What encryption does the platform use in AWS?

General

The default VPC and Subnet create an isolated environment to which customers can control access rights. When processing data, the / Forensic Acquisition and Investigation worker instances are launched within the same VPC as the main / Forensic Acquisition and Investigation instance. Worker instances are started using the same AMI as the main / Forensic Acquisition and Investigation instance as well.

AWS

During deployment, by default, an S3 bucket, a VPC and a Subnet are created for use by the / Forensic Acquisition and Investigation solution.

During deployment, a default S3 bucket for collections is created. This can be customized, including to use an existing bucket, but by default the created S3 Bucket is encrypted with server-side encryption using AES256 (SSE-AES256 - See Protecting data with server-side encryption. Attached EBS volumes are encrypted using KMS. Access to EFS/NFS is over TLS . Secrets are stored using AWS Secrets Manager.

Some settings can be customized, and you may wish to enable key rotation as well .