Full disk encryption encodes all data on a disk, including operating system files and temporary files, to prevent unauthorized access. It can be software or hardware-based and provides different levels of security. Some programs can be attacked by cold boot attacks, but others offer protection against them.
Full disk encryption is the encryption of data that is placed on a disk, including programs that encrypt partitions on operating systems. Partitions are used by some computer users as a way to divide up the storage space of a hard drive. Encryption encodes the contents of a message or file so that it can only be read by someone who has access to the encryption key, who will then decrypt the file. The goal of data encryption is to prevent unwanted users from accessing data stored on a computer’s drives. Full disk encryption will encrypt operating system files as well as temporary files, or basically all files found on the disk being encrypted.
Because full-disk encryption is usually software-based, it often bypasses the master boot record, which is the first partitioned track of the hard drive. The MBR can also be encrypted if hardware-based full-disk encryption is used. Hardware-based disk encryption generates and stores encryption keys and user information within the drive hardware; therefore, this information is maintained independently of the operating system and software. This adds extra security against potential threats posed by attackers who can access your computer’s memory. Hardware-based encryption is also advantageous because it can be turned on indefinitely, meaning the user doesn’t have to remember to turn it on when prompted.
Different full disk encryption software provides a variety of factors. Free software programs, such as Comodo Disk Encryption, provide basic levels of disk encryption with the added bonus of not having to pay for them. With more advanced programs, you can provide security for different types of storage devices. An example of this is the BitLocker full disk encryption program, which is included as part of Microsoft Windows 7. BitLocker provides security for internal hardware, as well as external hard drives and portable storage drives, such as USB flash drives.
There are several security certifications that can be obtained for software that provides full disk encryption, including FIPS 140-2 and Common Criteria EAL4. FIPS 140-2 stands for Federal Information Processing Standard and is a security standard accredited by the US government for programs that use cryptography. In contrast, Common Criteria EAL4 is an international standard for computer security.
For all its ability to handle security threats, many full disk encryption programs can be attacked by a cold boot attack. In this situation, encryption keys are stolen by turning the computer off and on again, restarting the computer without the proper shutdown procedure. The attacker can then access the information when memory information, or DRAM, is downloaded to a file. Programs like BitArmor offer full disk encryption that protects against cold boot attacks performed during hibernation, after shutdown, as well as during sleep and screen lock modes.
Protect your devices with Threat Protection by NordVPN
