We call this chapter “Encryption of operating system or hard disk drive” as this expression can be interpreted differently. Encrypting an operating system doesn’t always mean full disk encryption as the hard disk may have a few operating systems. You may also happen to have a few hard disks…
To avoid confusion here, the majority of users would see disk encryption and system encryption as two synonymous definitions. The term “full disk encryption” or “whole disk encryption” signifies the encryption of the entire disk, including the operating system and system files.
This course caters to people with all levels of technical knowledge so I would like to give you a clear example of how encryption of hard disk with operating system works.
Without encryption your hard drive resembles a box with data that can be retrieved by anyone if this person gains physical access to it. But unlike the real box, this perpetrator can find the files that have been deleted or stored on it before. That is why law enforcement would seize and tag a hard drive, then send it to a lab where the computer forensic experts will proceed to extract the information stored on it.
You can find similar offers on the Internet:
Comprehensive encryption can’t prevent unauthorized access to the “box”, however, the perpetrator will see instead not the documents he targeted but a set of shredded paper useless even for forensic experts.
MythI already use encrypted file-hosted volumes to store my sensitive data. Therefore, I don’t have to use full disk encryption.
FactWell, you still have to. Full disk encryption protects all the files of the system: system files, home directory, temporary files, swap file, deleted information.
All modern operating systems come with a built-in hard disk encryption capability. In some cases it is recommended you use alternate tools – you are going to learn about them in the next sections of this chapter.
Of course, in this introduction we are dispelling another common security related myth.
MythEncryption of operating systems or comprehensive encryption of hard disk can be easily defeated.
FactNowadays proper encryption and secure storage of your key make defeating an encrypted hard disk impossible.
This myth is mainly perpetuated by the users who make rash conclusions. For instance, even macOS by default offers to keep the encryption key in the cloud storage iCloud if you choose to make comprehensive hard disk encryption. Of course, you shouldn’t do that, just as you wouldn’t want to use a simple password or fingerprint when entering the system. In the final chapter of this part, we will dwell on two ways of defeating an encrypted disk.
If you an ardent enthusiast of new technologies, I have to point out the fact that it is extremely easy to overpower you and press your finger to a sensor. So if breaking the encryption of your disk is as easy as putting a finger to the sensor, you can hardly call such encryption unbreakable, can’t you?
Suppose, there are Peter and Jack. Peter chose to use full disk encryption while Jack didn’t. One day Peter and Jack’s premises were invaded by some perpetrators who seized their hard drives and equipment. All Jack’s data, his browser history, correspondence, documents were accessed within twenty-four hours in a lab while Peter’s hard disk remained undefeated.
Well, I lied to you, Peter’s finger was accidentally caught by the door so the pain he endured made him give up the password, but that would be a completely different story. To protect yourself against such attacks, take advantage of our solution – emergency data erasure system.
Let’s look at a slightly different situation. Peter and Jack had their laptops stolen from them by their competitors. All Jack’s data were extracted: a history of visited sites and viewed videos, passwords, deleted files, correspondence, personal and family photos. The competitors discovered that he favors gay adult content and interacts with young men. While Peter had full disk encryption and the only inconvenience he endured was buying a new laptop.
Peter and Jack lost their laptops, and, unfortunately, they fell into some scammers’ lap. They extracted all the data from Jack’s laptop and discovered his cheatings with men on his wife. They started blackmailing hi