Solved

Laptop Hard Drive Encryption Questions

Posted on 2009-03-30
23
3,095 Views
Last Modified: 2013-11-14
I am using a Dell laptop that comes supplied with a Broadcom Unified Security Hub/TPM and Wave Embassy Security Center softwared.  Embassy Security Center includes the Wave Trusted Drive Manager application for encrypting data on the internal hard drive.  Details follow:

TDM manages the hardware-based security functions of Trusted Drives. Trusted Drives have data encryption embedded in the drive hardware. This ensures that all data stored on the drive is encrypted all the time. TDM ensures that only authorized users can access encrypted data when drive locking is enabled.

The Trusted Drive security must be initialized to activate drive locking. An uninitialized Trusted Drive functions as a standard ATA drive. When Trusted Drive security is initialized,drive locking can be enabled or disabled. The default state of initialization is drive locking enabled.

Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.  
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009?  Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?

If the answer to the above two questions is No, can someone recommend an alternative for hard drive encryption that will allow me to have full access to the data, ie allow me to access the data when using the hard drive as an external drive and will allow me to backup/restore using Acronis.  
0
Comment
Question by:Kurvenal
  • 6
  • 5
  • 3
  • +7
23 Comments
 
LVL 4

Expert Comment

by:anvanster
Comment Utility
I had a drive from Lenovo laptop with encryption enabled. When we took it out from laptop, we were unable to see anything on it, not using it as external drive, nor trying to do recovery for data with an expensive third party utilities. And we tried very hard.
I think encryption is also depended on HDD controller or some other laptop hardware...

If you use Acronis while HDD still inside laptop and you have access to its data, you can create an image and move it to a different machine.
0
 

Author Comment

by:Kurvenal
Comment Utility
Did you have the encryption password and were still unable to access the data?
0
 
LVL 4

Expert Comment

by:anvanster
Comment Utility
When drive was connected as external it was impossible to read from it. It was shown as empty drive.
Yes, we had the password.
Another thing, we also tried to fdisk it and erase partition. (gprted, acronis, windows fdisk) No luck.
0
 
LVL 10

Expert Comment

by:aboo_s
Comment Utility
Wait up guys, ABC of any encryption method is access to data when you have password.
So if you encrypt HD using some software Acronis for instance and you want to see data from another PC then this is very possible, of course  you have to install software on the other computer as well.

And extraction of an image from encrypted HD is also possible.
Otherwise this software would be a joke.

I am talking in general of course, but this should apply to any software for encryption.
And another thing, this kind of software uses an algorithm similar to DES which is platform independent, so there is no way that any hardware is a part of the encryption process.


Any way you can try encrypting a single folder and copying it to another pc and try opening it from there using the same software of encryption.  
0
 
LVL 4

Expert Comment

by:anvanster
Comment Utility
Question was about hardware encryption, built in laptop. Not encryption in image creating process.
0
 
LVL 10

Expert Comment

by:aboo_s
Comment Utility
if encryption is built in a chip then this is a whole other story!
We need the author to confirm that before we proceed!
0
 

Author Comment

by:Kurvenal
Comment Utility
Confirm that I am talking about encryption built-in the laptop (see description in original question) using Wave Trusted Drive Manager.  I am considering uninstalling Wave security packages and using an alternative that would give me full functionality with my fingerprint reader (the Wave 64-bit application is a cut down version of their 32-bit version, with very limited functionality for fingerprint reader compared to the 32-bit version), so would be interested in a recommendation that would allow me to access the data using the encrypted drive as an external drive from another computer as long as I had the password.  
0
 
LVL 4

Expert Comment

by:anvanster
Comment Utility
If you don't use built in HW for encryption but only Installed software it won't be a problem accessing HDD from another PC. The encryption software should be installed there also.
0
 
LVL 63

Expert Comment

by:SysExpert
Comment Utility
Another option is to simply password protect the Hard drive ( no Encryption ) Via the BIOS.

This means that you can not access the drive until you put in the password, and even if removed, it will still require a password if put in a different machine.

May be sufficient for your needs.

   
I hope this helps !
0
 

Author Comment

by:Kurvenal
Comment Utility
The BIOS password setting is interesting.  What would happen if I put the hard drive in an enclosure and tried to access it from another computer as an external drive?
0
 
LVL 4

Accepted Solution

by:
anvanster earned 100 total points
Comment Utility
I can't say. Probably you wan't be able to access HDD. Unless that device has some kind of BIOS with HDD password protection or can emulate these settings.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Kurvenal
Comment Utility
I am beginning to wonder if a software-based solution might give me the most flexibility as long as it did not sacrifice data security.  Can anyone recommend an application that would secure my data from someone who removed the hard drive from the laptop but would still allow me to access the data using a password if I put the drive in an enclosure and accessed it as an external drive from another system?
0
 
LVL 3

Expert Comment

by:stlbridge
Comment Utility
Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.  

-  Yes, you can.

2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009?  Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?

- Yes, you can.  Acronis Universal Restore


My suggestion:
Live OS ran from optical drive

Connects to remote server via SSH

Uses terminal services / VNC to operate remote environment that contains encrypted data.

There are other ways, brother.
0
 
LVL 4

Expert Comment

by:anvanster
Comment Utility
There are many solutions.
http://www.steganos.com/us/products/data-security/privacy-suite/overview/ - leader on my opinion
http://www.ezlockdown.com/Home.aspx
www.dekart.com/products/encryption/private_disk/

All of them allow trial downloads. Just choose the right one for you.
0
 
LVL 10

Assisted Solution

by:aboo_s
aboo_s earned 100 total points
Comment Utility
Windows Vista has an encryption system built in that you can use.

or you can use the same software available from Microsoft with windows XP
or you can download any of the many encryption programs on the web, such as this:
http://www.cp-lab.com/filecrypt/


0
 
LVL 9

Expert Comment

by:gtkfreak
Comment Utility
You could try truecryt. You could use Volume or file/container based encryption with it. Truecrypt is freeware. Alternatively, if you use Linux, you could set up your system with encryption and on boot, you will be asked to enter a password. For Windows systems, Truecrypt should work just fine. By the way, truecrypt is a cross-platform tool.
0
 
LVL 1

Assisted Solution

by:RecoveryMan
RecoveryMan earned 100 total points
Comment Utility
Answer to original two questions is No. Newer encription is based on a pssword and unique hardware values, the whole design is based upon not having access when the drive is removed. Creating an image on a sector or bit level will not allow access to data, just the encripted blocks. Suggest creating a secure volume using truecrypt (its free and very secure), not the entire drive, and then running the trucrypt application to gain access to the volume by typing in the correct password. This will work regardless of what the drive is attached to.
Good Luck
0
 

Author Comment

by:Kurvenal
Comment Utility
Thanks to everyone for their suggestions, which I will review in detail.  I am already using TrueCrypt, which I think is a great application, but I was hoping for a more automated solution.  Out of curiosity, does anyone have experience with the Windows Vista BitLocker Drive Encryption feature?  If so, I would be interested in hearing of advantages and disadvantages with this.
0
 
LVL 63

Assisted Solution

by:SysExpert
SysExpert earned 50 total points
Comment Utility
Regarding BIOS password on the HD,

even if removed, the password is required to access any data.

0
 
LVL 8

Assisted Solution

by:MrMintanet
MrMintanet earned 50 total points
Comment Utility
If I really wanted to be anonymous and free of worry, I'd do this:

BIOS Password using fingerprint biometrics-> NO HARD DISK INSTALLED -> LiveCD OS -> REMOVABLE USB WiFi to net -> IKE over VPN -> Firewall/Router Filter USB WiFi MAC Address -> TrueCrypt ->  Terminal Server -> 128 bit encrypted RAR -> Putty.exe ->  Putty SSH over VNC  -> FileVault -> Mac OSX Workstation-> FileVault ->Removable USB thumbdrive -> 256 bit AES encrypted -> disk image -> 128bit AES -> Password Protected Archive -> Password protected Microsoft Office documents -> Codes to the nukes

I would also do the following to cause slow the attacker just a tad bit more:

Windows Terminal Server:
Terminal Server will appear to be configured to be something simple, such as a print server that was accidentally broadcast to the internet.
Terminal Server will be setup on a Virtual Machine, and have several other "mock" servers connected as well.  These other servers will not trust the "Print Server"
Encrypted Archive containing putty.exe will be stored in a hidden folder that is constantly modified, such as System32 print driver folder
Terminal Server's purpose is so appear as "low hanging fruit that is easy for picking", thus creating the illusion of vulnerability and also an easy method of viewing "hackers" in action.
Terminal Server will not use Administrator as user name and password for the password to ensure the "low fruit" is recognized.
Terminal Server will only open port 3389 will be available.  All other ports are closed to the WAN.
Random photo folder (cats being silly, demotivational posters, etc.) will be placed on Terminal Server desktop in last attempt to keep hacker logged on long enough.

Use a minimum of 12 characters per password using special characters only accessible using multiple keys (ie.  user name:  ÐÆß) This would be Unicode character set.

All archives and images will have the file extension altered to .tmp and marked as hidden.

When I started writing this, I had no intention of making it this long.  I guess my creativity started flowing!
0
 
LVL 9

Assisted Solution

by:gtkfreak
gtkfreak earned 50 total points
Comment Utility
Truecrypt also has great command line options. You can explore them. Do read the manual, if you have not done so yet.
0
 
LVL 34

Assisted Solution

by:Michael-Best
Michael-Best earned 50 total points
Comment Utility
Questions:
1) Can someone who has used this advise whether if I remove the hard drive I can access the data as an external drive on another computer as long as I have the encryption password.  
Yes
2) Will I be able to take an image of an encrypted hard drive using Acronis True Image Home 2009?  Will I be able to restore the image to another hard drive in case of failure of the original encrypted hard drive?
Yes

The best
HDD health with http://www.hdsentinel.com/dl.php
will give you due warnings about HDD health / backup, etc.  
If you buy full version it will show HDD life expectancy too.
Data is precious, HDD life expectancy too.
HDD failure is the greatest cause of data loss.


0
 

Expert Comment

by:ccarey1
Comment Utility
Yes you can....
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Are you looking to recover an email message or a contact you just deleted mistakenly? Or you are searching for a contact that you erased from your MS Outlook ‘Contacts’ folder and now realized that it was important.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial will teach you how to reformat your flash drive. Sometimes your flash drive may have issues carrying files so this will completely restore it to manufacturing settings. Make sure to backup all files before reformatting. This w…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now