• http://www.randyjensenonline.com/blog/?p=326 User Question: Whats Your Favorite Application/Tool/Algorithm & What Files Do You Protect? : Randy Jensen Online

  [...] say, I eat my own dogfood:). I also encrypt any thumb drives that I carry with me. You can learn to encrypt your entire hard drive and your thumb [...]

• http://www.panthersweat.com Panther

  Well done! I'll be waiting for the back up strategy!

• http://randyjensenonline.com randyjensen

  Hey Panther!

  Thanks for reminding me that I need to write a new post on backing up. I completely forgot :S Glad you enjoyed this tutorial!

• Bob

  This is the best tutorial I have seen! Thank you. Two questions:

  1) Roughly how long will it take to encrypt a 100GB directory?
  2) How long does it take to open a file once the directory holding the file is encrypted (assuming a 100GB directory)? In other words, is day-to-day use really slowed down on an encrypted directory or partition?

• http://randyjensenonline.com randyjensen

  Hey Bob, glad you enjoyed the tutorial!

  1) I can't give you an exact, but I would expect around an hour
  2) The amazing thing about TrueCrypt is the database that is used on the backend actually SPEEDS up read/write times! The TrueCrypt guys are unbelievably good at what they do:)

  Hope this helps!

• Jim

  Hi Randy,
  Great post. Just two questions… where do you choose to keep your rescue disk? Obviously, for security reasons, you shouldn't keep it in the same location as the drive, right? Secondly, do you keep the rescue disk ISO on your encrypted drive after burning the rescue disk? I'm guessing that's okay, since it is encrypted also. Once again, thanks for the great post!

• http://randyjensenonline.com randyjensen

  Thanks Jim!

  The rescue disk itself isn't really that valuable to anyone but me. You still need my passphrase to get into my system even with the disk. So it doesn't matter per se if the disk is in the same place as the computer .

  I do, however, store mine in several places. I have one cd at home and work as well as the .iso stored in the cloud so I can access it from anywhere if need be. This gives you a backup at home, an offsite backup and a third party offsite backup.

  I actually do not keep my rescue disk on my encrypted computer anywhere. There's nothing wrong with doing this (if you want to use it as one backup method), but the point of the disk is to save the system if the encrypted boot sector gets corrupt, or there is a malware issue. So if you can't boot the system, you're S.O.L.

  'But what if you lose the original disk?' You can always re-run the rescue disk iso from truecrypt if you need to. You should also have several backups like I stated above.

  Hope this helps!

• http://my.opera.com/Histakel Histakel

  Thank you very much for your whole disc encryption tutorial. I think I am going to encrypt all the computers in our family, privacy is our right, not a crime

  And go on doing your great job, from now on your posts will appear in my RSS reader

• http://randyjensenonline.com randyjensen

  Hey Histakel,

  Glad you found it helpful! Privacy is most certainly a right!

  Hopefully I'll have some time in the future to show you how to create hidden partitions to be even more secure:-)

• maxmetallica

  Clear,simple and just in a snap this tutorial taught me to do an drive encryption.Thanks dude!!..I have a 8gb Transcend pendrive .In that,they gave transcend elite software which contains a pack of small softwares and “data encryption” was one of them.But it was very horrible.After encrypting ,accessing those files will take lots of time(like decrypting and to normal file).One day i found True crypt on download.com.I thought of giving it a try.After installing ,the entire gui of the true crypt software was like MSpaint…lol.Encryption was damn simple and yet accesing those files are also resonably fast…just my exp …thanks dude!

• http://randyjensenonline.com randyjensen

  Hey maxmetallica,

  You are very welcome! It sounds like you may want to check out my tutorial about encrypting thumb drives with TrueCrypt as well ( http://www.randyjensenonline.com/blog/?p=325 ).

  You're dead on. The encryption should actually speed up Windows read/write times a bit. The GUI takes a second to get used to, but once you do, it's very intuitive and simple to use.

• Alex

  Hi

  Sorry for my bad english. I want to now if you can encrypt mac os x 10.5 leopard like windows that you have don whith TruCrypt.

• http://randyjensenonline.com randyjensen

  Hey Alex,

  Yes. With the new TrueCrypt 5.1, you can encrypt volumes on 10.4 Tiger and 10.5 Leopard. I'll admit I've never done it personally, but I've heard good things from friends. Good luck!

  Here's the download link http://www.truecrypt.org/downloads.php

• Alex

  Thansk for youre help, i have download it and instald it but i dont now how to juse it, do you now vere i can get instruktiones for incrypying my mac

• http://randyjensenonline.com randyjensen

  The UI should be very similar to the Windows UI. I would see if you can use my tutorial to work for the Mac. I'm sure there will be some differences, but overall TrueCrypt should function very similarly.

• Alex

  Sorry for beaing a pain but when i yuse truecrypt i can only find create volume and there is only tow choses hiden and create a standard truecrypt volume. when you prosed it forses you yo format the entaier disk. I cant find enywhere encrypt like on ne 5 in youre instruktions. thans agin for everything

• http://randyjensenonline.com randyjensen

  No problem at all Here's how you do it:

  1) Click 'Create Volume'
  2) Click 'Create a Standard TrueCrypt Volume'
  3) Click 'Select Drive' and choose your hard disk ( mine is showing as /dev/rdisk0 )
  4) Click 'Next' and you will get a warning. Click 'Yes'

  Let me know if that gets you going!

• http://torradeira.net Daniel

  amazing!!! Encryption is on! 2.439% 8 hours to finish

  DOD or NSA would have trouble getting in (unless of course there was water boarding involved).

  wath water boarding means??
  greetingz from Brazil

• http://randyjensenonline.com randyjensen

  Hey Daniel, glad you got it working!

  You can read about waterboarding here: http://en.wikipedia.org/wiki/Waterboarding. It's basically a torture technique that is incredibly effective at getting information from people (and also, incredibly inhumane).

  I guess it was a bad joke that didn't translate well to my overseas readers…sorry

• http://torradeira.net daniel

  Randy,

  its me again daniel from Brazil =]

  just to say that i have translated this tutorial to portuguese and put into my blog!!

  take a look :
  http://torradeira.net/criptogrando-seu-hd-intei...

  i add a link to this tutorial a thankz for u

  cya!!

• http://randyjensenonline.com randyjensen

  Excellent! Thanks for taking the time to do that and for the linkback!

• http://torradeira.net/criptogrando-seu-hd-inteiro-windows/ Criptogrando seu HD inteiro (Windows) | torradeira.net

  [...] Traduzido/Adptado de: http://www.randyjensenonline.com/blog/?p=323 [...]

• charles

  very impressive tutorial thanks. Am going to try to encrypt my new samsung netbook. Hopefully it won't majorly slow boot times etc.

• charles

  very impressive tutorial thanks. Am going to try to encrypt my new samsung netbook. Hopefully it won't majorly slow boot times etc.

• joe

  Very nice Article!
  “This will also install the TrueCrypt boot loader on the boot sector of your hard drive. This is a major reason why this encryption is so great. There is virtually no way to boot into the Windows file system without having the decryption key.”
  What do you mean by that(Virtually)?

  Can the files only be read/accessed if the Boot-Sector is decrypted?

• http://randyjensenonline.com randyjensen

  Hey Charles,

  Glad it worked for you. The guys that did TrueCrypt spent a lot of time making sure the encryption won't slow down the computer. In fact, there was a study that showed a Windows computer actually running faster after the encryption because of the database that they used.

• http://randyjensenonline.com randyjensen

  Thanks Joe! Yes. If someone were to pull that drive and stick it into another computer they wouldn't be able to read it. Or even if they had the resources to look at the bits on the drive, they would all be completely random.

  This boot loader is incredibly important to the security of the drive after it's encrypted. It's also the reason that TrueCrypt makes absolutely certain that you've created a rescue disk. With this disk, you can unencrypt the drive without having to hit the boot loader.

  I actually just updated my BIOS the other day and Windows kept giving me a BSOD, meaning I never got to the boot sector of the drive. I had to use my rescue disk to unencrypt the drive, and then use a Linux live cd to read and backup the contents of the drive.

  Hope this helps!

• Wim

  Nice article,

  I encrypt my whole drive, but still have a question.

  When I make a mapping to the encrypted drive from another pc, I can still see alle the files with read/write access….is this normal?

• http://randyjensenonline.com randyjensen

  Hey Wim,

  If you're logged into your encrypted computer, all the files are unecrypted for that session. As soon as you put in your Truecrypt Passphrase at the bootloader screen, the drive is unecrypted.

• iMORT3rnAL

  Hi,

  Great article, TrueCrypt looks quite promising and I will definitely be using the software, but first I just have a few questions that I’d like to ask you;

  1. If I only have one operating system installed on my computer and I install TrueCrypt with the “Single-boot” option, how easy will it be to start using the “Multi-boot” option should I decide to add more operating systems?

  2. If I install any operating systems after I’ve installed TrueCrypt, will TrueCrypt’s bootloader be replaced by the one of the operating system that I’m installing?

  Thanks

• http://randyjensenonline.com randyjensen

  Hey iMORT3rnAL,

  I've attempted to encrypt a dual booting laptop but was unsuccessful. I didn't think it was even possible until I found this article:

  http://www.maximumpc.com/article/howtos/how_to_...

  “It is very important during this stage of the installation that you accurately identify if you are dual booting into multiple OS’s. Since TrueCrypt writes its own boot loader to the first sector of the drive, failure to answer this correctly will result in your boot loader being over written. Currently the only multi boot loaders that are support are the Windows MBL (this is default interface that automatically installs with Windows 2000, XP, or Vista) and the Linux alternative Grub.

  If you select Multi-boot TrueCrypt will move your boot loader from the master boot record to another sector on the hard drive, out of harm’s way. When you are ready to proceed, click Next.”

  There's also an excellent thread on the topic here:

  http://forums.truecrypt.org/viewtopic.php?p=610...

  So it seems that it is possible, just a bit of extra work. Let me know if you get it up and running!

• Wim

  Thanks Randy!

  as you can see, I'm an encryption-newbie

• http://randyjensenonline.com randyjensen

  You're very welcome!

  Everyone was a n00B at one point right

• cutie_pyie

  Randy,
  I have a couple questions regarding using TrueCrypt to either secure the HDD or as your other article mentions: to secure a thumb drive.

  The prgm states: “you will need to create a password. Depending on how paranoid you are, you should choose a passphrase close to 20 characters in length. I would also recommend using Steve Gibson’s Perfect Passwords Generator to make sure you create a completely unique phrase.”

  My question(s) to you are: How the heck can you/me/ or anyone remember a 20 character passphrase?? And where do we store “THAT”?

  Would it be a good idea to use a program like “KeePass” to store the passphrases?

  But then how long of a passphrase do we use to protect the KeePass program itself?

  I think we need an article on keeping passphrases and how & where to keep THEM!!

  Await your reply most anxiously!

  Sincerely,
  Cindy

• http://randyjensenonline.com randyjensen

  Hey Cindy,

  Great questions! My terrible answer? There isn't a perfect solution. Our brains aren't made to store long random strings of data, but they are quite good at memorizing patterns/shapes (eg. a = @).

  The problem with storing your passphrase in KeePass is that you need your passphrase to get into your computer to get to KeePass which is storing your password (Unless you put KeePass on a secondary unencrypted machine)

  I'll tell you how I do it, but I do want to mention something. If you just want to protect your laptop in case it gets stolen or lost, you should be fine with a smaller password. I would say between 8-12 characters. Just make sure you make it a good one (I'll post my method next). Longer passwords are necessary for storing super secret data.

  Here's why I say that. Thousands of laptops get stolen every day. If the thief opens yours up and sees that it's encrypted (even with a weak password), he's probably not going to waste any time on it because he can just go and steal another one. Think about a car thief who is going to steal a car. Will he steal the car with “the club” on the wheel or the one without the club? Even if the club isn't actually locked (eg. even if your laptop is encrypted with a weak password) he's probably going to go elsewhere. Sometimes the smallest deterrent can save you.

  Here's what I do. I go to Steve Gibson's password generator and start generating passwords. I copy several string into a text document and get to work. Start thinking of actual words that mean something to you. I'm drinking a Red Bull right now. So I might start piecing together a password like “r3D8u1L”. Now that may be a bit short, but what about this: “r3D_8u1L_En3rGy”. I've just turned “Red Bull Energy” into a fairly unique phrase. You could even turn “Give Me Wings” into something unique.

  Another trick is to use a word that's already printed somewhere and make it unique. For example I have an Alienware computer next to me. Alienware in and of itself is unique, if I do what I did above, it turns out to be a great passphrase! (I know people who have used their printer and model to create one as well).

  My point is, for your basic laptop security, this is WAY more than enough (honestly, I'm pretty sure this is more than what most government officials do). Any type of encryption is going to thwart your most basic laptop thief (which is most of them).

  So, short answer is, if you're not comfortable with completely random, long passwords, no problem Anything you do that would be considered 'extra' security is better than 95% of the world.

  Sorry for the long winded answer, but I hope it helps!

• Brandon

  Can i burn the rescue disk to a DVD instead of a CD?

• http://randyjensenonline.com randyjensen

  Hey Brandon,

  I can't say I've ever done it, but there is no technological reason I can think of why you couldn't.

• http://izationlabs.com/ Zachary

  Hey all, I was wondering if it is actually possible to create a bootable TrueCrypt-ed primary hard drive on a Macbook Pro? As in, the drive with Mac OS X installed on it? I know it's a simple matter for Windows, but I've been unable to find any information on doing it on a Mac. I can get to the point of actually selecting the drive, but there doesn't seem to be an option for encrypting a disk or partition with the OS itself installed. I'm using version 6.2. Am I missing something, or is this just not possible yet?

• http://randyjensenonline.com randyjensen

  Hey Zachary,

  It's actually not possible right now on Linux or OSX. Hopefully soon, I haven't looked into it too much but there may be some technological issues regarding the file system or the bootloaders.

• Jeff

  IMPORTANT: remember to append the .iso or your file will not work correctly.

  Do not understand what this means or how to do it!

• http://randyjensenonline.com randyjensen

  Hey Jeff,

  All it means is that when you are saving your file, to make sure you name it MYFILE.iso (make sure to actually type .iso in the filename, not just MYFILE)

  I will say however, that if you are unfamiliar with adding file extensions to documents, you may want to think twice about encrypting your system. Just a thought.

• http://www.snubsie.com/2009/06/30/truecrypt-your-entire-hard-drive/ 1337 g@m3r, n00b h@x0r » Blog Archive » Truecrypt Your Entire Hard Drive!

  [...] For a more in depth step by step, go here. [...]

• http://www.hak5.org/episodes/episode-520 Hak5 – Technolust since 2005 » Episode 520 – Encrypt your entire hard drive!

  [...] For a more in depth step by step, go here. [...]

• http://www.snubsie.com/2009/07/02/episode-520-%e2%80%93-encrypt-your-entire-hard-drive/ 1337 g@m3r, n00b h@x0r » Blog Archive » Episode 520 – Encrypt your entire hard drive!

  [...] For a more in depth step by step, go here. [...]

• Saucer

  randyjensen, When your in your OS, for instance, Windows, Your drive isn't Unencrypted. Nothing is ever unencrypted if you did Whole Disk encryption, it just is unencrypted in memory when you are using it.

• http://randyjensenonline.com randyjensen

  Hey Saucer,

  Thanks for making this distinction. I think I misstated this.

• TheParadox2

  Yes, you can… i've done it before and without problems…

  Its a bit of a waste of space but I guess its not really a waste because it'd be the same even on a CD… you'd still 'waste' the disc… but you really should make the rescue disk… I've had to use it.

• Robert

  I have an encrypted IDE HD containing Windows XP OS.
  I decided to image the HD to another HD using Ghost 2003 which completed successfully.
  However, when i re-boot the system i get an error that my password is incorrect?
  Is there an issue cloning encrypted HD's using Ghost or Acronis/??/

• http://randyjensenonline.com randyjensen

  Hey Robert,

  I'm actually not sure if TrueCrypt allows you to image an encrypted drive. I wasn't able to find anything in their documentation about this.

  I did find something on Expert's Exchange regarding using PGP to encrypt a drive and then image it and it's not possible because of they way PGP works.

  My best guess is that TrueCrypt does NOT allow this for security reasons.

  Here is what I read about PGP…

  “There is no way to PGP encrypt and then create an image that will function properly. The way PGP encrypts the whole disk doesn't allow it to be reproduced in an image. I say this from experience with about 30 people who worked on this and decided it was not a feasible solution. We follow same steps of imaging and then encrypting the drives. The only way to make it simpler is to script the post image install and encryption, which is what we do.”

• gaboca

  Hi Randy,

  I would like to ask some questions.
  I just encrypted my portable hard drive(the whole drive).
  Can I uninstall/reinstall my operating system(w-vista) on my laptop,because that will delete my Truecript installed on my computer?Do I need to do some back up?
  Or can I just uninstall and reinstall Truecrypt if I want?Where is my password/key stored?
  My other question is that when I did full disc encryption it did not let me to select just the drive(full capacity,but the drive letter was not shown),it only aloud me to encrypt partition1(my drive only has 1 partition)-also it was shown the full capacity of my HD-the drive letter and drive name was shown.
  If I decide to cancel/remove the encryption of my drive how shall I do it.I read the instruction manual of Truecrypt,but for me is a little confusing what is there.
  I can not decide which option shall I chose(A or B).
  A:If the volume is partition-hosted (applies also to USB flash drives)
  B:If the volume is device-hosted (i.e., there are no partitions on the device, and the device is entirely encrypted)
  As I encrypted my whole drive(it should be B),but when I started the encryption it only let e chose to encrypt partition1(which would be A).

  Thank you for your answer in advance.

• http://randyjensenonline.com randyjensen

  Hey gaboca,

  You shouldn't have any problems moving that drive to any machine that has TrueCrypt installed on it. All it needs is TC so you can mount it and enter your passphrase.

  To remove encryption, just mount your drive as you normally would through TC and there should be an option in under Tools or something (I'm on my RC build of Win7 right now so I haven't taken the time to install TC yet).

  You're going to want to choose A. The reason is because TC manages external drives differently than drives with the actual OS running on it.

  Hope that helps!

• gaboca

  Hi Randy,

  Thank you for your answer.
  So I can reinstall my OS or uninstall TC as information(for my password,etc) is stored on the encrypted drive.Shall I need to do some type of back up just in case before uninstalling TC or OS?
  I was planning actually to Install Win7 as well as a dual boot(other OS will be WinVista) the main reason for this to try to keep one OS only for personal/online banking and nothing else,other OS for rest of other activity.Actually I was planning to get Linux,but not sure if Online banking would be compatible with it.I guess I still can use Firefox as normal.

  I got an other question.I was planning to do a hidden volume within a normal encrypted one(460GB non OS drive encryption) and when it offered me the space for hidden part it was only 240GB.I have only about 120MB info saved and drive is NTFS formatted.Even if I would chose this option to hidden encrypt for about half of my drive, would it be any problem if I try to DEFRAGMENT my drive?
  How does it work?Let say I will chose protect my hidden data against recording(I guess when I mount my “normal”encrypted volume) but what if I mount a hidden volume one,would it automatically detect the other normal encrypted volume.Other words,if I chose DEFRAGMENT drive would it always defragment the whole HD(460GB) or just the one which is mounted.

  Sorry for so many questions.I like this TC,but they do not very explain certain part.

  Thanks for your answer again.
  Good luck with Win7.

• http://randyjensenonline.com randyjensen

  If you're concerned about not being able to unecrypt after reformatting, I would just find another computer and install TC on it. Then plug your external encrypted drive into it and try to mount and decrypt it.

  It's not an issue to defrag an ecrypted drive. I used to do it on my old system regularly. It will only defrag what is mounted.

• gaboca

  Hi Randy,

  Thank you very much your help.

• martusK

  Hi just found this through a search, I've been using Truecrypt file containers, I'd now like to put a whole load of data into a new file container but the drive is nearly full – can Truecrypt create a new file container that takes it over the size of the drive and then I move all the files into it? E.g. my drive is 500Gb and its got 400 GB already on it, so can I create a Truecrypt file container of 400GB (making it theoretically 800 GB now on the 500 GB drive) and then move the 400 gb into it??
  hope i've explained it and sorry if its a stupid question! (don't want to use Truecrypt to encrypt the whole drive and there's other stuff i want to leaver as it is there)
  Many thanks in advance

• http://randyjensenonline.com randyjensen

  Hey martusK,

  I've never tried this, but I'm strongly leaning towards no. If I remember correctly when you are creating the container, it asks you the size and tells you the max amount it can be. That amount cannot be larger than the size of the remaining room left on the drive

• martusK

  Hmm thought that was probably the case, but thanks for the quick reply. So the only answer is to encrypt the whole drive, using the Truecrypt volume option? – that option allows you to encrypt a whole drive, with existing data, from what I've read? Sorry being a bit ignorant about this but only started using it recently and just used the file container so far.
  Many thanks in advance.

• http://randyjensenonline.com randyjensen

  If you just encrypt the whole drive, yes, you will be able to keep all of your data.

• Lem21

  Hello,
  How would you deal with creating the truecrypt rescue disc on a netbook which does not contain an optical drive? I would like to avoid skipping this step if somehow the installation software could be tricked into thinking a rescue disc were created in the process and actually have a rescue disc on hand. Even with an external optical drive, how would you get the system to boot from this external USB connected optical drive, if that were needed? Is there some BART PE deal or BIOS change which might be required?

  thanks!

• http://randyjensenonline.com randyjensen

  Hey Lem,

  I would create the iso (since you have too), then mount it virtually (I like Virtual Clone Drive which is free http://www.slysoft.com/en/download.html). After you've done that and gotten past that step in TrueCrypt, backup the iso on an external hard drive or in the cloud somewhere. As long as you have the iso somewhere, if you ever need it, you have it.

  You can boot from an external USB drive in pretty much any of these netbooks. Just change the boot order in the BIOS as you would normally.

  Hope that helps

• jamietroy

  thanks for a great tutorial. One question though, If i encrypt my drive and my OS dies or computer hardware is dead etc, so that i have to remove the drive and use a USB caddy to connect to another machine, Is it possible then to recover the data?
  I am guessing second machine would need Trucrypt and my passphrase.

  thanks in advance

• joel_juice

  Can I use this to encrypt the hard-drive but still allow it to boot and load applications unattended?

• Nigel R

  It all sounds good… now, I have a Lenovo with single XP OS on it. But there is a hidden partition that can be loaded if needed to do a Lenovo-process rescue. Not sure about further details. Obviously I'm concerned that this arrangement is not compatible with TC and I'll only find out too late!

  Any advice appreciated.

• http://twitter.com/TheGift73 Richard Gailey

  I have used Truecrypt on quite a few PC's now, but I am trying to use system encryption on a Dell at the moment and having no joy. The HDD is split into 2 partitions. Everytime I create my rescue disk then reboot the PC for the pretest part my issue starts. On reboot, I am not requested for my password as with every other time I have used TC, but instead, it says 'press ESC to bypass boot manager', so I press ESC and it just loads windows normally.
  I have removed TC from that particular PC until I can get round there again to have a look.

  Any ideas as to where in the step-by-step guide I am going wrong? Does it have anything to do with the 'Yes, No' answer to encrypting the Host file. I always choose 'No' as a precaution.

• John

  I successfully did whole disc crypto. But, I had forgotten that I had encrypted, with Truecrypt, a single file folder on the disc. Now when I try to mount that file folder, it says I have an incorrect version of truecrypt installed. Not sure what the workaround is to get those files back. Any ideas?

• http://www.tech-e.net/ Dave Lawrence

  Great Tutorial. Like others here I've been using TrueCrypt for folder encryption for sometime.

  But I'm now thinking of encyrpting my new tablet netbook to keep things protected.

  Thanks again.

• frankie_boy

  As of Version 6.3a, Truecrypt cannot encrypt the boot partition on Mac OS X. The radio button shown in the second screen shot of this page, to “Encrypt the system partition or entire system drive”, is missing from the Mac version.

• frankie_boy

  You can, however, consider using Filevault, Apple's built-in encryption for the home folder.

  About Filevault:

  http://docs.info.apple.com/article.html?path=Ma...

• Rickprikk

  TrueCrypt seems to hacked
  http://www.prnewswire.com/news-releases/passwar...

• http://sickmacaddict.wordpress.com/2010/04/07/hak-5-episode-520-encrypt-your-entire-hard-drive/ Hak.5 Episode 520: Encrypt your entire hard drive! « Evolving Minds

  [...] For a more in depth step by step, go here. [...]

• Derek

  TrueCrypt has not been hacked. That article points out a vulnerability that involves extracting the encryption key from the RAM of a computer that is able to decrypt the system volume. Quote: “When a target computer is seized and turned on with the encryption disk accessible…” Notice: WITH THE ENCRYPTION DISC ACCESSIBLE. If you're worried about the FBI physically connecting a device to your computer, just unplug your machine when you hear “FBI – open the door!” And don't leave the machine on when you're not in front of it.

• Chris

  Truecrypt is good but complicated to encrypt usb drive. You can try this usb encryption software if you want a simple one.
  http://www.disk-utilities.com/usb-encryption/in...

• Antony

  Thanks for the guide.

  TrueCrypt documentation is terrible at their site. It's deep on theory with very little practical illustration. It seems very much like a program for people who require protection against high level criminal, political or government based adversary. It does not seem to be aimed towards the average user who simply wants to safeguard their personal information against a casual or opportunistic thief. Which is probably what 99% of us require.

  I personally think FREE CompuSec is a better solution for the average user.

• http://techland.com/2010/08/06/the-case-of-the-stolen-laptop-how-to-encrypt-and-why/ The Case of the Stolen Laptop: How to Encrypt, and Why – Techland – TIME.com

  [...] a pretty good Truecrypt tutorial here, and these step by step instructions are easier than the geeky Truecrypt [...]

• Mark

  You have something on backups? I'm in the initial stages of implementing a scheduled backup plan for my laptop to an external USB HDD. Thanks!

• maxmetallica

  all ur tutorials r nice dude..lol,i was replying to my 2 years old comment:-)

• mike

  Lem there is a program call win32EMU that you can use to put the iso on a sd card or a thumbdrive it makes the computer think that the sd or thumbdrive is a cd-rom

• Benj

  Question regarding system drive encryption:

  I have Windows installed on a partitioned drive (C) and all data (photos, files, videos, etc) is on drive D. Since both drives are on the same physical hard drive, is everything encrypted or only the drive where the system is installed? In other words, if someone were to remove the hard drive and place it in another pc, would they have access to my files?

• http://www.harddriveencryption.net hard drive encryption

  Stunning stuff..I was on the lookout for this for many days now.

• Hib

  [@Derek: just unplug your machine when you hear "FBI - open the door!" ]
  That's very funny, you made me lol!!
  Thanks for your advice!

• Anuj

  Hi

  Encryption newbie. I have used truecrypt to encrypt my entire hard disk. I am now concerned about backups. If I have mounted my hard disk (i.e. I have entered password and am using my computer as normal), and I run a standard backup utility to backup to an external drive, will that be the same as backing up a non-encrypted drive? What about online backups (again if i am logged on to my pc)

• Erike4

  I have an external Seagate 1.5Tb drive with three partitions, two of which are truecrypt partitions. When the drive is pluged in i get a message for each “unformated[truectypt]” partition from win7that askes to format the unfomratted partition. One mistake and the partition is gone. Is there a way to prevent these messages? (and the associated risk).

• http://twitter.com/anoop_abram Anoop ABRAHAM

  So are you saying that I cant Encrypt Windows 7 partition in my MBP?

• http://twitter.com/TheGift73 Richard Gailey

  If you have data in any of those partitions, then surely they must have already been formatted to either NTFS or FAT32 etc? Unless of course you partitioned an unformatted hdd into 3 partitions (eg A, B & C) and then used TC to encrypt A & B individually. If that is the case, you will still have to format then if you are ever going to write something to them. If there is no data on the Trucrypt partitions, then it won’t really matter if you were to format them, as there is no data to be lost. Hope that makes sense?

• http://twitter.com/TheGift73 Richard Gailey

  If you choose in the ‘Area To Encrypt’ “Encrypt The Whole Drive” then yes, this will include all partitions on the hdd including you D: where your pictures are.

• http://twitter.com/TheGift73 Richard Gailey

  If you use a back-up program to do your back-up then the backed-up date will not be encrypted, unless the device you are sending the data to has an encrypted container. So you will have separately load TC to the external hdd (I’m guessing that is what you are using) and then encrypt it that way.
  If you are Cloning the HDD (say with Norton Ghost) then the cloned drive should stay encrypted as it is a clone of the hdd.

• hinderaker

  I know it is one year ago but I am still gonna post. This is because the SYSTEM RESERVED (hidden partition) with boot files is on another drive. Atleast it was like that for me. What I did is I reduced the volume of my C: partition with 100 mb. Then I unplugged all other disks. Windows can’t load because BOOTMGR is missing. Then boot from Win 7 / Vista DVD and choose startup repair. Now Windows figured out that thoose 100 mb is a broken SYSTEM RESERVED partition and fixed it. Next plug the rest of the disks back. Delete the old system reserved with a partition manager of your choice.

• http://psychsection.wordpress.com/2011/06/05/hello-world/ News and Notes May 27th, 2011 | School Psychology Section

  [...] http://www.randyjensenonline.com/blog/using-truecrypt-to-encrypt-your-entire-hard-drive [...]

• http://hostizzle.com/uncategorized/an-overview-on-how-to-encrypt-data/ Hostizzle: Free OpenVPN–for real! » An Overview on How to Encrypt Data

  [...] free cross-platform program for doing anything from encrypting and hiding entire volumes, to encrypting the whole drive, to just encrypting files and folders. For most anyone, this will do the [...]

• John

  yes, you may. right click on “Computer” and choose “Manage” then “Disk Management”. Right click on the desired partition and choose “Change drive letter and paths” then remove the assigned drive letter. Next time when your hard drive is connected to the computer, their will be no warning message. good luck!

• Tony33ds

  Richard:The problem is The Partition has data and encrypted by TC but windows still ask us to format !
  Have not tried JOHN’s suggestion but w/o assigned drive letter, will windows still show that partion?

• Chris Davies

  excellent!! Thanks very much for this

• Cynthia Blanche

  I am just reading this trying to decide regarding TrueCrypt.  Too bad you did not include the link to the Expert’s Exchange article.  I do not understand the last sentence “The only way to make it simpler is to script the post image install and encryption, which is what we do.”     What does this mean?  What is “post image install and encryption” and how does one script this?  If you ever see this, I would appreciate an answers.

• http://wp.evolutioncreations.com/2011/08/preparing-the-road-warrior/ Preparing the Road Warrior

  [...] a good guide was a bit challenging, but after a few minutes of searching about, I came across this one that turned out to be spot on to get the whole drive encryption setup. Painless process and now we [...]

• http://fuzzytutorials.com Richard Gailey

  Hi hinderaker,

  Thanks for the reply. Re-found this thread at random. Yep, the hidden partition (reserved) was the issue. I have since encrypted 50+ units using TC, and always prefer to have the OS on one partition only, so I re-install (not necessary, but I like to start well) format, then have the OS on C:/ Then after the install, drivers, updates etc are done; I install TC. 

• X7z9

  Horrible program for encrypting the entire drive. I encrypted my windows 7 disk, rebooted, put in the password, and there was an error loading. What? Everything in the pretest passed. So now I’m decrypting my entire drive, hope to God it works. Truecrypt works great making container files, but I don’t recommend using it for the entire disk. Too much of a chance risking losing all your important data. Yes, I know, back up first.

• Anonymous

  The Crane stand was designed with the highest quality standards in mind. The people behind the Crane Stand are DJs and musicians ourselves, and a few years back after surveying the marketplace we weren’t happy with the adjustable laptop stands available so we decided to build our own.

• Bbstage

  Hello, its going to work even if the hard drive is connected to another pc?

• Roy

  hi I’m having an issue with my Truecrypt, I don’t know if it’s encrypted or not. I ran the 3-day Gutmann 35-key encryption and not sure if it’s encrypted. how would I be able to find out?

  ps, the only drive I can click on (with no removeables on my computer) is C

• http://forum.grasscity.com/silicon-v-alley/955332-questions-about-tor-2.html#post13054610 Questions about Tor? – Page 2 – Grasscity.com Forums

  [...] computer actually running faster after the encryption because of the database that they used. Using Truecrypt to Encrypt Your Entire Hard Drive : Randy Jensen Online https://louisville.edu/it/private/co…ng-full-disk-2 @dissec prove anything I have said to be [...]

• Dave

  I have encrypted my entire hard drive with TC. Now Windows does not start anymore and I want to decrypt the entire drive to access it with another system. Unfortunately my rescue disc is not accessible at the moment. Can I just create another rescue disc with a different computer system and use this to permanently decrypt the drive of the system that does not start anymore? Or will this method destroy my encrypted disc entirely?

• http://www.linuxquestions.org/questions/linux-software-2/truecrypt-in-arch-no-option-to-encrypt-system-drive-921633/#post4563932 Truecrypt in Arch – No option to encrypt system drive

  [...] option to encrypt the system partition or the entire drive. When I look at guides such as this: http://www.randyjensenonline.com/blo…ire-hard-drive there is an option to "Encrypt the system partition or entire system drive", yet when I [...]

• http://www.facebook.com/dumdarweep Hi Lowe

  Bad news and good news (maybe).  The key you type into truecrypt is really a key to a key.  The key you type in unlocks the key file on the drive which then decrypts the fully encrypted drive as it reads it.  If your problem is with your computer and not a physical problem with the hard drive, you can put the drive into another computer and it should at least boot to the truecrypt screen and ask for a password, at which point you can type it in.  That’s the good news.  The bad news is, no, you cannot make another rescue disk, but you really should not need the rescue disk.  It is extremely rare that the key file on the drive becomes corrupted such that you even need the rescue disk.

• Possltd2

  Please help me! I have 2 hard drives each 160GB that i use for my netbook by  sliding each on in the hard-drive bay.. I encrypted the whole hard-drive  that has windows 7 , everything work fine for 2 months until I did this. My net-book was in sleep mode with win 7 non-encrypted hard drive. I took out the hardrive and installed the encrypted one press the power key….A blue screen came on and I knew I what I did wrong so i turned off the power restarted the computer now there was an error loading. I What should I do? Thanks

• Mike

  Dear Randy,

  I would like to ask if I can re-encrypt my HDD.I created a hidden volume and
  now I want to have encrypted the whole HDD without a hidden volume.
  Do I need to reformat it first(fast or full format),or I can just encrypt it as
  usual as it will overwrite the previous encryption.

  Thank you for your help in advance.

  Mike

• Mike

  Dear Randy,

  I forgot to add.The encrypted HDD is an 500 GB external USB drive(non-system,just storage).Hidden volume is about 230GB (that was the max allowed).

  Thanks.

  Dear Randy,

  I would like to ask if I can re-encrypt my HDD.I created a hidden volume and
  now I want to have encrypted the whole HDD without a hidden volume.
  Do I need to reformat it first(fast? or full format?),or I can just encrypt it as
  usual as it will overwrite the previous encryption.

  Thank you for your help in advance.

  Mike

• http://www.cranehardware.com/ the crane stand

  hen you stand on your toes, you shift your weight from your larger thigh muscles to the calves and ankles. Working these muscles will help to support your legs completely.

Twitter Update