How does the full drive encryption work?

[wowpow]

   

I'm a bit confused. My Ministation Metro comes comes with "hardware full disk encryption". I noticed that I can set and release the encryption mode at will. This operation is completed very quickly, suggesting that the data on the drive does not actually get encrypted or decrypted when I change the encryption mode.  So, how is the data stored on the media then? If I write to the drive in the Unencryped mode and then set it to Encrypted, would it be possible for someone to recover the data from the drive by removing the drive from the enclosure and analyzing its contents? Conversely, if I write to the drive in the Encrypred mode and then set it to Unencrypted, how is it still possible for the device to read the data from the media without my password?

[PCPiranha]

It uses 256 AES encryption and it encrypts the drive itself.  In theroy I guess an expert could analyze the files by disassembling the enclosure but it would be incredibly difficult.  From what I am told by fellow co workers it is so difficult to decrypt that even drive savers won't try to decrypt it as it would take so many man hours.

[tmorant]

Interestingly, I recently had a  MiniStation Extreme USB Portable HDD fail and I sent it to a data recovery company.   They said the drive is not encrypted at all - they can see the data, but the filesystem has been locked using a utility they see on one of the sectors called password.exe.

This would explain how fast the ""encryption"" occurs - its not actually encrypting at all but rather locking the filesystem.   Encryption might still be used though -  but perhaps all that is done is that there's a hash of the password contained on the drive somewhere and password.exe hashes the password the user enters, the two are then compared which unlocks the filesystem.

Tony

[breannewiske]

Data recovery offline service - it is very expensive.
You can use freeware to do it by yourself.
http://formatdriverecovery.com/