Incidents of data theft and related losses are becoming more and more frequent for corporate and individual computer users. Data encryption continues to be a viable solution to preventing unauthorized access to confidential information. One of the more effective forms of data encryption is full-drive encryption, in which the entire drive content is encrypted as a whole. In this case, access to specific files of an encrypted drive is performed by decrypting data “on-the-fly”, i.e., specific sectors of the drive containing the requested file are decrypted in the random access memory, while the whole drive remains encrypted. Once the work with the file is finished, the file is encrypted “on-the-fly” as well—the file is split in parts equal to the drive sector size; these parts are encrypted and saved to the drive.
The process of initial encryption of the entire drive requires significant computing resources of the processor, causes increased wear of the drive and can take a long time (from a few hours to several days or even weeks). The drive data are split into segments of a pre-defined size, then each segment is separately encrypted and saved to the drive. The encryption operation generally involves reading a segment from the drive into memory, applying a computational algorithm to the segment of data to convert the data into an encrypted representation, then writing the encrypted segment of data back to its original location on the drive.
If, during this process, a system fault occurs, such as an unexpected stoppage of the operating system, sudden loss of power, or the like, the drive contents may become lost or corrupted since a portion of the data would be encrypted while another portion remains in its plain form, i.e., non-encrypted, and it is unknown which portion is which. A mechanism is needed to enable data recovery of partially-encrypted drives that are in a state following a sudden interruption of the full-drive encryption process.