Introduction: How to Implement Full Drive Encryption - Windows

This instructable will act as a step by step guide through the process of implementing full hard drive encryption. Full drive encryption will prevent a cyber-criminal from being able to steal your identity in the event that your computer is stolen. With the sudden rise of identity theft nowadays, you can never be too careful. There are two main parts to implementing the drive encryption. The first part will take roughly 30 minutes for someone who isn’t familiar with the software. The second part is completed by the software automatically but will take several hours to complete. This guide assumes that the reader has a basic understanding of computer operations. Once completed, all data stored on the hard drive will be password protected, preventing loss of sensitive data and identity theft.

Step 1: Prepare the System

Materials
• Computer with Administrative Rights
• Writable CD / DVD like CD-R / DVD-R
• CD / DVD Burner
• ImgBurn – Image Burning Software
• Truecrypt – Encryption Software

1. Log into the computer with administrative privileges
2. Make backups of all files that you want to save, just in case.
3. Open a web Browser
  • Examples: Firefox, Internet Explorer, Safari, Chrome
4. Navigate to page http://www.truecrypt.org
5. Click on Downloads link at top of page
6. Scroll Down until download link for Windows 7/Vista/XP/2000 link found
7. Download file to desktop or other easily accessible location
8. Double click the file just downloaded
9. Accept the Eula Agreement
10. Continue clicking on next button using default settings.
11. When it appears, click the Install button
12. Click ok when dialog appears about successfully installing software
  • If installation failed make sure your running with administrative privileges
13. Click the Finish Button

Step 2: Configure Encryption Algorithm

1. Start Truecrypt application
2. Navigate to System -> Encrypt System Partition/Drive
3. Select bubble next to normal option
4. Click the “Next” key
5. Click “Next” to bring up an Area to Encrypt screen
6. Check bubble next to “Encrypt the whole drive” option
7. Click “Next” button
8. Click the bubble next to “No” on the “Encryption of Host Protected Area” screen
9. Click “Next” button
10. Click bubble next to the Single-boot option on the “number of operating systems” screen
  • Note: Most people only have a single operating system on their computer.
11. Click “Next” button
12. Choose Encryption Algorithm from the Dropdown menu
  • Note: This controls how the data is obscured on your computer. Default option of AES is best choice for most people.
13. Choose a hashing algorithm from dropdown menu.
  • Note: For full drive encryption only RIPEMD-160 is usable.
14. When ready, Click the “Next” button
15. Choose a password to be used when starting system
  • Caution: If password is forgotten then computer will become completely unusable until fresh Operating System is installed.
16. Click the “Next” button
17. Move mouse randomly throughout window to boost encryption strength
18. Click “Next” button
19. Click “Next” button again on the keys generated screen

Step 3: Create Rescue Disk

1. Click “Browse” button and choose location for saving an ISO file
  • Note: I save mind to desktop to make it easy to find.
2. Click “Next” button once location is chosen
3. Burn the generated ISO image to a writable disc using ImgBurn
  • Note: Other programs can be used to perform the burning operation.
4. After burning disk, Place disk in CD/DVD Drive
5. Click “Next” button to start disk verification process
6. Click “Next” on the “Rescue Disk Verified” screen
7. Choose a wipe mode from the dropdown menu
  • Note: Encryption Process takes longer amount of time when using a wipe mode.
8. Click the “Next” button
9. Click the “Test” button on the” System Encryption Pretest” screen

Step 4: Encrypt Hard Drive

1. Remove the rescue disk from CD/DVD drive
2. Restart computer
3. Enter the password chosen earlier
4. Press the “Enter” key
5. Once logged in, Screen will appear notifying if test was successful
6. Click the “Encrypt” button on the “Pretest Completed Screen” to start encryption process

  • Caution: Once the encrypt button is clicked, Truecrypt will start encrypting entire hard drive in the background. From this point forward if password is forgotten all data on that hard drive will be lost.

7. Click the “Finish” Button.

  • Note: Hard drive is now fully encrypted.

Step 5: Remove Hard Drive Encryption (Optional)

In the event that you want to remove the encryption, the process can be reverse by following the below steps. There are a few reasons that someone might want to remove the encryption such as performance impedance or tired of inputting a password whenever computer starts.

1. Start Truecrypt application
2. Rick Click on the “System Drive Volume” in application window
3. Select “Permanently Decrypt”
4. Click the “Yes” button
5. Click the “Yes” button, again

Step 6: Create Authentication Screen (Optional)

The default Truecrypt authentication screen can be changed. A custom message can be used as the authentication screen. A possible use of this is to hide the existence of the operating system. If you have it display a message of "Missing Operating System" it will look as if no system is installed.

1. Navigate to System -> Settings
2. Check the “Do not show…” box to prevent Truecrypt text from displaying
3. Type a message in message box
4. Click the “Ok” Button

Step 7: Conclusion

Congratulations, your computer's hard drive is now fully encrypted. This means that all the files on your computer are now password protected. This will protect all your sensitive data from potential thieves looking to make a quick buck. A password will now have to be provided each time the computer starts to unlock all files.