Full disk encryption is the encoding of data that is placed on a disk, including programs that encrypt partitions on the operating systems. Partitions are used by some computer users as a way of dividing the storage space of a hard drive. Encryption scrambles the contents of a message or file so that it can only be read by someone who has access to the encryption key, which will unscramble the file. The goal of encrypting data is to prevent unwanted users from accessing the data stored on the drives of a computer. Full disk encryption will encrypt operating system files as well as temporary files, or basically, any and all files found on the disk that is being encrypted.
Since full disk encryption is usually software-based, it often excludes the master boot record, which is the first subdivided track of the hard disk. The master boot record can be encrypted as well if a hardware-based full disk encryption is used. Hardware-based disk encryption generates and stores encryption keys and user information within the drive hardware; therefore, this information is held independently from the operating system and the software. This adds further security against potential threats posed by attackers who can access the computer memory. Hardware-based encryption is also beneficial because it can be turned on indefinitely, meaning that the user does not have to remember to turn it on when required.
Different full disk encryption software provides a variety of factors. Free software programs, such as Comodo disk encryption, provide the basic levels of disk encryption with the benefit of not having to pay for them. With more advanced programs, security can be provided for different kinds of storage devices. One example of this is the full disk encryption program BitLocker, included as a part of Microsoft Windows 7. BitLocker offers security for internal hardware, as well as external hard drives and portable storage drives, such as USB flash drives.
There are several security certifications that can be obtained for software that provides full disk encryption, including FIPS 140-2 and Common Criteria EAL4. FIPS 140-2 stands for Federal Information Processing Standard, and is a security standard accredited by the American government to programs that use encryption. In contrast, Common Criteria EAL4 is an international standard for computer security.
For all of its ability to handle security threats, many full disk encryption programs can be attacked by a cold boot attack. In this situation, encryption keys are stolen by turning the computer off and then on, restarting the computer without the proper shut-down procedure. The attacker can then access the information when the memory information, or DRAM, is dumped to a file. Programs such as BitArmor offer full disk encryption that protects against cold boot attacks done during hibernation, after shutdown, as well as during sleep and screen-lock modes.