1. Manuals
  2. Brands
  3. Logicube Manuals
  4. Storage
  5. F-FALCON-SA
  6. User manual

8: Drive Encryption And Decryption; Drive Encryption/Decryption - Introduction - Logicube F-FALCON-SA User Manual

Hard drive forensics tool
Hide thumbs
Table of Contents

Advertisement

8.0 Drive Encryption/Decryption - Introduction

The Forensic Falcon allows imaging drives onto a Destination or Repository where the data on
the Destination drive is encrypted. There are two different modes where Encryption is
supported: Drive to File and File to File.
Drive to File – Images the Source to any of the following image output formats: DD, E01,
and EX01. This will have a partition level encryption where only the partition (on the
Destination or Repository) where the images are created will be encrypted.
File to File - Image specific files (by filename, extension, etc.). The files will be sorted by
path (based on where the file is located on the Source and each file will be hashed. This
will have a partition level encryption where only the partition (on the Destination or
Repository) where the images are created will be encrypted.
Falcon can also decrypt drives that were encrypted using the Falcon. Alternatively, third party
utilities can be used to decrypt a drive encrypted by the Falcon; VeraCrypt , TrueCrypt and
FreeOTFE.
In the System Settings screen, there is an Encryption Settings tab used to configure the Falcon
for encryption. There are four (4) parameters that must be configured before encryption can be
used. These parameters are necessary to decrypt and read the Destination drive and can be
configured in the Encryption Settings page on the Falcon:
Cipher Mode – Users can choose between TC-XTS, CBC, ECB, or VCRYPT cipher modes.
The Falcon encrypts drives using AES 256 encryption regardless of what
cipher mode is used. If TC-XTS is used, Falcon uses a TrueCrypt friendly
format and does not use TrueCrypt to encrypt the drive. The encryption
key is not stored on the Destination drive.
Cipher – At this time, only the AES-256 cipher is supported.
IV Generation – Initialization Vector. Unavailable when TC-XTS cipher mode is selected.
If CBC or ECB cipher mode is selected, users can choose between PLAIN64 and
ESSIV:SHA256.
Logicube Forensic Falcon™ User's Manual

8: Drive Encryption and Decryption

CBC or ECB cipher modes can be decrypted using the Falcon or
FreeOTFE.
TC-XTS cipher mode can be decrypted using the Falcon or TrueCrypt.
VCRYPT cipher mode can be decrypted using the Falcon or VeraCrypt.
108

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the F-FALCON-SA and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Logicube F-FALCON-SA

Related Products for Logicube F-FALCON-SA

This manual is also suitable for:

Forensic falcon

Table of Contents