Full Disk Encryption (FDE)

Security+ 🏆 • Cryptography 🔒 • Security Operations 🛡️ • Difficulty: premium

Definition

Full Disk Encryption encrypts all data on a storage drive so it cannot be read without the correct key, even if the device is lost or the drive is removed. It protects data at rest by ensuring the disk contents are unusable to someone who does not have the decryption keys.

Examples

A company requires BitLocker on all Windows laptops so a stolen device does not expose customer data.
A developer uses FileVault on a MacBook so source code remains protected if the laptop is lost during travel.

Discover 🔎

When a laptop is stolen, the attacker does not usually try to log in like a normal user. They try to read the drive directly by removing it, booting from a USB stick, or attaching it to another system. Full Disk Encryption is designed for exactly this scenario. It makes the entire disk unreadable without the correct keys, which protects sensitive data even when the device is physically in the wrong hands.

Remember: Full Disk Encryption protects data at rest. It does not stop phishing, malware, or data theft after an attacker has logged in as a valid user.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.