Encrypted file systems: do whole volume, plus are old files wiped?

From: Sam Smith (yhbrent_at_yahoo.com)
Date: 03/20/04

  • Next message: HG: "Re: Security Testing Question" 
    Date: 20 Mar 2004 10:57:00 -0800

    I recently installed WinXP Pro on my new home machine, and one of the
    most exciting features to me is that you can encrypt files to protect
    them in case your hard drive gets stolen.

    But reading thru the documentation, it seems as if MS has set up
    encryption on a folder/file basis, but what I need is to enforce
    ewncryption on a volume basis. That is, I want to make sure that
    everything that is ever put on one of my disk partitions, say D:, is
    ALWAYS encrypted.

    Does anyone know how I can do that?

    Yes, I know that I can simply select all the existing contents and
    encrypt them, but the problem is that whenever I create a new folder
    or file on the volume which lives right below the root level (e.g. if
    I create the file d:\someFile.txt), it is by default NOT encrypted.
    Thus, to keep the volume encrypted, I have to remember to manually
    encrypt it which is a bit of a pain and can easily lead to oversight.

    This brings up a related issue: file wiping. It is critical if your
    files are not encrypted that you completely wipe your hard drive
    before, say, you donate your computer. Merely erasing them does not
    suffice, since someone can simply use the right tools to read the old
    data which is physically still on the drive and reconstruct the files;
    see for instance
            http://www.stack.nl/~galactus/remailers/index-wipe.html
            http://www.stack.nl/~galactus/remailers/why-real-delete.html

    Does anyone know how intelligent XP is regarding file wiping and
    encrypted file systems? In particular, if a new unencrypted file is
    placed on a volume and subsequently encrypted, is the old unencrypted
    version automatically thoroughly wiped out at the end of the
    encryption process, or does XP take a shortcut and merely delete its
    file table entry, leaving the old unencrypted data still on the disk?

  • Next message: HG: "Re: Security Testing Question"

    Relevant Pages

    • SafeGuard Easy-Slow boot time
      ... On my PC, I have two disk partitions, C and D. I have installed ... During installation, I chose to ... if I wish to both encrypt data on D and get my boot time closer to ...
      (comp.security.misc)
    • Re: fictional faulty pc with data on it legal question
      ... >> There is a lot of software that will allow the user to encrypt folders ... >unencrypted data touch the HD in the first place. ... >> If the HD was the problem, it would concern the vendor. ... (I.e. the customer might in fact have HD ...
      (rec.photo.digital)
    • cipher question
      ... I was wondering if there was a cypher that could encrypt something and ... keep the encrypted content the same length or shorter. ... "This is unencrypted data" ...
      (comp.security.misc)