Howto Encrypt your Harddrive in Microsoft Windows

(updated )

Some versions of Windows 7 include Bitlocker, a utility which allows you to encrypt the system drive. This, however, is of little use to those not running the 'Ultimate' version of Windows 7. There is, however, a free alternative – TrueCrypt. TrueCrypt supports Windows 2000/XP/Vista and 7.

This walkthrough will show you how to encrypt your entire harddrive so that should your laptop be lost, an attacker will be unable to access your sensitive information (unless, of course, you left the laptop powered on!)

 

  1. Visit http://www.TrueCrypt.org and download the latest version

  2. Run the installer

  3. When asked, it's strongly recommended that you create a System Restore Point.

  4. Once installation has completed, run TrueCrypt

  5. Press the “Create Volume” button

  6. Select “Encrypt System Drive

  7. Choose “Normal

  8. Choose “Encrypt the Whole Drive

  9. Don't Encrypt the Host Protected Area

  10. Set Encryption Algorithm to AES

  11. Leave Hash Algorithm at the default (RIPEMD-160)

  12. Set and confirm a password (See Bootnote 1)

  13. Move mouse to help randomise the cryptographic pool (the more random your movements, the better)

  14. Set the Rescue CD to save to the Desktop (or somewhere you can easily find it)

  15. Burn the Image to CD (see here if you don't have burning software)- Bootnote 2

  16. Choose a Wipe mode (A higher number of passes is more secure, but takes longer. Do Not select 'No Wipe' unless you have had no sensitive files on the system yet)

    Enter TrueCrypt Password

  17. TrueCrypt will restart your computer

  18. Enter the password you set in step 12 (the system may take a couple of seconds to begin booting)

  19. TrueCrypt will load once the system is booted - Press Encrypt

  20. Leave the system to it (May take a few hours - Bootnote 3).

 

 

 

When Things Go Wrong: The TrueCrypt Rescue CD

The law of averages guarantees that at some point, something will go wrong for someone, somewhere. This is why it's so important to store the rescue CD somewhere safe.

To use the CD;

  1. Place it in the CD Drive
  2. Check your BIOS settings allow booting from CD
  3. Restart the PC
  4. Enter your TrueCrypt Password
  5. System Boots.

Alternatively, you can utilise the other options offered by the rescue disk, including;

  • Decrypt the volume
  • Restore the TrueCrypt Bootloader
  • Restore the Original Bootloader
  • Restore Volume Header

All of the above are only possible if you know the TrueCrypt password we set in Step 12. Unfortunately, if you don't have the password you've no realistic option but to wipe the drive, re-install and start again.

 

 

Bootnotes


1. Password Strength

The standard rules on password strength apply - no dictionary words, mix of lowercase and uppercase. Keep in mind that this password is intended to deny access to everything that you've stored on the harddrive. If you've stored passwords to various services in your web-browser, this password could be the only thing preventing the attacker from gaining unfettered access to your accounts.


2. Rescue CD

Keep the Rescue CD somewhere very safe. You'll need it if and when things go wrong. When deciding where to store it, keep in mind that an attacker could potentially use it to bypass TrueCrypt, so putting it in your laptop bag is not recommended!

 

3. Encryption Time

If, for some reason, you're unable to leave your computer running for that long, you can click the 'Defer' button to interrupt the process. You can then shutdown/restart your PC as necessary and resume the process when it is more convenient. To do this, load True Crypt, select the volume in the top of the window and choose Volume --> Resume Interrupted Process

Share this post on Twitter Share this post on Reddit Share this post on LinkedIN Share this post via Whatsapp Share this post via Telegram Share this post via QQ Share this post via Email