Skip to content

Full disk encryption

Full Disk Encryption or Whole Disk Encryption is a phrase that was coined by Seagate to describe their encrypting hard drive. Under such a system, the entire contents of a hard drive are encrypted. This is different from Full Volume Encryption where only certain portions, such as a partition or volume is encrypted.

Some examples of full disk encryption:

Hardware Solutions

Embedded into internal HDD

  • FIPS 140-2 (Federal Information Processing Standard 140-2 certification issued by NIST)
  • FIPS 197 (Federal Information Processing Standard 197 certification issued by NIST)
  • AES-128

Seagate Full Disk Encryption ("FDE")

Seagate's encrypted drives are only available as OEM products. Seagate provides no software to utilize encrypted drive features (such as key management). There is a proprietary Windows-only API, but it is not available to the public.

Toshiba Self-Encrypting Drives ("SED")

Software Solutions


BitLocker Part of Windows Vista that uses AES 128 or 256 bit encryption

CGD Cryptographic Device Driver. Provides transparent full disk encryption for NetBSD.

Supports various ciphers: AES (128 bit blocksize and accepts 128, 192 or 256 bit keys), Blowfish (64 bit blocksize and accepts 128 bit keys) and 3DES (uses a 64 bit blocksize and accepts 192 bit keys (only 168 bits are actually used for encryption).

Checkpoint Full Disk Encryption

DiskCryptor Free solution provided under GNU General Public License.

FreeOTFE Transparent on the fly encryption for MS Windows and Windows Mobile PDAs. Also supports mounting Linux dm-crypt and LUKS volumes

GBDE GEOM Based Disk Encryption. Provides transparent full disk and swap encryption for FreeBSD. Supported ciphers: AES (128 bit).

Supports hidden volumes and Pre-Boot Authentification.

Since data loss can occur on unexpected shutdowns, GELI is recommended instead of GBDE.

GELI Cryptographic GEOM class. Provides transparent full disk encryption for FreeBSD. Supports various ciphers: AES, Blowfish and 3DES.

Supports hidden volumes and Pre-Boot Authentification.

FileVault Disk Encryption

Jetico BestCrypt

loop-AES Transparent file system and swap encryption for Linux using the loopback device and AES.

Linux Unified Key Setup (LUKS) or dm-crypt Transparent file system and swap encryption for Linux using the Linux 2.6 device mapper. Supports various ciphers and Linux Unified Key Setup (LUKS).

SafeGuard Easy Certified according to Common Criteria EAL3 and FIPS 140-2

Encryption algorithms supported: AES (128 and 256 bit) and IDEA

Provides complete hard drive encryption including the boot disk.

TrueCrypt Transparent full disk encryption for Linux and Windows. Supports AES (256 bit), Serpent and Twofish.

Supports hidden volumes within TrueCrypt volumes (plausible deniability).

VeraCrypt Fork of TrueCrypt project. Support for for Linux, Windows, and MacOS.

vnconfig The -K option of OpenBSD associates and encryption key with the svnd device. Supports saltfiles. Supported ciphers: Blowfish.

Full Disk Encryption Analysis Tools

Due to continual updates and variances to full disk encryption software, there is varied coverage of each software by digital forensics tools. Additionally, each forensic tool may only support limited versions of the encryption software, as noted in the table below:

EnCase Forensics
AccessData FTK v6
Other Applications

See Also