Drive protection
now that the Bios is protected, it is the tun of your HDD/SSD, for this we have what we call FDE (Full Disk Encryption) platforms, software and hardware.
What is a FDE
What FDE do and don't
Software vs Hardware
Software or Hardware , which is the best?
Software-based
1- Bitlocker (for pro/enterprise version)
Windows BitLocker Drive Encryption is a new security feature that provides better data protection for your computer, by encrypting all data stored on the Windows operating system volume. (In this version of Windows, a volume consists of one or more partitions on one or more hard disks. BitLocker works with simple volumes, where one volume is one partition. A volume usually has a drive letter assigned, such as "C.")
BitLocker Drive Encryption Overview
Windows BitLocker Drive Encryption Step-by-Step Guide
2- Veracrypt ( Truecrypt & variants)
if you don't have access to Bitlocker, you can do the same with Truecrypt and its variants, i will show you Veracrypt, a updated and supposely safest variant of Truecrypt.
VeraCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots.
System encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted too.
VeraCrypt - Documentation
3- Symantec Encryption (previoudly PGP)
Of course big security vendors possess their own tools, symantec bought the well known PGP.
What is Symantec Encryption?
Symantec’s encryption portfolio includes endpoint, file and folder and email encryption. Integration with Symantec Data Loss Prevention automatically encrypts sensitive data being moved onto removable media devices or residing in emails and files. Robust management features include individual and group key management, automated policy controls, and out-of-the-box, compliance-based reporting. Heterogeneous management capabilities include support for native OS encryption (FileVault2) and Opal compliant self-encrypting drives.
PGP Encryption Software | Symantec
Note that PGP has a free variant called
GPG4win
4- others
there is a link to plenty of software-based drive encryptions
Comparison of disk encryption software - Wikipedia, the free encyclopedia
Hardware-based
Easier and faster to use than Software encryption, Hardware Encyption (called SDE for Self Encrypted Drives) is an option to consider. USB or Padlocks exist.
hardware FDE (SDE)
SDE Explanation
Obviously attacks & risks are still present
Risks & Attacks
below are some companies offering such devices
Apricorn
Software vs Hardware Encryption
Seagate
