Question

Discuss whole disk encryption and its impact on the DF field. What can you do to counteract WDE?

Answer 1

Whole disk encryption :-

Sensitive data is protected by encryption, whether it is in your laptop or across the Internet in an e-mail. The methods and sophistication of encryption techniques have varied throughout history, the core concept has always been the same.

With whole disk encryption, all data is protected including the operating system, as well as other external drives. Whole disk encryption is like taking a disk drive and coating it with a layer of impenetrable paint. Everything on the drive is soaked with encryption. Even the files you may not know about that keep exact copies of data that you've been working on, such as temporary files are encrypted.

Because everything is encrypted, including the operating system, with your personal passphrase you have to first unlock before you can even start or boot up your computer. This preboot authentication before system startup provides a way to keep out the data thieves. Even if an encrypted disk drive is removed from one computer and installed in another, the preboot authentication screen always appears and asks for the passphrase, stopping unauthorized users in their tracks.

Impact of whole disk encryption on DF field :-

The use of encryption technology to protect computer data is growing and that fact presents a challenge for forensic investigators. Without a decryption key, forensic tools cannot be used to find digital evidence. If a hard drive is fully encrypted, we have no easy access to the stored data and our investigative options become limited. The first thing an investigator must do is to determine the level and extent of the encryption.

The impact of whole disk encryption on digital forensics(DF) is significant, and may adversely affect the ability to create a forensically sound duplicate of a hard drive or to recover intelligible information useful to an investigation.

Counteract of WDE :-

As we know that whole disk encryption is a great way to protect data but If a user loses his password that grants access to the encrypted system, he has no access to his data at all.

May be( or not) the factory data reset may help you out in this situation but this may sometimes lead to lost of valuable data which is necessary for you.

So, if you lost your passphrase this may be very difficult to fetch your data back from the encrypted WDE system.