It has been awhile since I last wrote about computer forensics and encryption so it is time for an update.
First, what is Computer Forensics? According to Wikipedia, Computer forensics is, “a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.” In short it is like data recovery, but with additional guidelines and practices designed to create a legal “audit trail” that could be used in court if need be.
Computer forensics has changed significantly in the last 5 years. Investigators in government institutions, as well as corporate computer forensic investigators, have experienced growing difficulty gathering relevant data as the sophistication and adoption rates of encryption techniques increased. This is exacerbated by the number of techniques that occur across operating systems, from PC to MAC to iOS. Also encryption has been used in nefarious ways with the recent ransomware attacks in the news. One of the compelling factors driving this increase is clearly related to the number of organized cyber-attacks on large public institutions that revealed copious personal data, emails, internal corporate communications, health information, financial information and ultimately anything else that could be of value on the black market.
So can FDE (Full Disk Encryption) interfere with computer forensics? Absolutely, if the disk is fully encrypted with AES software and the media encryption key (MEK) is protected with a really hard to guess password or multifactor authentication, forensic investigators will have an insurmountable challenge to overcome. However, an enterprise can maintain the ability to perform computer forensics AND protect the confidentiality of their data with FDE if they have good key management and capable forensic tools.
That is why WinMagic recently collaborated with AccessData to enable SecureDoc and AD Enterprise 6.5.1 to work together to ensure you complete your Cyber, HR, Legal or Compliance Investigations in a timely manner.
“AccessData recognizes the importance of both encryption and quickly completing your investigations in a corporate setting. AccessData collaborated with WinMagic to add support for SecureDoc due to the complement of capabilities offered that match up with our corporate investigation tool. Serving similar client bases allows us to ultimately make our mutual customers lives easier.” said Tod Ewasko, Director, Product Management, AccessData.
While encryption is crucial to protect a company’s digital data confidentiality, it can impede an investigation if the encrypted data is inaccessible. Compatible offerings, like what we can provide with the partnership between WinMagic and AccessData, helps ensure an organization’s confidential data remains secure, while enabling access when necessary for conducting a forensic investigation.