diff --git a/tsk/auto/auto.cpp b/tsk/auto/auto.cpp
index 03a2323da51af56fdf060fd3bdedfd0e7ded254a..8f633247d8159c1357f4e5943a84317080183805 100755
--- a/tsk/auto/auto.cpp
+++ b/tsk/auto/auto.cpp
@@ -322,8 +322,12 @@ TskAuto::findFilesInVs(TSK_OFF_T a_start, TSK_VS_TYPE_ENUM a_vtype)
     TSK_VS_INFO *vs_info;
     // Use mm_walk to get the volumes
     if ((vs_info = tsk_vs_open(m_img_info, a_start, a_vtype)) == NULL) {
-        /* we're going to ignore this error to avoid confusion if the
-         * fs_open passes. */
+
+        /* If the error code is for encryption, we will register it. Otherwise,
+         * ignore this error to avoid confusion if the fs_open passes. */
+        if (tsk_error_get_errno() == TSK_ERR_VS_ENCRYPTED) {
+            registerError();
+        }
         tsk_error_reset();
 
         if(tsk_verbose)
diff --git a/tsk/auto/is_image_supported.cpp b/tsk/auto/is_image_supported.cpp
index 95f9448daa0e2847b4b559341b7b21ff97ea4cef..ec9d4f8b88f3b6eab05cce6d2b07fbbbae7b2954 100644
--- a/tsk/auto/is_image_supported.cpp
+++ b/tsk/auto/is_image_supported.cpp
@@ -71,7 +71,8 @@ uint8_t TskIsImageSupported::handleError()
     TSK_ERROR_INFO* lastError = tsk_error_get_info();
     if (lastError != NULL) {
         uint32_t errCode = lastError->t_errno;
-        if (errCode == TSK_ERR_FS_ENCRYPTED) {
+
+        if (errCode == TSK_ERR_FS_ENCRYPTED || errCode == TSK_ERR_VS_ENCRYPTED) {
             tsk_error_print(stdout);
             m_wasEncryptionFound = true;
         }
diff --git a/tsk/base/tsk_base.h b/tsk/base/tsk_base.h
index d9e5604da5d761dc3dc3ea61a9343bf5f3325045..3a2f2fcb7573564b848454e8b42ceefd01b8d505 100644
--- a/tsk/base/tsk_base.h
+++ b/tsk/base/tsk_base.h
@@ -332,7 +332,8 @@ extern "C" {
 #define TSK_ERR_VS_BUF		(TSK_ERR_VS | 5)
 #define TSK_ERR_VS_BLK_NUM	(TSK_ERR_VS | 6)
 #define TSK_ERR_VS_ARG	    (TSK_ERR_VS | 7)
-#define TSK_ERR_VS_MAX		8
+#define TSK_ERR_VS_ENCRYPTED    (TSK_ERR_VS | 8)
+#define TSK_ERR_VS_MAX		9
 
 #define TSK_ERR_POOL_UNKTYPE    (TSK_ERR_POOL | 0)
 #define TSK_ERR_POOL_UNSUPTYPE  (TSK_ERR_IMG | 1)
diff --git a/tsk/base/tsk_error.c b/tsk/base/tsk_error.c
index 20965db5c7acabcaa34d0d4e3b268c6ee7de871b..cda9c369397ce2bb639415eab431cbb6a15e6fcc 100644
--- a/tsk/base/tsk_error.c
+++ b/tsk/base/tsk_error.c
@@ -55,6 +55,7 @@ static const char *tsk_err_mm_str[TSK_ERR_VS_MAX] = {
     "Invalid buffer size",      // 5
     "Invalid sector address",
     "Invalid API argument",
+    "Encryption detected",
 };
 
 static const char *tsk_err_fs_str[TSK_ERR_FS_MAX] = {
diff --git a/tsk/util/detect_encryption.c b/tsk/util/detect_encryption.c
index ebe81d7ec2c3ee6d308749c3450fed716882e534..1464f130d0f5dc54ee261a20ffda361c49473ab5 100644
--- a/tsk/util/detect_encryption.c
+++ b/tsk/util/detect_encryption.c
@@ -40,14 +40,65 @@ detectBitLocker(const char * buf, size_t len) {
 
     // Look for the signature near the beginning of the buffer
     const char * signature = "-FVE-FS-";
-    return detectSignature(signature, strlen(signature), 0, 32, buf, len);
+    return detectSignature(signature, strlen(signature), 0, 16, buf, len);
 }
 
-// Returns 1 if FileVault is found, 0 otherwise
+// Returns 1 if FileVault signature is found, 0 otherwise
 int
 detectFileVault(const char * buf, size_t len) {
-    // Look for the signature near the beginning of the buffer
     const char * signature = "encrdsa";
+    return detectSignature(signature, strlen(signature), 0, 0, buf, len);
+}
+
+// Returns 1 if Check Point signature is found, 0 otherwise
+int
+detectCheckPoint(const char * buf, size_t len) {
+    // Look for the signature near the beginning of the buffer
+    const char * signature = "Protect";
+    return detectSignature(signature, strlen(signature), 80, 100, buf, len);
+}
+
+// Returns 1 if McAfee Safeboot signature is found, 0 otherwise
+int
+detectMcAfee(const char * buf, size_t len) {
+    // Look for the signature near the beginning of the buffer. Check two capitalizations.
+    const char * signature = "Safeboot";
+    const char * altSignature = "SafeBoot";
+    return (detectSignature(signature, strlen(signature), 0, 32, buf, len)
+        | detectSignature(altSignature, strlen(altSignature), 0, 32, buf, len));
+}
+
+// Returns 1 if Guardian Edge signature is found, 0 otherwise
+int
+detectGuardianEdge(const char * buf, size_t len) {
+    // Look for the signature near the beginning of the buffer
+    const char * signature = "PCGM";
+    return detectSignature(signature, strlen(signature), 0, 32, buf, len);
+}
+
+// Returns 1 if Sophos Safeguard signature is found, 0 otherwise
+int
+detectSophos(const char * buf, size_t len) {
+    // Look for the signature near the beginning of the buffer
+    const char * signature = "SGM400";
+    const char * altSignature = "SGE400";
+    return (detectSignature(signature, strlen(signature), 110, 150, buf, len)
+        | detectSignature(altSignature, strlen(altSignature), 110, 150, buf, len));
+}
+
+// Returns 1 if WinMagic SecureDoc signature is found, 0 otherwise
+int
+detectWinMagic(const char * buf, size_t len) {
+    // Look for the signature near the beginning of the buffer
+    const char * signature = "WMSD";
+    return detectSignature(signature, strlen(signature), 236, 256, buf, len);
+}
+
+// Returns 1 if Symantec PGP signature is found, 0 otherwise
+int
+detectSymantecPGP(const char * buf, size_t len) {
+    // Look for the signature near the beginning of the buffer
+    const char * signature = "\xeb\x48\x90PGPGUARD";
     return detectSignature(signature, strlen(signature), 0, 32, buf, len);
 }
 
@@ -167,5 +218,94 @@ detectVolumeEncryption(TSK_IMG_INFO * img_info, TSK_DADDR_T offset) {
     return result;
 }
 
+/**
+* Detect full disk encryption in the image starting at the given offset.
+* May return null on error. Note that client is responsible for freeing the result.
+*
+* @param img_info The open image
+* @param offset   The offset for the beginning of the image TODO TODO do we need this??
+*
+* @return encryption_detected_result containing the result of the check. null for certain types of errors.
+*/
+encryption_detected_result*
+detectDiskEncryption(TSK_IMG_INFO * img_info, TSK_DADDR_T offset) {
+
+    encryption_detected_result* result = (encryption_detected_result*)tsk_malloc(sizeof(encryption_detected_result));
+    if (result == NULL) {
+        return result;
+    }
+    result->encryptionType = ENCRYPTION_DETECTED_NONE;
+    result->desc[0] = '\0';
+
+    if (img_info == NULL) {
+        return result;
+    }
+    if (offset > (uint64_t)img_info->size) {
+        return result;
+    }
+
+    // Read the beginning of the image. There should be room for all the signature searches.
+    size_t len = 1024;
+    char* buf = (char*)tsk_malloc(len);
+    if (buf == NULL) {
+        return result;
+    }
+    if (tsk_img_read(img_info, offset, buf, len) != len) {
+        free(buf);
+        return result;
+    }
+
+    // Look for Symatec PGP signature
+    if (detectSymantecPGP(buf, len)) {
+        result->encryptionType = ENCRYPTION_DETECTED_SIGNATURE;
+        snprintf(result->desc, TSK_ERROR_STRING_MAX_LENGTH, "Symantec PGP encryption detected");
+        free(buf);
+        return result;
+    }
+
+    // Look for McAfee Safeboot signature
+    if (detectMcAfee(buf, len)) {
+        result->encryptionType = ENCRYPTION_DETECTED_SIGNATURE;
+        snprintf(result->desc, TSK_ERROR_STRING_MAX_LENGTH, "McAfee Safeboot encryption detected");
+        free(buf);
+        return result;
+    }
+
+    // Look for Sophos Safeguard
+    if (detectSophos(buf, len)) {
+        result->encryptionType = ENCRYPTION_DETECTED_SIGNATURE;
+        snprintf(result->desc, TSK_ERROR_STRING_MAX_LENGTH, "Sophos Safeguard encryption detected");
+        free(buf);
+        return result;
+    }
+
+    // Look for Guardian Edge signature
+    if (detectGuardianEdge(buf, len)) {
+        result->encryptionType = ENCRYPTION_DETECTED_SIGNATURE;
+        snprintf(result->desc, TSK_ERROR_STRING_MAX_LENGTH, "Guardian Edge encryption detected");
+        free(buf);
+        return result;
+    }
+
+    // Look for Check Point signature
+    if (detectCheckPoint(buf, len)) {
+        result->encryptionType = ENCRYPTION_DETECTED_SIGNATURE;
+        snprintf(result->desc, TSK_ERROR_STRING_MAX_LENGTH, "Check Point full disk encryption detected");
+        free(buf);
+        return result;
+    }
+
+    // Look for WinMagic SecureDoc signature
+    if (detectWinMagic(buf, len)) {
+        result->encryptionType = ENCRYPTION_DETECTED_SIGNATURE;
+        snprintf(result->desc, TSK_ERROR_STRING_MAX_LENGTH, "WinMagic SecureDoc encryption detected");
+        free(buf);
+        return result;
+    }
+    printf("No disk encryption found\n");
+    fflush(stdout);
+    free(buf);
+    return result;
+}
 
 
diff --git a/tsk/util/detect_encryption.h b/tsk/util/detect_encryption.h
index eb58578d830d325d3aebc3fac72a06fbdf7ee8c4..1c60137fd055929341479e4c4e7a2a1f653c15ee 100644
--- a/tsk/util/detect_encryption.h
+++ b/tsk/util/detect_encryption.h
@@ -31,4 +31,6 @@ typedef struct encryption_detected_result {
 
 encryption_detected_result* detectVolumeEncryption(TSK_IMG_INFO * img_info, TSK_DADDR_T offset);
 
+encryption_detected_result* detectDiskEncryption(TSK_IMG_INFO * img_info, TSK_DADDR_T offset);
+
 #endif
\ No newline at end of file
diff --git a/tsk/vs/mm_open.c b/tsk/vs/mm_open.c
index f8bdce2e9759ad7c7a9b174003436608c6b46029..49f0c00d64598b537a67f68b5ede639be9761f67 100644
--- a/tsk/vs/mm_open.c
+++ b/tsk/vs/mm_open.c
@@ -15,6 +15,7 @@
  */
 
 #include "tsk_vs_i.h"
+#include "tsk\util\detect_encryption.h"
 
 
 /**
@@ -175,7 +176,22 @@ tsk_vs_open(TSK_IMG_INFO * img_info, TSK_DADDR_T offset,
 
         if (vs_set == NULL) {
             tsk_error_reset();
-            tsk_error_set_errno(TSK_ERR_VS_UNKTYPE);
+
+            // Check whether the volume system appears to be encrypted.
+            // Note that detectVolumeEncryption does not do an entropy calculation - high entropy 
+            // files will be reported by tsk_fs_open_img().
+            encryption_detected_result* result = detectDiskEncryption(img_info, offset);
+            if (result != NULL) {
+                if (result->encryptionType == ENCRYPTION_DETECTED_SIGNATURE) {
+                    tsk_error_set_errno(TSK_ERR_VS_ENCRYPTED);
+                    tsk_error_set_errstr(result->desc);
+                }
+                free(result);
+                result = NULL;
+            }
+            else {
+                tsk_error_set_errno(TSK_ERR_VS_UNKTYPE);
+            }
             return NULL;
         }