Presentation on theme: "This presentation will take a look at to prevent your information from being discovered by and investigator."— Presentation transcript:
This presentation will take a look at to prevent your information from being discovered by and investigator.
BitLocker BCWipe PD-8700 Hard Drive Degausser & Physical Hard Drive Destroyer
BitLocker Drive Encryption is a data protection feature available in Windows Enterprise and Ultimate for client computers and in Windows Server BitLocker is Microsoft's response to a frequent customer request: address these very real threats of data theft or disclosure from lost, stolen or inappropriately decommissioned PC hardware with a tightly integrated solution in the Windows Operating System.
BitLocker provides both mobile and office enterprise information workers with enhanced data protection should their systems be lost or stolen and secure data deletion when it comes time to decommission those assets. Not to mention preventing investigators from accessing your data. BitLocker enhances data protection by bringing together two major sub-functions: drive encryption and the integrity checking of early boot components.
Strengths Drive encryption protects data by preventing unauthorized users from breaking Windows file and system protection on lost, stolen or inappropriately decommissioned computers. This protection is achieved by encrypting the entire Windows volume; with BitLocker all user and system files are encrypted including the swap and hibernation files. Integrity checking the early boot components helps to ensure that data decryption is performed only if those components appear unmolested and that the encrypted drive is located in the original computer.
Weaknesses BitLocker is limited to Windows Server 2008, Windows Enterprise and Ultimate Operating Systems
The Dooping BitLocker prevents data from being retrieved from the hard disk once the disk has been removed from it’s original host machine.
BCWipe TM data wiping software enables you to permanently delete selected files so that they can never be recovered or undeleted. BCWipe embeds itself within Windows and can be activated from the Explorer FILE Menu OR from the context (right-click) menu OR from BCWipe Task Manager OR from a command-line prompt.
Strengths Destroys all contents of the whole hard drive, including boot records and operating system files. Delete with wiping Using this command, which is available in the context menus of the 'My computer' window, you can delete and wipe a file, a folder, or a group of files and folders. Wipe free disk space Using this command, available in the context menus of the 'My computer' window, you can completely and permanently remove all traces of previously deleted files. Wipe Swap File The swap file is a Windows system file that is used for virtual memory support. If you are working on a file or document (even one that has been encrypted), Windows will copy all or part of it in an open unencrypted form to the swap file on your hard disk. Encryption keys, passwords, and other sensitive information can also be 'swapped' to your hard drive. Even if you use all the security features in the latest versions of Windows, simply investigating the swap file in DOS mode with readily available tools may allow for significant data retrieval. BCWipe offers the option to wipe unused portions of the swap file to ensure your total security.
Wipe File Slacks A file slack is the disk space from the end of a file up to end of the last cluster used by that file. You can turn file slacks wiping on or off before running BCWipe commands. (Read more explanations on file slacks in the Tips & Tricks section.)Tips & Tricks Wipe Empty Directory Entries* The file system records the names and attributes of files to a special area of your disk drive (so called 'directory entries' for FAT and MFT for NTFS). When a file is deleted, the corresponding directory entry is modified by the file system which makes it invisible to Windows and to you. However, most of the information still exists and the name and attributes can be restored using any recovery utility. BCWipe shreds directory entries and MFT so that the information can never be recovered. Swap File Encryption* The BCWipe CyrptoSwap utility allows you to encrypt the Swap File, which provides you with additional security. Supported symmetric algorithms and key lengths: Rijndael 256-bit key (Cipher Block Chaining Mode), Blowfish 448-bit key (Cipher Block Chaining Mode), GOST bit key (Cipher Feedback Mode), Twofish 256-bit key (Cipher Block Chaining Mode).
Hexadecimal File Viewer* Using the Hexadecimal File Viewer, you can examine contents of files after wiping. This utility is useful for investigating the quality of the wiping process, for example when you use a custom wiping scheme. BCWipe Task Manager* Administrators now have complete flexibility for choosing what to wipe, when to wipe it, and how to wipe it. Lists of recently used files are removed from the File Menus of specific programs. Wipe your Internet Cache, Cookies, History, etc. Wipe the entire swap file. Wipe selected Registry Keys and user activity history stored by Windows. Transparent Wiping* With BCWipe's new Transparent Wiping feature, all wiping operations can now be set to run automatically - deleted files are securely wiped on the fly. Transparent Wiping securely erases the following sensitive information on the fly: - All files and folders deleted using normal commands - Temporary files created by Windows and applications - Temporary files created when working with data secured with encryption - Data stored in Windows Restore Point when the Restore Point is deleted - Data stored in Recycle Bin when Empty Recycle Bin is selected - Or only specific types of files, folders and applications by configuring include/exclude lists
Weakness Once BCWipe is initiated it can not be recovered.
The Doop BCWipe can be initiated upon unauthorized access to your drive.
The PD-8700 is designed to provide a safe, convenient and effective method of destroying confidential information contained on hard drives. The PD-8700 degausses and then physically destroys the hard drive ensuring that the information previously contained on the hard drive is permanently erased and destroyed.
Strengths The Destruction mode of the PD-8700 is designed to physically disable the hard drive, preventing data from being recovered. The physical destruction visibly identifies hard drives that have been properly sanitized. The PD-8700 does not rely on software, therefore it will erase all operating systems. In addition, degaussing is the only way of erasing hard drives that are not functioning.
Weakness Requires an actual machine in order to accomplish the task and can not be done without someone actually placing the drive into the machine.
The Doop Let’s see an investigator recover data from this.