I have a project that is in a highly secured environment and is governed by our PCI policies. The project will allow a user to log into a locked down Hyper V VM that is running Windows 2012 R2 server and open IE 11 to download WAV files from a second Apache server on the local subnet. The download directory has been redirected to a folder that is encrypted using EFS so all files are encrypted as well. Once the project time frame is complete the downloads are deleted with evidence provided that the files are removed. We can't securely erase the hard drives because multiple projects will be running at the same time. So it has been determined that a deleted file that was encrypted meets the security team requirements.
What my main concern is the actual download process of the file. I believe the file might be going to a temp folder in the users profile folder unencrypted before being copied over by the OS to the EFS encrypted folder. Thus leaving those unencrypted bits on the hard drive. At this point I don't know of any way of getting around this problem. 1. Has anyone successfully used EFS on the users iNetCache (or IE temp directory)? 2. Does anyone have any ideas on how to do this differently? Thank you in advance for any pointers, Eric
