TrueCrypt can also be used to password protect drive access. This can
either be portable drives, or the drives on a machine. We’ll be first
detailing how to completely encrypt a portable drive. The drive will
detect on all systems, but will display as being unformatted. To read or
write in the drive, you will have to mount it on another mount point in
the system, then enter the password. That is, if the portable drive is
allocated the drive letter G by the system, you will have to mount it
using TrueCrypt to drive letter H to be able to write and read from it.
Before encrypting the drive, copy all the data to another location.
Although TrueCrypt can keep the data on the drive, this is a longer
process. The data is moved around, the drive is encrypted, and the data
is moved back in. This is faster if the user does it. We will be showing
a method that deletes all the data in the drive, as it is considerably
faster and more practical.
Go to Volumes>Create New Volume in TrueCrypt. Select the
second option, Encrypt a non system partition/drive. Then click on Next.
Select the Standard TrueCrypt volume as the volume type. Then select a
partition or device. In this step, you can either choose an external
drive, or a drive where the operating system you are running is not
located. On most systems, this means everything but the C drive is ok to
go. Here, we are encrypting a thumb drive. Click on Next. Then select a
creation Mode. To save time and resources, choose Create Encrypted
volume and format it. Then click on next. The encrypt partition in place
should be used only when you have nowhere else to transfer the data to.
In that case, it’s a good idea to leave the operation overnight, and is
a little risky as you have to ensure that the power is supplied
throughout the operation. Next, select an encryption algorithm, and
click next. You will be prompted about the imminent loss of all data on
your drive. Agree, and continue. That is it, whether this is an external
drive, or a non-system partition, you will have to mount it using the
password and TrueCrypt, before it shows up in the list of drives on the
system.
TrueCrypt can also be used to encrypt a system volume, which is the
partition of the hard drive where the operating system is located. Doing
this is a little risky, because if you forget the password, you won’t
be able to boot up your machine. Go to Volume>Create New Volume,
and select the third option, which is “Encrypt the system partition or
entire system drive”. Choose “Normal” as against “Hidden”. The “Hidden”
option creates a fake encrypted Operating System. There will be two
hidden and encrypted Operating System on the system, and you can reveal
one of these under force.
Now there are two options. The first option allows you to encrypt
just the partition of the hard drive where the operating system is
located. The second option allows you to encrypt not just the partition
where the operating system is located, but all the partitions on the
drive where the operating system is located. There is no option to
encrypt all the drives in the hard disk, because this can be done
through the Operating System later on. TrueCrypt does this by installing
a small bootloader in the hard drive, which requires the password to be
entered before the Operating System boots up. Click on Next. The next
Window gives users a choice on encrypting the host protected area of the
Operating System. This is usually where the backup data is located, or
some such functionality in Laptops and on some Desktops. The safest
option here is to select No. The next screen is for advanced users. Most
users can select single boot. However, if your machine has more than
one operating system installed, select Multi-boot. TrueCrypt is cross
platform, so the same method can be used from a Linux Operating System
to encrypt and password protect a Windows installation on the same
machine. Note that, in case of multi- boot, the other Operating System
need not be located on the same hard drive as the one being encrypted,
this option is just so that the TrueCrypt bootloader is configured
correctly.
The next step is to choose the encryption algorithm. Choose an
cipher, and click on Next. Then, key in a password. If you choose to use
a keyfile at this point of time, the keyfile will have to be selected
before system load from an external device. This means that every time
the Operating System has to be booted, there has to be a USB drive
plugged in to the system. This is very secure, but if you lose the
keyfile, you will lose access to your data as well. The next step
generates encryption keys using random data. Just move the mouse
randomly for some time, and click on next. The next window allows you to
create a rescue disc in case you lose your keyfile. This operation
basically allows you to restore the system to the current state. This is
necessary in case your keyfile gets corrupt, the bootloader gets
corrupt, or the Windows installation becomes unusable or infected by
malware. The rescue disc is an iso image that must be burned on, which
is a bootable disk. Burn the iso image before proceeding with the
encryption. Don’t burn the image on the DVD itself, but burn the files
inside the iso, that is open the iso file using a DVD burning software,
and proceed.
You will have to burn the disc, put it in the tray, and click on
Customize the bootloader. Click on Next. You get to customize the
bootloader now. Enter some text for the password prompt. This can be
anything that you prefer. Click on Next, and the encryption process
starts. This will take some time. The next time you boot the operating
system, you will be prompted for a password...
No comments:
Post a Comment