Introduction: How to Implement Full Drive Encryption - Windows
This instructable will act as a step by step guide through the process of implementing full hard drive encryption. Full drive encryption will prevent a cyber-criminal from being able to steal your identity in the event that your computer is stolen. With the sudden rise of identity theft nowadays, you can never be too careful. There are two main parts to implementing the drive encryption. The first part will take roughly 30 minutes for someone who isn’t familiar with the software. The second part is completed by the software automatically but will take several hours to complete. This guide assumes that the reader has a basic understanding of computer operations. Once completed, all data stored on the hard drive will be password protected, preventing loss of sensitive data and identity theft.
Step 1: Prepare the System
Materials
• Computer with Administrative Rights
• Writable CD / DVD like CD-R / DVD-R
• CD / DVD Burner
• ImgBurn – Image Burning Software
• Truecrypt – Encryption Software
1. Log into the computer with administrative privileges
2. Make backups of all files that you want to save, just in case.
3. Open a web Browser
5. Click on Downloads link at top of page
6. Scroll Down until download link for Windows 7/Vista/XP/2000 link found
7. Download file to desktop or other easily accessible location
8. Double click the file just downloaded
9. Accept the Eula Agreement
10. Continue clicking on next button using default settings.
11. When it appears, click the Install button
12. Click ok when dialog appears about successfully installing software
• Computer with Administrative Rights
• Writable CD / DVD like CD-R / DVD-R
• CD / DVD Burner
• ImgBurn – Image Burning Software
• Truecrypt – Encryption Software
1. Log into the computer with administrative privileges
2. Make backups of all files that you want to save, just in case.
3. Open a web Browser
- Examples: Firefox, Internet Explorer, Safari, Chrome
5. Click on Downloads link at top of page
6. Scroll Down until download link for Windows 7/Vista/XP/2000 link found
7. Download file to desktop or other easily accessible location
8. Double click the file just downloaded
9. Accept the Eula Agreement
10. Continue clicking on next button using default settings.
11. When it appears, click the Install button
12. Click ok when dialog appears about successfully installing software
- If installation failed make sure your running with administrative privileges
Step 2: Configure Encryption Algorithm
1. Start Truecrypt application
2. Navigate to System -> Encrypt System Partition/Drive
3. Select bubble next to normal option
4. Click the “Next” key
5. Click “Next” to bring up an Area to Encrypt screen
6. Check bubble next to “Encrypt the whole drive” option
7. Click “Next” button
8. Click the bubble next to “No” on the “Encryption of Host Protected Area” screen
9. Click “Next” button
10. Click bubble next to the Single-boot option on the “number of operating systems” screen
12. Choose Encryption Algorithm from the Dropdown menu
15. Choose a password to be used when starting system
17. Move mouse randomly throughout window to boost encryption strength
18. Click “Next” button
19. Click “Next” button again on the keys generated screen
2. Navigate to System -> Encrypt System Partition/Drive
3. Select bubble next to normal option
4. Click the “Next” key
5. Click “Next” to bring up an Area to Encrypt screen
6. Check bubble next to “Encrypt the whole drive” option
7. Click “Next” button
8. Click the bubble next to “No” on the “Encryption of Host Protected Area” screen
9. Click “Next” button
10. Click bubble next to the Single-boot option on the “number of operating systems” screen
- Note: Most people only have a single operating system on their computer.
12. Choose Encryption Algorithm from the Dropdown menu
- Note: This controls how the data is obscured on your computer. Default option of AES is best choice for most people.
- Note: For full drive encryption only RIPEMD-160 is usable.
15. Choose a password to be used when starting system
- Caution: If password is forgotten then computer will become completely unusable until fresh Operating System is installed.
17. Move mouse randomly throughout window to boost encryption strength
18. Click “Next” button
19. Click “Next” button again on the keys generated screen
Step 3: Create Rescue Disk
1. Click “Browse” button and choose location for saving an ISO file
3. Burn the generated ISO image to a writable disc using ImgBurn
5. Click “Next” button to start disk verification process
6. Click “Next” on the “Rescue Disk Verified” screen
7. Choose a wipe mode from the dropdown menu
9. Click the “Test” button on the” System Encryption Pretest” screen
- Note: I save mind to desktop to make it easy to find.
3. Burn the generated ISO image to a writable disc using ImgBurn
- Note: Other programs can be used to perform the burning operation.
5. Click “Next” button to start disk verification process
6. Click “Next” on the “Rescue Disk Verified” screen
7. Choose a wipe mode from the dropdown menu
- Note: Encryption Process takes longer amount of time when using a wipe mode.
9. Click the “Test” button on the” System Encryption Pretest” screen
Step 4: Encrypt Hard Drive
1. Remove the rescue disk from CD/DVD drive
2. Restart computer
3. Enter the password chosen earlier
4. Press the “Enter” key
5. Once logged in, Screen will appear notifying if test was successful
6. Click the “Encrypt” button on the “Pretest Completed Screen” to start encryption process
- Caution: Once the encrypt button is clicked, Truecrypt will start encrypting entire hard drive in the background. From this point forward if password is forgotten all data on that hard drive will be lost.
7. Click the “Finish” Button.
- Note: Hard drive is now fully encrypted.
Step 5: Remove Hard Drive Encryption (Optional)
In the event that you want to remove the encryption, the process can be reverse by following the below steps. There are a few reasons that someone might want to remove the encryption such as performance impedance or tired of inputting a password whenever computer starts.
1. Start Truecrypt application
2. Rick Click on the “System Drive Volume” in application window
3. Select “Permanently Decrypt”
4. Click the “Yes” button
5. Click the “Yes” button, again
1. Start Truecrypt application
2. Rick Click on the “System Drive Volume” in application window
3. Select “Permanently Decrypt”
4. Click the “Yes” button
5. Click the “Yes” button, again
Step 6: Create Authentication Screen (Optional)
The default Truecrypt authentication screen can be changed. A custom message can be used as the authentication screen. A possible use of this is to hide the existence of the operating system. If you have it display a message of "Missing Operating System" it will look as if no system is installed.
1. Navigate to System -> Settings
2. Check the “Do not show…” box to prevent Truecrypt text from displaying
3. Type a message in message box
4. Click the “Ok” Button
1. Navigate to System -> Settings
2. Check the “Do not show…” box to prevent Truecrypt text from displaying
3. Type a message in message box
4. Click the “Ok” Button
Step 7: Conclusion
Congratulations, your computer's hard drive is now fully encrypted. This means that all the files on your computer are now password protected. This will protect all your sensitive data from potential thieves looking to make a quick buck. A password will now have to be provided each time the computer starts to unlock all files.