How to encrypt your hard drive with TrueCrypt

Encrypt-hard-driveIn today’s world, there is no such thing as “too much security”.  OK, maybe there is but taking a few extra precautionary measures to protect sensitive data helps me sleep a little better at night.  I don’t know about you, but I keep A LOT of data stored locally on my laptop.  Granted I back it up frequently, but what would happen if I left my laptop at a clients site, or if it was stolen?  Anyone with a password cracking utility can easily get past my Windows credentials and access my data, or even take my hard drive out of the laptop, and attach it as a external disk to their personal laptop.  So how do you prevent this from happening? Simple. 

If you are running Windows 7 ultimate or enterprise, then I would recommend using Windows BitLocker that is built right into the operating system of Windows 7 Ultimate or above.  If you are running Windows 7 Pro, XP etc, a great alternative is TrueCrypt.  TrueCrypt is a free OpenSource encryption software that you can use to encrypt your entire hard disk , or just have a single encrypted container within your operating system.  In this post, I will give you step-by-step instructions on how to encrypt your entire hard disk using TrueCrypt.

Step 1.) Download and install TrueCrypt from http://www.truecrypt.org/

Step 2.) Launch the installer and accept the license agreement

step1

 

 

 

 

 

 

 

 

Step 3.)  Select Install, and click next

step2

 

 

 

 

 

 

 

 

Step 4.)  Select all the desired check boxes, and click next

step3

 

 

 

 

 

 

 

Step 5.) Once everything has been installed, Click Finish

step4

 

 

 

 

 

 

 

 

Step 6.)  Launch TrueCrypt and select System –> Encrypt System Partition / Drive

step5

 

 

 

 

 

 

 

 

 

Step 7.)  Select NORMAL on the type of system encryption, and click next

step6

 

 

 

 

 

 

 

Step 8.)  Here you can select to encrypt the entire disk, or just the Windows partition.  If your system has a recovery partition that allows you to restore the operating system back to factory defaults, then you may want to select “Encrypt the Windows System Partition” In this example, we will encrypt the entire disk

step7

 

 

 

 

 

 

 

Step 9.)  Select no to encryption of the host protected area.

step8

 

 

 

 

 

 

 

Step 10.)  Select if you have  a single-boot or mutli-boot environment.  In this example, we will continue with single-boot and click next

step9

 

 

 

 

 

 

 

Step 11.)  Select the type of encryption you want to use. The default show be fine for standard installs of AES, AND ripemd-160.  If you have other special requirements , you can change them using the drop down menus.  Click next and continue.

step10

 

 

 

 

 

 

 

Step 12.) Select an encryption pass that the user will have to type when the system is turned on.  This password should be documented someplace safe. Click next when finished

step11

 

 

 

 

 

 

 

Step 13.) On the “Collect Random Data” screen, move your mouse around for a few seconds to generate the encryption keys. Once you are done, click next to continue.

step12

 

 

 

 

 

 

 

Step 14.) Once you receive confirmation that the header and master keys have been created, simple click next to continue.

step13

 

 

 

 

 

 

 

Step 15.) The setup program will ask you to create a rescure disk.  This rescue disk can be used to gain access to the system in the event a user forgets the encryption password, or something happens to the TrueCrypt bootloader. Save this ISO file in a safe location either on a network share, or burn to a CD. Select a location and click next.

step14

 

 

 

 

 

 

 

Step 16.)  Setup will not let you continue until it verifies the ISO file has been created.  Unless you want to burn the ISO, you can use a program like WinCDEMU to mount the ISO file as a drive letter.  Right Click the ISO file you saved, and click “Select drive letter and mount”  In this example, we are using WinCDEMU instead of burning a CD.

step15

 

 

 

 

 

 

 

Step 17.) Select the drive letter you want to use, and select OK.

step16

 

 

 

 

 

 

Step 18.) Once TrueCrypt has verified the ISO Rescue Disk, click next to continue

step17

 

 

 

 

 

 

 

Step 19.) Select the Wipe Mode to NONE.  Any other settings will completely erase your drive!  Click next to continue

step18

 

 

 

 

 

 

 

Step 20.) TrueCrypt is now ready to test the bootloader.  Click “TEST” to reboot the machine and make sure you can login using the encryption password you have selected.

step19

 

 

 

 

 

 

 

Step 21.)  Click YES to restart the computer now

step20

 

 

 

 

 

 

 

Step 22.) Once the system has rebooted, you will come to the TrueCrypt prompt where you can enter the password you have selected.  Enter it, and press enter when done

step21

 

 

 

 

 

Step 23.) Now that the test has completed, TrueCrypt will automatically launch and ask you to start encrypting the drive.  The time can vary depending on the size of the drive.  The average 250GB hard drive may take between 2 – 4 hours to complete.

step22

 

 

 

 

 

 

 

step23

 

 

 

 

 

 

 

I hope you found this useful.  I will also be creating a “how to” article for Windows BitLocker in the near future.

Nick

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s