File Encryption for Law Enforcement Officers Email – (7-Zip, BCArchive)

File Encryption for Law Enforcement

In one of my previous posts, File Encryption for Law Enforcement Officers – VeraCrypt, I went over on how to create an encrypted container on portable thumb drives and other external media, to protect your sensitive data. But what about sending emails which contains sensitive files, documents, images, movies, etc…. This could apply to sending confidential case reports, evidenciary images and/or movies? You could use VeraCrypt to create a container, and then email the container to the other party, but they would have to have VeraCrypt installed on their device.

7-Zip

One program I use to encrypt files to send via email is 7-Zip, which is free open source software and recognized as a strong encryption program to create encrypted archives, or Zip files. You can download 7-Zip for free by the link below.

Example: I have a case involving a Sexual Battery involving an minor where I want to send a Child Protection Investigator the current case file as it stands and some images of the victim’s injuries. The files are absolutely protected and such data must be protected in the interest of the victim, policy and procedures. The typical process would be the CP Investigator would have to request a copy of the report via records, show up at the records department, and get a copy of the report. I do know many agencies will send reports  and documents via email and are absolutely violating best usage and policy by sending this type of information via normal email. Since my agency hosts images on another server off site, the investigator would have to also make a request for the images at that location. Since I have both the report, images, and any other attachments, why not archive them and send the files encrypted? Even if the email is intercepted or viewed by unauthorized personnel (IE the Evil IT Department, or even worse, hackers), it would be impossible for them to view the archive without a valid encryption key or password, which you will give the recipient in person, or via telephone.

7-Zip Use

Using the example of having to send these files via email, I first created a directory of the files I want to compress and encrypt. In this example, I created a Directory called 7-Zip Example and included the image files used for the VeraCrypt tutorial.

7-Zip File Listing

Once 7-Zip is installed, it will install a Right Click Contextual Menu where when you right click on files, 7-Zip options will appear. Next I would either hit Control A (Select All) or manually select all files in the sub-directory which I created, of the files I want to include in the encrypted archive. Once all or the files you have selected are highlighted, Right Click and select 7-Zip, then “Add To Archive”.

7-Zip Add To Archive

7-Zip will now open and will now include the files you have selected into the current archive. Once 7-Zip opens, make sure the following is set:

  1. Archive format: zip
  2. Compression Level: Ultra
  3. Encryption: Enter your Password, and Re-Enter your password.
  4. Encryption Method: AES-256 (This is the approved strength of the United States Secret Service)

7-Zip Create Archive

Once you hit “OK” and set the above listed parameters, the system will create the archive. The beauty of the 7-Zip software is the Encrypted Archive is compatible with most operative systems, does not need to create an executable for the archive, and is accepted in the forensic community.

Now simply attach the created archive to your email, and send away! Once the person you send the encrypted archive to receives the email, they simply have to download the file, and open the file with their operating system, or their favorite Zip Archive software. You should never send the password / encryption key with the email being sent, and should always call or text the person you are sending the email message to, with the password / encryption key. One negative downfall of this way to send encrypted archives if that the end user / third party can see the files names without the encryption key or password, but will not be able to see any of the files contents.

7-Zip Encrypted File Archive Listing

Creating SFX / Self Executable Encrypted Archives

The above listed example requires some type of Zip file compression software, where you can input the encryption key or password for the encrypted archive. You can of course create a SFX / Self Executable Archive where once sent via email, the end user can open the encrypted archive without the need for the operating system or compression utility.

Just as before, select the files in your Directory and when you click on “Add to Archive”, enter the options as follows:

  1. Archive Format: 7z
  2. Compression: Ultra
  3. Options: Check “Create SFX Archive”
  4. Enter your password and re-enter your password.
  5. Encryption Method: AES-256 (Federal Government Standard)
  6. Check Encrypt File Names

The nice thing is that now the file names are encrypted as well as the contents of the files, and any user on a Windows PC can open the self-executable encrypted archive, once created.

7-Zip SFX Options

Now when the recipient or end user opens the file, they will get a prompt from the self-executing archive which is encrypted, for the password and/or the encryption key.

7-Zip Password Screen

BCArchive (Best Crypt)

BCArchive is another software option for sending encrypted archives, which is SFX / self-executing archives. You can download the free archive utility below:

Just like using 7-Zip and after installing the BCArchive software, it will add a Right Click Windows contextual menu. After selecting the files you want archive and encrypt, Right Click on the file(s), and select “Add To ” and the file name that the system selects for you. You will be able to change this after the archive is created by simply renaming the file.

BCArchive Add To

Once the BCArchive software is open and prompting you for a password, enter your password twice.

BCArchive Passwords

Just like VeraCrypt, BCArchive will ask you to move your mouse in the current window to crate a random seed. Do this until the progress bar reaches the end, and click on “OK” to create the BCArchive.

BCArchive Random Seed

Hold On!!!!! Now that it has created the BCA (File Extension .bca) archive how will the end user, or the email recipient open the encrypted archive? Once the volume has been created, simply “Right Click” on the created archive / .bca file, and select “Make Self Extracted” with the BCArchive icon next to it.

BCArchive Self Extracted

Now you will have a self-executable SFX archive using BCArchive, which can be sent to another end user, which will require a password to decrypt the archive / files sent to the user, and cannot be read or viewed by any third party without the password or encryption key.

Wait a minute!!!! You might be thinking about the limitations of email, where most email services and email software will not allow the sending or receiving executable files, even if they are archives. This is definitely a problem. Most people will just rename the the file with the extension of their choice to mask the executable file from email filters. Most importantly, I never send executable files via email as there are always problems and I use services like DropBox and OneDrive to send these types of files. More importantly, since the files are encrypted, even if there is a third party which can intercept or view the file, they will not be able to view it with a good password.

Warning: Even though I provide many tips on this site always refer to your agency’s policy & procedures in sending sensitive or classified information. I would bet though as I have found, many agencies do not have policies which address the sending of classified or sensitive files. If this IS THE case, always use good judgement. My next article will address the importance of the use of DropBox and OneDrive, involving File Encryption, and the sending and receiving of classified or sensitive documents.

Share:

Leave a Reply

Your email address will not be published. Required fields are marked *