When Using The Windows Encrypted File System, What Statement Is Accurate?

Encrypting File System

Anti-forensics

John Sammons , in The Basics of Digital Forensics (Second Edition), 2015

Encrypting file system

Encrypting File Organization (EFS) is used to encrypt files and folders. EFS is like shooting fish in a barrel to utilize, with nothing more a bank check box in a file'southward properties. It is "not fully supported on Windows 7 Starter, Windows 7 Abode Basic, and Windows 7 Home Premium" ( Microsoft, 2011c). EFS uses the Windows username and password as part of the encryption algorithm. EFS is a feature of the New Technology File System (NTFS), non the Windows operating system (Microsoft, 2011d).

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9780128016350000061

Internet Information Server (IIS) Authentication and Authorization Models, and Locking Down File Access with EFS and WebDAV

Timothy "Thor" Mullen , in Thor'southward Microsoft Security Bible, 2011

Introduction

Microsoft's Encrypting File Organization technology is one of the strongest however almost underutilized security features that I have seen in my many years of working with Microsoft infrastructures and enterprise deployments. I have very rarely seen it used in enterprise or even medium-sized environments, and when I have, it has been in isolated instances where individuals or teams took it upon themselves to implement EFS-based security controls. This is not entirely without justification. EFS is easy for individuals to prepare and apply apart, but the proper deployment of EFS in large environments requires careful planning around certificate and recovery agent management, backup and restoration, and admission model implementation. The consequences of improperly rolling out EFS tin be serious: You tin lose admission to your data. To exist more specific, inadequately designed EFS controls tin can issue in files being encrypted on the file organization that, based on a failure scenario, can prevent the decryption of files even though you lot may have physical access to them.

EFS, in its simplest form, is a Windows OS–based feature that allows a user (administrator or otherwise) to set up a folder, or an private file, to have its contents encrypted. Encrypting at the folder level is the typical method of using EFS every bit it guarantees that whatever file added to the encrypted binder is automatically encrypted. While you tin certainly select an individual file and encrypt it, the examples used in this chapter volition be based on folders that are created in a directory structure, and the folder itself marked for encryption. Equally mentioned, when a folder is gear up to be encrypted, all files created within that folder will be encrypted by their respective owners. Setting a folder to be encrypted is quite unproblematic; you merely pull up the Advanced Attributes of a folder and select Encrypt contents to secure information, equally shown in Effigy ii.1.

EFS is a user-based encryption control. Basically, the manner it works is that when a user requests that a file or folder be encrypted, an EFS certificate is generated for the user and its individual key is stored in the user's profile. The public key is stored with the files created by that user, and only that user can decrypt the file. Because of this, a recovery agent document is typically associated with a different user account, and that user'southward public key is as well embedded in the file. This style, if the user loses the certificate used to encrypt the file, the recovery amanuensis user, or more specifically the holder of the acquaintance private key, can also decrypt the file. In the same way that the recovery agent public primal is automatically stored with the encrypted file, you can also assign other users' public keys to a file, assuasive them to decrypt it likewise. This allows one file to be shared amongst multiple users while remaining encrypted on the file organisation. When an EFS certificate is either distributed by your CA or created automatically when an EFS operation is requested for the outset fourth dimension in a domain surroundings, the public primal of the user's certificate is stored in AD. This is true for the recovery agent certificate equally well, and in fact is how the public central is automatically included with EFS files created in a domain: It is pulled directly from AD based on the policy settings for the EFS file recovery group policy object. I volition elaborate more on this afterward.

Let united states take a moment to actually detail the encryption process. When it comes to multiple users sharing an encrypted file, knowing how this works at the file and encryption process level volition help give you a amend understanding of how EFS works in an enterprise or smaller Advert environs. There is nothing magical about an EFS certificate. It is simply an X.509 certificate with a individual/public key pair generated by the Rivest, Shamir, and Adleman (RSA) algorithm, with EFS as a primal usage, every bit seen in Figure ii.ii.

When the certificate is created for the user, the RSA algorithm is used to generate public and private keys that are stored in the user document. Only the public fundamental is stored in AD. Data is encrypted with the public key, and decrypted with the private central. That is why the public primal is public, and then that other users can encrypt data for you, but only the person property the private primal can decrypt information technology. Not even the person encrypting the data with the public central can decrypt it once it is encrypted.

Almost people I have spoken with about encryption seem to be nether the impression that the RSA keys are used to encrypt and decrypt the actual data in an encrypted file. This applies to any RSA-based encryption by the way, not just EFS. What really happens is that before the file is encrypted, a cryptographically potent random fundamental is generated. In this example, information technology is based on the default Advanced Encryption Standard (AES) cipher. Information technology is actually this key that the RSA algorithm encrypts, and not the data. The public RSA key is used to encrypt the AES key, which is used to encrypt the bodily information.

Read full chapter

URL:

https://www.sciencedirect.com/science/article/pii/B9781597495721000093

Antiforensics

John Sammons , in The Basics of Digital Forensics, 2012

Some Common Types of Encryption

With privacy being such a major concern, encryption tools are now included with some versions of the newer operating systems including Windows 7 and Apple Os X. These tools are BitLocker and FileVault, respectively. These encryption schemes tin be applied selectively, but encrypting sure files or folders. They tin can also be used to encrypt an unabridged drive. This is known as full or whole deejay encryption.

Full disk encryption (FDE) has some noteworthy advantages. We know from previous capacity that operating systems in their course of normal functioning volition leave artifacts scattered across the drive. Have swap space, for example. Even though we encrypt an entire folder containing our sensitive files, remnants (or the entire file) could exist located in the swap space. Total disk encryption takes care of these information "leaks." The term total deejay encryption is a picayune misleading. It doesn't really encrypt the entire disk. In club to run BitLocker, there must be two partitions (sections) on the hard drive: one, known every bit the "operating organization volume," and the other, which contains the files to boot the machine, arrangement tools, and so on. The operating system book contains everything else including the vast majority of the items of nigh interest to u.s.a. (Microsoft Corporation, 2009).

As they say, in that location is no free lunch. FDE has some drawbacks likewise. Performance will likely suffer as the data are being encrypted and decrypted. This encryption/decryption is done "on the fly," meaning that it occurs just before the data are saved or loaded into RAM. Passwords and keys are some other concern. Recovering your data is dependent on having the proper authentication. If you lose or forget your password, you will very likely never get your information back. Encryption cuts both ways.

Encrypting File Arrangement (EFS)

Encrypting File Arrangement (EFS) is used to encrypt files and folders. EFS is simple to employ, using zip more than a check box in a file's properties. Information technology is "not fully supported on Windows 7 Starter, Windows vii Home Basic, and Windows 7 Home Premium" (Microsoft Corporation). EFS uses the Windows username and password as part of the encryption algorithm. EFS is a feature of the New Engineering File Organization (NTFS), not the Windows operating system (Microsoft Corporation).

Bitlocker

Unlike EFS, BitLocker tin can be used to encrypt an unabridged difficult bulldoze, whereas BitLocker To Get is used to encrypt removable media such as a USB bulldoze (Microsoft Corporation). BitLocker isn't available in all versions of Windows. Currently it'due south only available on the Windows 7 Ultimate systems (Microsoft Corporation). BitLocker doesn't usually function alone. It normally works in conjunction with a piece of hardware called a Trusted Platform Module (TPM). The TPM is a microchip on the motherboard of a laptop or PC that is intended to deliver cryptographic functions (Microsoft Corporation). The TPM generates and encrypts keys that can only be decrypted by the TPM. If configured to work without the TPM, then the required keys are stored on a USB thumb drive.

BitLocker encryption is pretty stout, making decryption doubtful without the central.

Encountering a running BitLockered auto affords an examiner an excellent opportunity to recover information without having to defeat the BitLocker encryption. Files stored in a BitLocker protected area of the hard drive are decrypted when they are requested past the arrangement (Microsoft Corporation, 2009). Whatsoever time you can avert going toe to toe with encryption is a good affair.

When dealing with a running computer, recognizing the presence of BitLocker could make all the difference in a case. That running BitLockered machine may very well represent the only adventure you would have to recover whatsoever evidence from that computer.

Apple tree Filevault

Apple tree's latest version of Bone X, Lion, comes with FileVault 2. FileVault2 uses 128 bit, AES encryption. With FileVault 2 you tin encrypt the content of your unabridged drive. Apple tree gives customers the chance to store their recovery key with them. Passwords stored with Apple tree could be retrievable with the proper legal search authority (Apple, Inc., 2011).

Truecrypt

TrueCrypt is a free, open source software that provides on-the-fly-encryption functionality. In on-the-fly encryption, the data are automatically encrypted and decrypted every bit they are saved and opened. All of this is done behind the scenes without any user interest. TrueCrypt besides is capable of providing total disk encryption. This includes file names, folder names, likewise as the contents of every file. It also includes those files that can incorporate sensitive data that the system creates on its own. These files include things like log files, swap files, and registry entries. Decryption requires the correct password and or primal file(s). TrueCrypt supports Windows, Mac, and Linux operating systems (TrueCrypt Developers Association, 2011). TrueCrypt can employ multiple encryption algorithms including AES, Snake, Twofish, or some combination of these three. The central space is 256 bits.

Read full affiliate

URL:

https://www.sciencedirect.com/science/article/pii/B9781597496612000061

Microsoft Vista: Data Protection

In Microsoft Vista for IT Security Professionals, 2007

Encrypting File System

☑: The Encrypting File Organisation allows y'all to encrypt individual files, or all files within a folder.
☑: Windows Vista adds support for EFS keys held on smart cards; folio file encryption; offline file encryption based on the user's key; and policies to control the indexing of encrypted files.
☑: Always set a Data Recovery Agent to allow you to recover files later on the user who encrypted them has left your domain; export the DRA keys into a PFX file and so that the DRA's private key is non resident on the system.

Read total chapter

URL:

https://www.sciencedirect.com/scientific discipline/commodity/pii/B9781597491396500091

Securing Windows Server 2008 R2

Dustin Hannifin , ... Joey Alpern , in Microsoft Windows Server 2008 R2, 2010

EFS keys and algorithms

EFS utilizes both symmetric and asymmetric key applied science to encrypt and secure information on NTFS volumes. A symmetric key is a single central which can rapidly be used to encrypt or decrypt larger amounts of data. Symmetric keys are often used to encrypt content because of the speed advantage they have over key pairs. EFS utilizes symmetric keys to secure data content.

Asymmetric key pairs are a complimentary pair of keys. One of the keys is used to encrypt while the other to decrypt. Asymmetric keys are slower when dealing with large amounts of data, and then, are not used in EFS to secure data, just are instead used to secure the symmetric fundamental. So, ultimately, it is a combination of keys that are used by EFS to secure a user's data in the file organization; a single primal to encrypt the data content and a central pair to secure the single central.

In earlier iterations of EFS, Microsoft has employed industry standard encryption algorithms such every bit Triple DES (3DES) and Data Encryption Standard X (DESX). As encryption standards take developed and improved, Microsoft has continued to update EFS to back up the newer protocols, every bit was evident with the release of Windows XP SP1. From Windows XP SP1, forward EFS began utilizing Avant-garde Encryption Standard (AES) as its primary encryption machinery.

The newest version of EFS, included with Windows Server 2008 R2 and Windows vii, has followed in the same footsteps as the preceding versions and has been improved to reflect the algorithm standards that exist today. The post-obit represent the algorithms supported by the Windows Server 2008 R2 iteration of EFS:

▪: Advanced Encryption Standard
▪: Secure Hash Algorithm (SHA)
▪: Elliptic Bend Cryptography (ECC)
▪: Smart carte du jour-based encryption

A critical add-on to the preceding listing is the new back up for ECC. Many environments today are required to comply with stricter regulatory requirements. The addition of ECC allows for these high-security environments to comply with Suite B encryption requirements equally gear up forth past the National Security Agency. Today, Suite B compliance is utilized by Usa government agencies to protect classified information.

EFS and policy enforcement

With additional compliance regulations existing in many environments today, administrators oft need a machinery to control the enforcement of certain security policies. In Windows seven and Windows Server 2008 R2, y'all have the adequacy to control the mode EFS behaves in the Local Computer Policy on the motorcar. Utilizing the Local Computer Policy, y'all have the ability to enforce ECC likewise equally configure other settings such as if Smart Cards are required for EFS usage. Since Local Calculator Policy settings are administrated individually on each calculator, information technology makes it very difficult to employ these settings in a larger environment.

The most common mode to enforce policy onto large groups of machines in an Advertizing environment is past utilizing Group Policy. In order to accost EFS policy enforcement on a broader scale, Microsoft has incorporated settings into Group Policy to let the adequacy to control and enforce settings centrally for new EFS components. You volition file EFS settings within a Group Policy under Computer Configuration | Policies | Windows Settings | Security Settings | Public Key Policies | Encrypting File System .

In Suite B compliance environments, the usage of RSA encryption algorithms is not immune and but ECC may be used for EFS. Group Policy has iii ECC pertinent settings, Allow, Require, and Don't Allow, which are displayed in Figure 10.21.

The Permit setting simply allows the use of ECC, but does non enforce it. This means that both RSA and ECC are available when this setting has been configured. If you are in an environment that requires Suite B compliance, Allow is not an advisable setting. Instead, you would want to select the second radio button for Require. Require prevents the use of RSA and enforces that ECC be the simply protocol in use with EFS. The final setting of Don't Permit blocks the usage of ECC, thus all EFS key sets volition be generated utilizing RSA.

Read full chapter

URL:

https://www.sciencedirect.com/scientific discipline/article/pii/B9781597495783000104

Active Directory – Escalation of Privilege

Rob Kraus , ... Naomi J. Alpern , in Vii Deadliest Microsoft Attacks, 2010

Fourth Defensive Layer: You'll Demand That Hugger-mugger Decoder Band

Imagine for a 2nd that an attacker has targeted you and has managed to penetrate all three of the layers in this chapter that you have prepared. All that is left is the nugget your arrangement holds most dear: its data – data on its payroll and financial health, intellectual property, proprietary product data, and documented analysis of your competitors. The last thing you will want is this nigh valuable asset being left blank for all to run into (and take). There is one last line of defense that you can implement to safeguard your files: data encryption. The use of encryption engineering would take prevented the disgruntled patron of Casa de Marginal in Scenario ii (Attacking Client Confidence) from reading and altering files.

There are a host of third-party vendors offering encryption software for Windows. There are also many options on the market to give whatsoever of them the justice they are due. This chapter focuses on the native Microsoft tools that ship with various versions of Windows. In contempo versions – Windows XP and newer – there are two options to encrypt the contents of a volume on a difficult disk: Encrypting File System (EFS) and BitLocker. Each tool is used for dissimilar purposes. EFS is designed to encrypt and decrypt private files; BitLocker is used to encrypt an entire hard disk drive.

Tip

BitLocker Drive Encryption and EFS are non mutually sectional. In fact, they tin can be used together in a rather effective combination. When using EFS, encryption keys are stored with the calculator's operating system. Although the keys used with EFS are encrypted, their security could still be compromised if a hacker is able to admission the operating system drive. Using BitLocker to encrypt, the operating system drive can assist protect these keys by preventing itself from booting or being accessed if it is installed in another figurer.

Using EFS

EFS encrypts files and folders individually based on the user account associated with them. If a calculator has multiple users or groups, each user or group can encrypt their own files independently. EFS has been effectually since Windows 2000 and has been steadily improved with every new version of the Windows code base, either customer or server. Different BitLocker, it neither requires nor uses whatever special hardware.

Although EFS has been available in all versions of Windows client and server operating systems since Windows 2000, it is fully implemented only in certain editions, specifically any of the Windows Server editions, Vista Enterprise and Ultimate, and Windows vii Ultimate. It is not fully supported on Windows Vista Starter, Home Basic and Premium, and Concern, or on Windows 7 Home Premium or Professional. On those versions, you can decrypt and modify encrypted files, only cannot encrypt them.

Working with encrypted folders and files is much the aforementioned every bit other file operations. Open up Windows Explorer and right-click the folder or file you want to encrypt, and so click Properties in the context carte. Select the General tab then click Avant-garde. The dialog box shown in Figure 2.9 will appear. Select the Encrypt contents to secure data (circled in the screenshot in Figure 2.9) check box and click OK. Finally click OK to ostend the operation. The encrypted folder or file in the file listing in Windows Explorer volition turn green one time the encryption attribute is set. Decrypting a binder or file is almost identical except that you lot will clear the Encrypt contents to secure data check box in the Advanced Attributes window and click OK to have the change.

Note

The first time you lot encrypt a binder or file, an encryption certificate is automatically created. You should dorsum upwards your encryption certificate. If your certificate and key are lost or damaged and y'all don't have a backup, y'all won't be able to use the files that you accept encrypted.

Using BitLocker

If your requirements suggest that encrypting the entire hard disk is preferred to working with private files, BitLocker Drive Encryption is a ameliorate pick than EFS. Road warrior employees who truck laptops everywhere they go are very suitable candidates. A laptop left in an airport is an attractive target, especially because employees on the road tend to be self-independent, conveying all of the files they demand to work on and anything they pick up on the road. An encrypted deejay makes it extremely hard to extract the data from the purloined computer.

A further benefit of BitLocker is that it tin be used to encrypt the contents of removable media. BitLocker To Go works with many media, notably the ubiquitous Universal Serial Bus (USB) drives that are the bane of IT security professionals' existences and seem to proliferate at an alarming rate. Because it encrypts the entire deejay, another unique characteristic of BitLocker and BitLocker To Go is that they disregard private user accounts associated with files; it is either enabled or disabled for all users or groups on the organization.

Tip

Like EFS, your options for encrypting the contents of your hard drive depend on the version of Windows that yous are running. BitLocker is available only in Windows Vista Enterprise and Ultimate, Windows Server 2008 and Windows seven Ultimate, which means it is non bachelor in Vista Home Basic, Abode Premium or Concern, or in Windows 7 Home Premium or Professional.

Unlike EFS, BitLocker requires the utilize of special hardware earlier it can be enabled. A trusted platform module (TPM) is a secure cryptoprocessor that tin can store cryptographic keys, which is embedded in the workstations microprocessor. It must be enabled in the Bones Input/Output Organisation (BIOS), which may or may not be by default. In one case enabled, it will be displayed in Device Managing director nether Security Devices, as shown in Effigy ii.x. The TPM must be of version 1.two or afterwards in club to exist used with BitLocker. If a TPM is not installed or is an before version, you can likewise use a removable USB retentiveness device, such as a USB flash drive to store its primal. For this chapter, we will focus on enabling BitLocker on systems that have an embedded TPM.

Once the TPM has been enabled in the BIOS and you accept verified in Device Manager that Windows acknowledges its beingness, you can manage information technology. Different other hardware on your system, there is a specific and rather robust applet for managing the TPM. The applet, shown in the screenshot in Figure two.11, allows you to initialize the TPM, enable or disable it, and modify the password, among other functions. The initial setup of the TPM is performed during the setup process for BitLocker; subsequently verifying that the TPM has been initialized, you exercise not need to change the settings in order for BitLocker to exist set correctly.

One time you have the TPM enabled in the BIOS and have verified that it is recognized by Windows, y'all can continue to configure BitLocker. The applet, shown in Figure ii.12, can be institute through Control Console | System and Security | BitLocker Drive Encryption. As shown in the screenshot in Figure ii.12, yous employ this single applet to configure it on both stock-still disks and removable media. Delight conduct in mind that you lot need to be an ambassador to work with BitLocker on fixed disks and once yous click on Turn On BitLocker, yous will need to confirm your permission to go along through UAC. "Normal" users tin enable and disable BitLocker To Go on their removable media.

The setup procedure takes care of everything. Once you click on Plough On BitLocker or BitLocker To Get, information technology runs a cheque of your hardware and software to verify that your system satisfies the requirements to enable BitLocker. If you are enabling BitLocker in a hard deejay drive, you will need to respond to the prompts that popular up in any UAC windows. The arrangement check is depicted in Figure 2.13.

If your hardware and software satisfies the system requirements for BitLocker, you will exist presented with the screen shown in Figure 2.xiv. To go to this screen, the TPM has been discovered; if the TPM is not enabled, y'all will exist instructed to enable it and commencement the process again. Since the TPM needs to be enabled in the BIOS, yous will need to reboot before you restart the procedure.

Once BitLocker or BitLocker To Go is configured on your desired deejay, y'all are free to employ your system the way you did before it was enabled. You will not find a departure. The TPM provides the required credentials for the boot process to go along on a hardware restart. If you lot are not using a TPM (e.g., your hardware is not suitably equipped or yous practice not want to enable it for some reason), you lot will demand the primal that is installed on a USB drive in gild for the estimator to start.

As mentioned earlier, data encryption is the defense of last resort. By the time that an assaulter encounters an encrypted file or disk, he has compromised an application that was vulnerable (perhaps it was left united nations-patched) or a user account with elevated privileges. Fortunately, Windows ships with a number of these defenses that simply await configuration. Your task is to ensure that the proper safeguards are in identify.

Read full affiliate

URL:

https://www.sciencedirect.com/science/article/pii/B9781597495516000029

Windows Forensic Assay

Ryan D. Pittman , Dave Shaver , in Handbook of Digital Forensics and Investigation, 2010

EFS

The ability to utilise EFS to encrypt data has been effectually since the release of Windows 2000 (although it is notably absent-minded from distributions such equally Windows XP Habitation Edition and Windows Vista Home Basic), and allows users to easily apply encryption to select files and folders in a way that is more or less transparent. During the encryption process, keys are generated that are tied to a user'southward Windows username/password combination. The decryption of protected data is seamlessly accomplished for the logged on user (because the right credentials were supplied when they logged onto Windows); all the same, anyone outside of that user's authenticated session volition be unable to view the underlying data of an EFS-encrypted file.

Similar with BitLocker, declining to recognize that files or folders are EFS-encrypted prior to imaging show can have significant repercussions. The names of files and folders encrypted with EFS are virtually oftentimes displayed as green in the Windows Explorer interface, and seeing such "green names" on a live, running machine tin can be the first inkling that EFS-encrypted data exists (Figure v.64).

Examiners tin also cull to utilise tools such every bit efsinfo.exe (a role of the Windows XP Service Pack 2 Support Tools) to identify EFS-encrypted information forth with the user account that is able to decrypt them as shown in Effigy v.65.

Most forensic tools will also identify EFS-encrypted data as demonstrated in Figure 5.66, although special steps will still accept to be taken to view the data in its unencrypted form.

If EFS-encrypted information objects are located prior to imaging, obtaining unencrypted logical copies of the objects is always an pick to insure against afterward inability to admission the data on the forensic image. However, if EFS-encrypted data is encountered within a forensic prototype, the examiner does have other options.

Many forensic tools offer the ability to decrypt EFS files automatically, provided the proper user password is known (or guessed, or croaky) and entered as appropriate. As such, obtaining the proper password is the cardinal (if you'll pardon the pun). The easiest style to obtain a user's Windows password is to ask the user; you never know, the user (or his or her system administrator) could surprise you past providing it willingly. Failing that, numerous options exist for the exporting of SAM and SYSTEM registry hives from a forensic epitome and the subsequent bang-up or unmasking of passwords using the examiner's tool of choice (eastward.thousand., PRTK, Cain & Abel, 0phcrack, SAMInside, Linux, etc.). Before undertaking a true cracking action, though, the examiner may desire to complete the following in the interest of avoiding unneeded frustration:

▪: Try to guess the countersign based on things y'all know about the user or data supplied from other sources.
▪: Dump the Windows protected storage surface area (which can include saved passwords and autocomplete information) from the registry using a tool such equally Protected Storage Explorer by Forensic Ideas (www.forensicideas.com/tools.html).
▪: Effort to brute-forcefulness the password using a dictionary file filled with common passwords or passphrases, or a dictionary created by indexing the user's favorite web sites.
▪: Understand the difference between cracking an LM password and trying to crack an NTLM password.

Tool Feature: Decrypting EFS

Once the proper username/password combination is obtained, decrypting EFS files becomes child's play. Figure 5.67 shows ElcomSoft'south Advanced EFS Data Recovery Tool (www.elcomsoft.com/aefsdr.html), which tin scan a drive for EFS-encrypted files and available EFS encryption keys, and enables the examiner to decrypt located keys using a Windows user password, and tin can fifty-fifty perform lexicon attacks on encrypted keys. If the correct password is supplied, the examiner is given the option to save all files that can exist decrypted with that password in their decrypted (reviewable) state.

The EnCase Decryption Suite (EDS) and its congenital-in Analyze EFS… option tin can as well be used to automatically locate EFS key files and so allow examiners to enter user passwords that will automatically be used to decrypt EFS data.

Read full affiliate

URL:

https://www.sciencedirect.com/science/commodity/pii/B9780123742674000057

Secure Client Deployment with Trusted Boot and BitLocker

Thomas Due west. Shinder , ... Debra Littlejohn Shinder , in Windows Server 2012 Security from End to Edge and Across, 2013

FVE vs. File/Folder Encryption

File-level encryption, as provided past Microsoft'southward Encrypting File System (EFS) and numerous third-party encryption programs such as CryptoForge and Binder Lock, allows you lot to encrypt individual files and/or folders. An advantage of file/folder encryption is that, because only specific files with sensitive data are encrypted, there is picayune/no reduction in general organization performance, although it tin slow down opening or working with the encrypted files. The user designates which files/folders to encrypt.

FVE has the advantage of requiring no activeness on the part of the user. That means y'all practise non run the risk of users forgetting to encrypt a particular sensitive file. Another advantage is that FVE encrypts temporary files that might be created by applications in a folder other than the encrypted one, and it encrypts the page file/swap file which tin can comprise copies of sensitive data that has been swapped from RAM. Finally, FVE tin encrypt not only data volumes but also the operating system files. In fact, in the first version of BitLocker that was included with Windows Vista, merely the operating system volume could be encrypted. Windows Vista Service Pack one added the ability to encrypt non-Os volumes on the internal difficult drives and this ability was continued in subsequent iterations of BitLocker. Windows 7 added a new characteristic, BitLocker-to-Become, which allows total book encryption of removable storage devices such as external USB hard drives and removable flash drives.

Read full affiliate

URL:

https://world wide web.sciencedirect.com/science/article/pii/B9781597499804000091

Microsoft Windows Server 2008

Aaron Tiensivu , in Securing Windows Server 2008, 2008

Full Book Encryption

Windows BitLocker provides information encryption for volumes on your local difficult drive. Unlike Encrypting File System (EFS), BitLocker encrypts all data on a volume—operating organisation, applications and their information, as well as folio and hibernation files. In Windows Server 2008, yous can apply BitLocker to encrypt the whole drive, equally compared to Windows Vista where you lot can encrypt volumes. BitLocker performance is transparent to the user and should take a minimal performance bear on on well-designed systems. The TPM endorsement cardinal is one of the major components in this scenario.

Read total chapter

URL:

https://world wide web.sciencedirect.com/science/article/pii/B9781597492805000055

Troubleshooting

In How to Cheat at Microsoft Vista Administration, 2007

Disability to Open up Files subsequently Transferring from Another Computer

This problem is encountered when an encrypted file is transferred from a estimator running an earlier version of Windows, such equally Windows XP or Windows 2000, using the Windows Easy Transfer Wizard. When the file is accessed for the first time on the Windows Vista computer afterwards migration, Windows Vista prompts y'all for the password on the old computer so information technology can update your account with new account data. Yous must provide the quondam password to update the EFS certificate and the key that is transferred during the migration. If you do not provide the password and instead abolish the password prompt, yous volition non exist able to access the encrypted file. This problem occurs even if you lot were the possessor of the file on the onetime calculator.

You tin can resolve this trouble by recovering the encrypted file. This is possible just when you import the EFS document and the key from the former computer. You can use the command prompt for quickly resolving the problem, as explained in post-obit steps:

1.: Click First | All Programs | Accessories | Command Prompt.
2.: Click Proceed in the User Account Command dialog box.
3.: In the command prompt window, type dpapimig.exe and press Enter.
four.: Type the password you used on the former figurer.
5.: Click Confirm My Business relationship Data And Update Content Protection.
six.: Get out the command prompt window.

This volition resolve the trouble and y'all should exist able to access the encrypted files you transferred from an old Windows XP or Windows 2000 reckoner.

For more information on resolving problems with encrypted files, utilize the Windows Help and Support utility in the Start card and search for solutions using the keywords file encryption.

Read total chapter

URL:

https://world wide web.sciencedirect.com/science/article/pii/B9781597491747500124