[SATLUG] Drive Encryption

[Sean Carolan]

> If so, are fully encrypted drives immune to
> the EnCase search methods?

If you are using FDE (full drive encryption) with a good cipher such
as AES, and a strong passphrase or encryption key there should be
virtually no way for EnCase to extract any useful data from the
volume.

> What do you recommend for encrypting our
> sensitive data so that not even software like EnCase can pull data from our
> servers.  What would you recommend so that we can still be able to search
> employee computers with EnCase if we suspect something bad?

Truecrypt (www.truecrypt.org) is easy to use and free and ought to
prevent EnCase from seeing any data.  To answer your second question -
have an administrator keep a copy of the encryption keys in a locked
safe.  That way you can still get to the data even if an employee
quits or is fired.