Hard Disks and Encryption
Given the increasing stories from governments that are watching, we see more and more cases where the user applies encryption to his hard drive.
Different types of encryption are possible: At disk level and at file level.
I am not in favor of encryption at disk level, unless you actually have certain things to hide and where the file names alone can be compromising.
Why am I not in favor? We have already experienced that some drives were damaged in such a way that it was very difficult to decrypt the drive. It is also impossible to determine where the important data is located (the MFT is unreadable), so we can put a lot of effort into cloning a part of the disk where no important data is located.
Were the files individual encrypted, then we could immediately see where the important data is and save it before the disk completely dies.
The recovery of raid systems with disk-level encryption is also a nightmare. Due to the encryption, it is no longer possible to determine what the stripe size and disk order were. If the customer does some tinkering before coming to us, the metadata on the disks will no longer be original and then the trouble starts. The recovery from such a raid is therefore a lot more complex (and expensive) than an unencrypted raid and it therefore takes longer to recover the data.
If you still want to apply encryption at disk level, make sure then for a good backup!
Also applies to any encryption: Store the decryption keys carefully in a secure place (and not on the encrypted drives themselves!).