Standard procedures used by law enforcement for evidence preservation require removing power from the computer and going further analysis in a digital forensics laboratory. With the advent of easy to use, highly accessible hard drive encryption, access to potential evidence becomes much more volatile problem than in the past. This paper will look at several encryption methods available on the commercial market, discuss their impact on current best practices for hard drive recovery, and propose new procedures to deal with the possibility of encrypted information on a target computer
