Forums
Main Category
General (Technical,...
Secure the image - ...
 
Notifications
Clear all

Secure the image - Encryption

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by jeffcaplan 16 years ago
12 Posts
10 Users
0 Reactions
1,005 Views
RSS
jimmy
 jimmy
(@jimmy)
Eminent Member
Joined: 18 years ago
Posts: 47
Topic starter 05/03/2009 6:12 pm  

Is there any known way of encrypting an image so that except for the authorized users no one can access the image?

It is also of great concern when you want to ship an image to different city or country, while image is not encrypted…


   
Quote
 cymru100
(@cymru100)
Eminent Member
Joined: 18 years ago
Posts: 21
05/03/2009 6:56 pm  

Why not encrypt the drive that holds the image?

TrueCrypt works well and is supported by Windows, Linux and Mac OS X.

D


   
ReplyQuote
 cookie272
(@cookie272)
Active Member
Joined: 17 years ago
Posts: 5
05/03/2009 7:16 pm  

Would this not cause a problem with evidentail integrity? Surely encryption could be classed as altering the original evidence, and cause problems in court? Also, if you were to use it and it went to court, explaing the encryption alrogithm used to a jury would be very, very difficult.


   
ReplyQuote
 BitHead
(@bithead)
Noble Member
Joined: 20 years ago
Posts: 1206
05/03/2009 7:40 pm  

Would this not cause a problem with evidentail integrity?

I am not sure how. Do you have to explain to a jury that the drive is NTFS formatted? How the drive that contains the image is setup really has little to do with an image or the integrity of the image.


   
ReplyQuote
 Rich2005
(@rich2005)
Honorable Member
Joined: 19 years ago
Posts: 541
05/03/2009 7:41 pm  

There is no problem with this, it's frequently used for jobs that go through court, and you can prove there is no alteration with your usual integrity checks such as md5/CRC.


   
ReplyQuote
 gtorgersen
(@gtorgersen)
Trusted Member
Joined: 17 years ago
Posts: 70
05/03/2009 8:58 pm  

ICS has a product that will encrypt disk images during the aquisition. I have not personally tried it myself but I have had luck in dealings with the company before. But as a cost effective way of encrypting an image it doesnt get much cheaper than free with TrueCrypt.


   
ReplyQuote
 Keith
(@keith)
Active Member
Joined: 17 years ago
Posts: 8
05/03/2009 9:59 pm  

From my perspective using encrypted disks to transfer the images should not cause any problem in court. You can still use integrity of the images using CRC/MD5 or SHA-1 hash check.

Regards
Keith


   
ReplyQuote
 kovar
(@kovar)
Prominent Member
Joined: 18 years ago
Posts: 805
05/03/2009 10:13 pm  

Good morning,

At my previous firm, we used TrueCrypt for all evidence drives. Any field collection was done to an encrypted volume on the collection drive. Any drives shipped off site had an encrypted volume containing the image files.

The volumes were formatted with NTFS - it's just another NTFS file system. There should be no problem explaining this in court at all.

-David


   
ReplyQuote
 pbeardmore
(@pbeardmore)
Reputable Member
Joined: 18 years ago
Posts: 289
05/03/2009 11:09 pm  

Interesting thread.
Are there any labs out there that would use Truecrypt as a matter of default for all drives that store images, not only those that leave the lab?


   
ReplyQuote
jimmy
 jimmy
(@jimmy)
Eminent Member
Joined: 18 years ago
Posts: 47
Topic starter 06/03/2009 9:53 am  

Hey thanks for all those wonderful input…

I have one more line to add, what if you are using Solo to image a suspect machine, if I am not mistaken an encryption will not work on complete drive as Solo uses FAT file system not NTFS….

I know the alter native would be to transfer the files onto another harddrive which has encryption but then thats twice the work and time….

any inputs on this…


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: