Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Laptop Hard Drive Encryption Questions

Posted on 2009-03-30
23
Medium Priority
?
3,192 Views
Last Modified: 2013-11-14
I am using a Dell laptop that comes supplied with a Broadcom Unified Security Hub/TPM and Wave Embassy Security Center softwared.  Embassy Security Center includes the Wave Trusted Drive Manager application for encrypting data on the internal hard drive.  Details follow:

TDM manages the hardware-based security functions of Trusted Drives. Trusted Drives have data encryption embedded in the drive hardware. This ensures that all data stored on the drive is encrypted all the time. TDM ensures that only authorized users can access encrypted data when drive locking is enabled.

The Trusted Drive security must be initialized to activate drive locking. An uninitialized Trusted Drive functions as a standard ATA drive. When Trusted Drive security is initialized,drive locking can be enabled or disabled. The default state of initialization is drive locking enabled.

Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.  
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009?  Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?

If the answer to the above two questions is No, can someone recommend an alternative for hard drive encryption that will allow me to have full access to the data, ie allow me to access the data when using the hard drive as an external drive and will allow me to backup/restore using Acronis.  
0
Comment
Question by:Kurvenal
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +7
23 Comments
 
LVL 4

Expert Comment

by:anvanster
ID: 24022587
I had a drive from Lenovo laptop with encryption enabled. When we took it out from laptop, we were unable to see anything on it, not using it as external drive, nor trying to do recovery for data with an expensive third party utilities. And we tried very hard.
I think encryption is also depended on HDD controller or some other laptop hardware...

If you use Acronis while HDD still inside laptop and you have access to its data, you can create an image and move it to a different machine.
0
 

Author Comment

by:Kurvenal
ID: 24022662
Did you have the encryption password and were still unable to access the data?
0
 
LVL 4

Expert Comment

by:anvanster
ID: 24022730
When drive was connected as external it was impossible to read from it. It was shown as empty drive.
Yes, we had the password.
Another thing, we also tried to fdisk it and erase partition. (gprted, acronis, windows fdisk) No luck.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 10

Expert Comment

by:aboo_s
ID: 24022957
Wait up guys, ABC of any encryption method is access to data when you have password.
So if you encrypt HD using some software Acronis for instance and you want to see data from another PC then this is very possible, of course  you have to install software on the other computer as well.

And extraction of an image from encrypted HD is also possible.
Otherwise this software would be a joke.

I am talking in general of course, but this should apply to any software for encryption.
And another thing, this kind of software uses an algorithm similar to DES which is platform independent, so there is no way that any hardware is a part of the encryption process.


Any way you can try encrypting a single folder and copying it to another pc and try opening it from there using the same software of encryption.  
0
 
LVL 4

Expert Comment

by:anvanster
ID: 24022995
Question was about hardware encryption, built in laptop. Not encryption in image creating process.
0
 
LVL 10

Expert Comment

by:aboo_s
ID: 24023026
if encryption is built in a chip then this is a whole other story!
We need the author to confirm that before we proceed!
0
 

Author Comment

by:Kurvenal
ID: 24023110
Confirm that I am talking about encryption built-in the laptop (see description in original question) using Wave Trusted Drive Manager.  I am considering uninstalling Wave security packages and using an alternative that would give me full functionality with my fingerprint reader (the Wave 64-bit application is a cut down version of their 32-bit version, with very limited functionality for fingerprint reader compared to the 32-bit version), so would be interested in a recommendation that would allow me to access the data using the encrypted drive as an external drive from another computer as long as I had the password.  
0
 
LVL 4

Expert Comment

by:anvanster
ID: 24023146
If you don't use built in HW for encryption but only Installed software it won't be a problem accessing HDD from another PC. The encryption software should be installed there also.
0
 
LVL 63

Expert Comment

by:SysExpert
ID: 24023224
Another option is to simply password protect the Hard drive ( no Encryption ) Via the BIOS.

This means that you can not access the drive until you put in the password, and even if removed, it will still require a password if put in a different machine.

May be sufficient for your needs.

   
I hope this helps !
0
 

Author Comment

by:Kurvenal
ID: 24023303
The BIOS password setting is interesting.  What would happen if I put the hard drive in an enclosure and tried to access it from another computer as an external drive?
0
 
LVL 4

Accepted Solution

by:
anvanster earned 400 total points
ID: 24023347
I can't say. Probably you wan't be able to access HDD. Unless that device has some kind of BIOS with HDD password protection or can emulate these settings.
0
 

Author Comment

by:Kurvenal
ID: 24023559
I am beginning to wonder if a software-based solution might give me the most flexibility as long as it did not sacrifice data security.  Can anyone recommend an application that would secure my data from someone who removed the hard drive from the laptop but would still allow me to access the data using a password if I put the drive in an enclosure and accessed it as an external drive from another system?
0
 
LVL 3

Expert Comment

by:stlbridge
ID: 24024175
Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.  

-  Yes, you can.

2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009?  Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?

- Yes, you can.  Acronis Universal Restore


My suggestion:
Live OS ran from optical drive

Connects to remote server via SSH

Uses terminal services / VNC to operate remote environment that contains encrypted data.

There are other ways, brother.
0
 
LVL 4

Expert Comment

by:anvanster
ID: 24024247
There are many solutions.
http://www.steganos.com/us/products/data-security/privacy-suite/overview/ - leader on my opinion
http://www.ezlockdown.com/Home.aspx
www.dekart.com/products/encryption/private_disk/

All of them allow trial downloads. Just choose the right one for you.
0
 
LVL 10

Assisted Solution

by:aboo_s
aboo_s earned 400 total points
ID: 24025496
Windows Vista has an encryption system built in that you can use.

or you can use the same software available from Microsoft with windows XP
or you can download any of the many encryption programs on the web, such as this:
http://www.cp-lab.com/filecrypt/


0
 
LVL 9

Expert Comment

by:gtkfreak
ID: 24026044
You could try truecryt. You could use Volume or file/container based encryption with it. Truecrypt is freeware. Alternatively, if you use Linux, you could set up your system with encryption and on boot, you will be asked to enter a password. For Windows systems, Truecrypt should work just fine. By the way, truecrypt is a cross-platform tool.
0
 
LVL 1

Assisted Solution

by:RecoveryMan
RecoveryMan earned 400 total points
ID: 24032263
Answer to original two questions is No. Newer encription is based on a pssword and unique hardware values, the whole design is based upon not having access when the drive is removed. Creating an image on a sector or bit level will not allow access to data, just the encripted blocks. Suggest creating a secure volume using truecrypt (its free and very secure), not the entire drive, and then running the trucrypt application to gain access to the volume by typing in the correct password. This will work regardless of what the drive is attached to.
Good Luck
0
 

Author Comment

by:Kurvenal
ID: 24033404
Thanks to everyone for their suggestions, which I will review in detail.  I am already using TrueCrypt, which I think is a great application, but I was hoping for a more automated solution.  Out of curiosity, does anyone have experience with the Windows Vista BitLocker Drive Encryption feature?  If so, I would be interested in hearing of advantages and disadvantages with this.
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 200 total points
ID: 24033726
Regarding BIOS password on the HD,

even if removed, the password is required to access any data.

0
 
LVL 8

Assisted Solution

by:MrMintanet
MrMintanet earned 200 total points
ID: 24034543
If I really wanted to be anonymous and free of worry, I'd do this:

BIOS Password using fingerprint biometrics-> NO HARD DISK INSTALLED -> LiveCD OS -> REMOVABLE USB WiFi to net -> IKE over VPN -> Firewall/Router Filter USB WiFi MAC Address -> TrueCrypt ->  Terminal Server -> 128 bit encrypted RAR -> Putty.exe ->  Putty SSH over VNC  -> FileVault -> Mac OSX Workstation-> FileVault ->Removable USB thumbdrive -> 256 bit AES encrypted -> disk image -> 128bit AES -> Password Protected Archive -> Password protected Microsoft Office documents -> Codes to the nukes

I would also do the following to cause slow the attacker just a tad bit more:

Windows Terminal Server:
Terminal Server will appear to be configured to be something simple, such as a print server that was accidentally broadcast to the internet.
Terminal Server will be setup on a Virtual Machine, and have several other "mock" servers connected as well.  These other servers will not trust the "Print Server"
Encrypted Archive containing putty.exe will be stored in a hidden folder that is constantly modified, such as System32 print driver folder
Terminal Server's purpose is so appear as "low hanging fruit that is easy for picking", thus creating the illusion of vulnerability and also an easy method of viewing "hackers" in action.
Terminal Server will not use Administrator as user name and password for the password to ensure the "low fruit" is recognized.
Terminal Server will only open port 3389 will be available.  All other ports are closed to the WAN.
Random photo folder (cats being silly, demotivational posters, etc.) will be placed on Terminal Server desktop in last attempt to keep hacker logged on long enough.

Use a minimum of 12 characters per password using special characters only accessible using multiple keys (ie.  user name:  ÐÆß) This would be Unicode character set.

All archives and images will have the file extension altered to .tmp and marked as hidden.

When I started writing this, I had no intention of making it this long.  I guess my creativity started flowing!
0
 
LVL 9

Assisted Solution

by:gtkfreak
gtkfreak earned 200 total points
ID: 24035711
Truecrypt also has great command line options. You can explore them. Do read the manual, if you have not done so yet.
0
 
LVL 34

Assisted Solution

by:Michael-Best
Michael-Best earned 200 total points
ID: 24041660
Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.  
Yes
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009?  Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?
Yes

The best
HDD health with http://www.hdsentinel.com/dl.php
will give you due warnings about HDD health / backup, etc.  
If you buy full version it will show HDD life expectancy too.
Data is precious, HDD life expectancy too.
HDD failure is the greatest cause of data loss.


0
 

Expert Comment

by:ccarey1
ID: 35354631
Yes you can....
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The business world is becoming increasingly integrated with tech. It’s not just for a select few anymore — but what about if you have a small business? It may be easier than you think to integrate technology into your small business, and it’s likely…
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question