to be mounted in order for Elcomsoft to work. Why not just read the mounted volume?
3. If your PC is unattended and turned off, you have no hiberfile.sys and no TrueCrypt encrypted volumes are mounted, the Elcomsoft software does not work and TrueCrypt will protect your data so long as your password is sufficiently secure.


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Tue Apr 16, 2013 8:52 am 
Smithfield
Smithfield

Joined: Sun Jun 18, 2006 7:37 pm
Posts: 5064
I'm not sure if it's applicable, but BitLocker can also use Intel's Trusted Platform Module, which should bypass the need of storing keys in RAM (and by extension, hibernate file). But yes, TrueCrypt and doing an encrypted partition in an encrypted partition is probably your best bet if you're highly paranoid. But read more about it https://en.wikipedia.org/wiki/TrueCrypt ... y_concerns


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Tue Apr 16, 2013 9:28 pm 
8086
8086

Joined: Fri Mar 23, 2012 8:22 pm
Posts: 11
OvenMaster wrote:
dan99t wrote:
The reason being a software called “ Forensic Disk Decrypter “ by Elcom soft which claims to decrypt major 3 encryption software namely BitLocker, TryeCrypt & PGP.
So where does that leave us ?
Thanks

Elcomsoft http://www.elcomsoft.com/efdd.html says this:

" Three Ways to Acquire Encryption Keys

Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be derived from hibernation files or memory dump files acquired while the encrypted volume was mounted. There are three ways available to acquire the original encryption keys:

By analyzing the hibernation file (if the PC being analyzed is turned off);
By analyzing a memory dump file *
By performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).

* A memory dump of a running PC can be acquired with one of the readily available forensic tools such as MoonSols Windows Memory Toolkit
** A free tool launched on investigator’s PC is required to perform the FireWire attack (e.g. Inception)"

1. If you don't have a hibernation file (hiberfil.sys), there's one way that foils the program. How to delete the hibernation file is detailed here: http://www.howtogeek.com/howto/15140/wh ... delete-it/
2. If you have memory dumps set to not write (Start -> Settings -> Control Panel -> System -> Advanced System Settings -> Startup and Recovery Settings -> uncheck the "Write an event to the system log" box) then there won't be any memory dumps to view. Either that, or regularly check for memory dumps (file extension .dmp) and erase them. Besides, the encrypted volume has to be mounted in order for Elcomsoft to work. Why not just read the mounted volume?
3. If your PC is unattended and turned off, you have no hiberfile.sys and no TrueCrypt encrypted volumes are mounted, the Elcomsoft software does not work and TrueCrypt will protect your data so long as your password is sufficiently secure.


Excellent explanation.

Need some more help.

First, I am sending this Hard Disk to someone else, so if it gets stolen, would it be possible for someone else to retrieve any data from it ?

Even if the Hard Disk was in my PC & Volumes mounted, my upload speed really sucks ( Few Kbps only ) so it would take a long time to steal considerable amount of data, right ?

I do use Folder Lock to encrypt smaller very important files, so that would give me added protection, right ?

How about the hidden Volumes created by TrueCrypt ? Would that make it difficult to access them by Elcom software ?


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Tue Apr 16, 2013 10:26 pm 
Smithfield
Smithfield

Joined: Sun Jun 18, 2006 7:37 pm
Posts: 5064
If someone where to steal the hard drive, the average person wouldn't know about the encrypted drive. They would probably just format it the moment they find out there's "nothing" on it. Even if someone were to think there was an encrypted partition, the keys are not anywhere on the hard drive and therefore would have to spend pretty much forever brute force attacking the thing. And even if they got past the first layer of encryption only to find nothing and think there's a second layer, well, good luck.

That software can't figure out what's encrypted until you've actually supplied a password on the system.


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Wed Apr 17, 2013 8:32 pm 
8086
8086

Joined: Fri Mar 23, 2012 8:22 pm
Posts: 11
When you open the disk with Full encryption OR a Partition that is encrypted, is data now decrypted and act just like regular non encrypted data ?

Also if I copy some data from encrypted partion to another HDD or removable media, is that data in decrypted form & act like regular data ?


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Wed Apr 17, 2013 9:02 pm 
Smithfield
Smithfield

Joined: Sun Jun 18, 2006 7:37 pm
Posts: 5064
dan99t wrote:
When you open the disk with Full encryption OR a Partition that is encrypted, is data now decrypted and act just like regular non encrypted data ?

No. However, it's up for grabs whether the data read by the system and puts it in RAM is decrypted there, or is decrypted only when the CPU actually does something with it.

Quote:
Also if I copy some data from encrypted partion to another HDD or removable media, is that data in decrypted form & act like regular data ?

That data is decrypted.


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Thu Apr 18, 2013 3:18 am 
8086
8086

Joined: Fri Mar 23, 2012 8:22 pm
Posts: 11
LatiosXT wrote:
dan99t wrote:
When you open the disk with Full encryption OR a Partition that is encrypted, is data now decrypted and act just like regular non encrypted data ?

No. However, it's up for grabs whether the data read by the system and puts it in RAM is decrypted there, or is decrypted only when the CPU actually does something with it.

So if I opened an encrypted word file just to read or write to it, it could be stolen by hackers while I am reading it ?

If yes, encryption is useless during that time & my Firewall, Anti Malware or Antivirus can't protect me either ?


Top
  Profile  
 
 Post subject: Re: What is the safest way to protect data on a HDD ?
PostPosted: Thu Apr 18, 2013 5:44 am 
Smithfield
Smithfield

Joined: Sun Jun 18, 2006 7:37 pm
Posts: 5064
dan99t wrote:
So if I opened an encrypted word file just to read or write to it, it could be stolen by hackers while I am reading it ?

Yes.

Quote:
If yes, encryption is useless during that time & my Firewall, Anti Malware or Antivirus can't protect me either ?

You know what the best way of protecting yourself against outside threats is? Not being on any network. If you're that paranoid about someone stealing your data at the time you read it, turn off the Wi-Fi or unplug the cable.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group