It’s a pretty common scenario in television cop shows where the cops swoop in, grab the computers, and then before you know crack it wide open like some sort of cyber lobster. There’s a slight problem with that whole idea though as a joint US and UK research team found out.
Seriously. It seems that even using the most common forms of hard drive encryption is enough to stop all levels of law enforcement, from your local police to some alphabet soup agency dead in their tracks. While there are a number of things that law enforcement can do to get around the problem the basic fact is that once a drive has been encrypted there is very little they can do to open up the data.
I am sure this is something that the police and other agencies don’t want to get out there because it would make an already difficult job even harder but as the researchers said in their paper; “The Growing Impact of Full Disk Encryption on Digital Forensics” in the Digital Investigation magazine FDE can significantly hamper digital investigations.
They also say that in order to address this challenge there needs to be more effective on scene capabilities to detect and preserve encryption before pulling the power plug on seized computers.