Hard drive encryption sounds like an intimating concept, mostly because it is. The thought of taking your precious files, then using a mathematical formula to convert them into random noise before scattering them back across your disk is a hard sell. The harsh reality is, mobile computing is on the rise, and so is laptop theft. Depending on who you ask, anywhere from 500,000 to over 1,000,000 laptops are lost or stolen in the US each year. In some cases, the data on the hard drive is often more valuable than the machine itself.
To determine if disk encryption is something you should be considering, simply ask yourself if your PC contains anything you wouldn’t want posted publically on the internet. If the answer to this is yes (and I assume for most of us it is) then encryption is worth considering.
What you’ll Need:
* A Windows/MAC/Linux PC
* A Backup of Your Data (Just a Precaution!)
*A Hard Drive (Or Any Detachable Media)
* 30 Minutes For Each 100 GB of Hard Drive
Space Encrypted (Estimate)
True Crypt Installer
Free, Version 6.1a or Better
– ISO Burning Software
The good news is you no longer need to be a member of the CIA to lock down your machine with government level encryption. In fact, one of the most highly regarded and powerful encryption tools available is both free, and open source (our favorite combination!) True Crypt allows you to protect either all your data, or only what you choose. You can mask your boot drive and sensitive documents, while leaving your games or other non generic data in the clear. While no encryption process is without risk, True Crypt is designed to put your mind at ease, and takes no chances with your data. The process can be reversed at any time even without being able to boot into windows.
So if you’re ready to get started click the jump to learn step by step how to protect your data.
1. Familiarize Yourself with the Tools and Determine what Kind of Protection you Need
Upon entering TrueCrypt you will notice that the interface is very simple and well laid out. The majority of the UI displayed on the main screen (shown above) has more to do with the primary focus of TrueCrypt up until version 5; the mounting and unmounting of encrypted file containers. These are for user’s who don’t feel the need to encrypt their entire drive. TrueCrypt allows you to create a single file which is essentially a huge blob of encrypted data. Using the above interface you are able to mount this file as volume which will appear to Windows as a standard drive. Once done, you will be able to read and write from the drive while TrueCrypt provides on the fly encryption/decryption.
This is an elegant solution if you merely wish to protect a group of files and not your entire partition. For super sensitive information this isn’t really your best bet however. If your primary drive is unencrypted, parts of files you are working with may be cached locally in non encrypted areas of the drive. Generally office suites will maintain a revision cache as a hidden file in the same directory as the original, but content can transparently jump into your windows swap file as well.
The most useful application for using this method is in conjunction with a USB key. By creating a blob of encrypted data and carrying around the truecrypt.exe file, you can securely transport data that is safe even if you lose your thumb drive.
2. Begin The Process Of Encrypting Your System Drive
Assuming that you’re ready to move ahead and encrypt your system drive, follow along through the next set of steps. If you determined based on section 1 that an encrypted container will suit your needs, you can simply click on Create Volume within the main screen. The steps that follow are very similar to what you find when you encrypt a system partition, so you can still follow along.
To start encrypting a system partition begin by clicking the System tab in the top left hand side of the window, then select Encrypt System Partition/Drive. The correct menu option is highlighted in the screen shot above.
The first choice you will have to make during the encryption process gives you a pretty good overview of just how many scenarios this suite was designed to handle. If you select the Normalsystem encryption, each and every sector of your hard drive will be converted to what looks like random noise and can only ever be read with your master password. Most people will want this option.
The Hidden encryption method actually allows you to create two mirror OS’s protected by different passwords. Using this method, should you be coerced into entering your password by a third party, you will have the option of using a password that presents them with a version of your OS which is completely insulated from the other. Applications for this feature for average citizens are somewhat limited, but 007 if you’re reading this section, this one is for you.
Generally if you’re using a home brewed PC it is safe to click Yes here, thereby allowing True Crypt to encode the host protected area. If you are using an OEM machine on the other hand, some of these systems store recovery data and RAID drivers in this area. The best way to determine if it is safe to encrypt the host area is to check and see if your system has any kind of built in recovery tools accessible during startup. If you do, and you cannot locate these files on a separate partition, your host area may be in use and shouldn’t be encrypted.
If you’re not sure it’s best to say No. The information stored in the host protected area is generally not sensitive and if you answer this one incorrectly your system may simply refuse to boot following the encryption. If you do answer this incorrectly and your system refuses to boot fear not, everything we are doing here can be undone outside of Windows. Worst case scenario is that you’re forced to decrypt using the rescuce CD and start over. This process is covered in the troubleshooting section. Answer the question to the best of your knowledge and click Next.
It is very important during this stage of the installation that you accurately identify if you are dual booting into multiple OS’s. Since TrueCrypt writes its own boot loader to the first sector of the drive, failure to answer this correctly will result in your boot loader being over written. Currently the only multi boot loaders that are support are the Windows MBL (this is default interface that automatically installs with Windows 2000, XP, or Vista) and the Linux alternative Grub.
If you select Multi-boot TrueCrypt will move your boot loader from the maser boot record to another sector on the hard drive, out of harm’s way. When you are ready to proceed, click Next.