[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Full-disc encryption is too good, complain CSI teams


By Paul Marks
senior technology correspondent
New Scientist
18 November 2011

Full-disc encryption is good at keeping your computer secure. So good, in fact, that it's got digital CSI teams tearing their hair out.

Computer security engineers, including a member of the US Computer Emergency Response Team, are complaining in a research paper this week that crooked bankers, terrorists and child abusers may be getting away with crimes because it is proving impossible for digital investigators to unlock their encrypted hard drives. As New Scientist related in February, full-disc encryption is a major consumer security leap. It scrambles everything on a drive when you turn off your computer, time out or log out. But the flipside, of course, is consternation for some crime fighters.

The authors of the paper say they face four major problems. First, forensics don't always realise FDE is running on an evidence-carrying computer and turn it off - so all is lost. Second, when officers copy a disc for analysis not realising it is FDE-encrypted, teams waste hours of valuable crime lab time trying to make sense of gobbledegook. Third, plugging in analysis hardware can trigger a trusted-hardware-only rule to encrypt everything. Fourth, some US suspects plead the fifth amendment and refuse to give their passphrases, while others lie and give the wrong one, claiming the FDE had failed or that they must have forgotten the passphrase.

To cope with the FDE era, the US CERT-led team want improved scene-of-crime routines and better preparation of search warrants. Their conclusion is somewhat hopeless however:


Subscribe to InfoSec News - www.infosecnews.org