Computer Forensics and Self-Encrypting Drives

In my last blog on computer forensics I addressed the question: does software Full Disk Encryption (FDE) Thwart Computer Forensics?   To recap, a software encrypted drive could prevent effective forensics. However, if you have enterprise key management and forensics software that can interface with it to get the media encryption key (MEK) then it doesn’t have to be any more challenging than doing forensics on an unencrypted drive.

Does Full Disk Encryption Software Thwart Computer Forensics

First, what is Computer Forensics?   According to Wikipedia, , Computer forensics is, “a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.”   In short it is like data recovery, but with additional guidelines and practices designed to create a legal audit trail” that could be used in court if need be.