Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.
Solved
Laptop Hard Drive Encryption
Posted on 2009-05-09
I am looking for a straightforward encryption solution for the hard drives I use with my Dell Precision M2400 laptop (with 64-bit Vista). I am using Intel Rapid Recover Technology (IRRT) to clone a full recovery disk, so in addition to my primary hard drive I will always have a backup clone of my entire system lying around. Since Dell laptops are designed to make the hard drives easily removable, I have two hard drives that are easily accessible if anyone wanted to get access to my data. I would like to protect my data, preferably in such a way that does not affect system performance too much AND also supports disaster recovery so that I am not left with a cloned recovery brick if the system fails or is stolen. I would also like to use my recovery drive occasionally as a slave drive on other systems when I need to transfer a lot of data.
So although my system supports TPM-based full disk encryption either through the Wave Systems software provided by Dell or through Bitlocker, if I understand how these work these do not provide any kind of disaster recovery capability or access to my data once the drive is removed from the system. The Wave Systems method is appealing since the disk locking feature is enabled once the system is powered down, so I am guessing does not affect performance while the system is running.
I am open to hardware-based solutions using RFID keys, smartcards or other creative ideas. Ideally I would like to find a clever software solution that is password based where it is possible to access the disk unlocking software when slaving the drive even if the data is encrypted. I remember looking at the spec for a Seagate Momentus encrypted hard drive, but if I recall correctly formatting the drive removed the encryption. Since IRRT wipes the data in order to create a recovery drive, I am not sure if these would be the answer.
So although my system supports TPM-based full disk encryption either through the Wave Systems software provided by Dell or through Bitlocker, if I understand how these work these do not provide any kind of disaster recovery capability or access to my data once the drive is removed from the system. The Wave Systems method is appealing since the disk locking feature is enabled once the system is powered down, so I am guessing does not affect performance while the system is running.
I am open to hardware-based solutions using RFID keys, smartcards or other creative ideas. Ideally I would like to find a clever software solution that is password based where it is possible to access the disk unlocking software when slaving the drive even if the data is encrypted. I remember looking at the spec for a Seagate Momentus encrypted hard drive, but if I recall correctly formatting the drive removed the encryption. Since IRRT wipes the data in order to create a recovery drive, I am not sure if these would be the answer.
5-
4
-
2
- +1
12 Comments
For the best disk protection short of encrypting your drive, enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, preventing access even if installed in another PC. A data-recovery service could likely still access your files since they're unencrypted. So remember that it's still possiblealthough quite difficultfor someone else to access the data.
See:
http://www.pcworld.com/businesscenter/blogs/bizfeed/158292/enable_bios_passwords_for_extra_security.html
See:
http://www.pcworld.com/businesscenter/blogs/bizfeed/158292/enable_bios_passwords_for_extra_security.html
How to password protect portable hard drive and other storage devices?
http://www.truecrypt.org/
http://www.magic2003.net/
http://www.truecrypt.org/
http://www.magic2003.net/
did you try safeboot? it's probably the most common one around, and it's now under the mcafee unbrella.
I agree with Michael-Best
Hard drive password is probably your best option.
For more protection add truecrypt in for a partial volume, and test everything !!
I hope this helps !
Hard drive password is probably your best option.
For more protection add truecrypt in for a partial volume, and test everything !!
I hope this helps !
Thanks for the suggestions. Although the BIOS hard drive password sounds interesting, one of my objectives is to be able to access the data on the protected drive (through a password, digital keys or other hardware solution, eg RFID or smartcards) when I have put it in an enclosure and use it as an external drive on another system. If I understand correctly, a BIOS password will prevent me from doing this. Am I right?
Not sure, how this works. It should work in another laptop PC, not sure about external access SATA, USB. There may be a work around via an HDD ATA program that will allow you to enter the BIOS PW.
"when I have put it in an enclosure and use it as an external drive on another system. If I understand correctly, a BIOS password will prevent me from doing this. Am I right?"
No
BIOS is a chip on the motherboard.
& only protects access to that system.
enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, password will enable access even if installed in another PC / external drive on another system.
No
BIOS is a chip on the motherboard.
& only protects access to that system.
enable the hard disk password. If this option is supported on your system, the password settings are stored on the disk itself, password will enable access even if installed in another PC / external drive on another system.
Thanks for the suggestions regarding HDD password protection. I have just been testing this. After setting a HDD password in the BIOS, I tried connecting the drive to another computer in a combo eSATA/USB enclosure. The good news is that when I connected the drive using eSATA the Intel Matrix Storage Manager Console was able to unlock it. So this means that this method will satisfy one of my key objectives, namely to protect the data on my IRRT Recovery Drive. Although it is not as secure as encryption, it does not consume anywhere near the same system resources as encryption and will be enough to protect my data from casual pryers, which is what I was looking for. So thank you.
The only problem remaining is that I cannot seem to access the drive when I connect it using USB. Since not all systems have eSATA ports this is an issue. The drive does not show up in Computer, and when I used disk management although the drive was recognized I received a message that it needed to be initialized before I could access it. Trying to initialize it generated a "cyclic redundancy check" data error (see attached screenshots).
SysExpert mentions above the possibility of using a HDD ATA program that will allow me to unlock the drive. Can anyone recommend one that can be easily downloaded onto any system in order to access a password protected drive via a USB port?
Disk-Management-Screenshot-1.JPG
Disk-Management-Screenshot-2.JPG
The only problem remaining is that I cannot seem to access the drive when I connect it using USB. Since not all systems have eSATA ports this is an issue. The drive does not show up in Computer, and when I used disk management although the drive was recognized I received a message that it needed to be initialized before I could access it. Trying to initialize it generated a "cyclic redundancy check" data error (see attached screenshots).
SysExpert mentions above the possibility of using a HDD ATA program that will allow me to unlock the drive. Can anyone recommend one that can be easily downloaded onto any system in order to access a password protected drive via a USB port?
Disk-Management-Screenshot-1.JPG
Disk-Management-Screenshot-2.JPG
Not sure there is one?
Will look.
You may just need to set HDD as inactive.
Use a disc tool such as "Paragon Partition Manager" http://www.paragon-software.com/business/hdm-server/ this is 30 day free trial to set drive as "inactive primary partition".
Will look.
You may just need to set HDD as inactive.
Use a disc tool such as "Paragon Partition Manager" http://www.paragon-software.com/business/hdm-server/ this is 30 day free trial to set drive as "inactive primary partition".
Hi there,
I agree that this question should be closed, and I am comfortable
with the points assigned.
Would it be possible for you to note the solution I listed in this
post: http://www.experts-exchange.com/Security/Misc/Q_24415382.html?
Thanks,
I agree that this question should be closed, and I am comfortable
with the points assigned.
Would it be possible for you to note the solution I listed in this
post: http://www.experts-exchange.com/Security/Misc/Q_24415382.html?
Thanks,
Please close this question and mention that I contacted the developer of Hard Disk Sentinel (http://www.hdsentinel.com/),
and he was able to write an app for me that unlocks password-
protected USB drives.
and he was able to write an app for me that unlocks password-
protected USB drives.
Featured Post
Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Looking for a way to avoid searching through large data sets for data that doesn't exist? A Bloom Filter might be what you need. This data structure is a probabilistic filter that allows you to avoid unnecessary searches when you know the data defin…
What is the biggest problem in managing an exchange environment today? It is the lack of backups, disaster recovery (DR) plan, testing of the DR plan or believing that it won’t happen to us.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target.
To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month4 days, 11 hours left to enroll
586 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.