What are the security implications of a drive that is partially encrypted
Question: What are the security implications of distributing a drive that has not completed the initial encryption
On a normal NTFS partition, all data is stored in "plain text." After you install EP Hard Disk or EA Hard Disk, and encrypt the partition, the plain text is run through an encryption algorithm (AES) and turned into "cipher text." This means that the data on the drive is unintelligible unless you have the workstation encryption key that was used to encrypt the data. This key is accessed when the user enters their password at the login prompt for either EP Hard Disk or EA Hard Disk.
Of course, this transformation from "plain text" to "cipher text" does not happen instantaneously. Each sector of the hard drive must be read, put into the encryption algorithm, and rewritten to the hard drive as cipher text. Depending on the speed of the computer hardware and the options chosen during initial setup of EP Hard Disk,this process can take between minutes and days.
So what happens if the computer is distributed to the user before initial encryption has completed? When you try to view the partially encrypted partition in a different installation of Windows, it prompts you to format the drive. This defeats the low-skilled attacker. But this is only because Windows is not attempting to recover your data; it is only attempting to make use of the drive.
In reality, part of your data is still stored in plain text. An attacker merely needs to know which tool to use to access this portion of the plain text. A very basic tool is a "hex editor." It will read the raw ones and zeros from a file and output them to your screen. There are more sophisticated tools,such as "GetDataBack" which attempt to automate this process of making sense of these ones and zeros.
So, let us take the scenario of a user that has recently received a new workstation. The machine is at 2% encryption, and the user quickly copies a 1MB text file to the hard disk. She then shuts the computer down and goes away.
There is no guarantee that this data was encrypted as it was being written to the hard disk. Only after initial encryption is complete, is all data encrypted as it is written to the hard disk. So if someone were to steal the laptop before she turns it back on and completes initial encryption, he would be able to potentially view data in plain text if the data is stored on a sector that has not yet been encrypted.
Imported Document ID: TECH151280
Subscribing will provide email updates when this Article is updated. Login is required.