Encrypting your Windows hard drives

Encrypting your Windows hard drives

author: vman (moopowah@yahoo.com), last modified: July 11, 2002




> NEWS
Jul/11/2002: First publication.



> I. Purpose:
You want to keep your files private. BestCrypt will allow you to create new (virtual) hard drive and everything stored on it is encrytped. This software also encrypts your pagefile because you and I both know that Windows' pagefile stores TONS of information on what you've been doing on your computer, since it's a memory dump. It has plain-text records of conversations you've had on irc, mail, instant messages, webpages you've browsed, et al. You also know there is software in the market that can recover files that you've put in the Recycle Bin and Emptied -- such as Encase -- and you want to ensure that all files you've deleted in the past are made irrecoverable, and future files you want to get rid of are easily wiped instead of made "invisible" by Windows.



> II. The quick and dirty:
Install BestCrypt for Windows from http://www.jetico.com, and use its option to encrypt your pagefile, wipe all of your drives' free space, and create a container to mount as an encrypted hard drive. In the future don't forget to Wipe your Recycle Bin instead of Emptying it, so you are assured files can't be recovered (you get a Wipe option when you right-click on your Recycle Bin).



> III. Novice step-by-step:

*** It is best to format your hard drive and reinstall Windows as the first step. ***

1. Download the latest BestCrypt (which comes packaged with another piece of software named BCWipe) from http://www.jetico.com/bcrypt7.exe. Install BestCrypt, and when asked, reboot.

2. Load BestCrypt by clicking on "Start" -> "Programs" -> "BestCrypt" -> "BestCrypt Control Panel". Now choose menu "Options" -> "Swap File Encryption Utility". A new window opens; check the box to "Enable encryption of swap file" and leave the Encryption Algorithm choice as "Rijndael 256-bit". Click "OK", and when asked, reboot your machine again.

3. Delete/Remove _all_ private files from your C: drive that you want to eventually place on an encrypted filesystem. You must do so that you begin using encryption from a clean start (you don't want your private files able to be recovered). Empty the Recycle Bin.

4. Open up Windows Explorer, right-click on your C: drive and choose "Wipe free space with BCWipe". If you have a big hard drive, choose the "U.S. DoD - seven pass" option. If you don't mind the duration this task will take (an estimate appears at the bottom of the window) then choose "User defined pass quantity" and enter 35 as the number. Make sure the three options for "Wipe of swap file", "Wipe file slacks", and "Wipe empty directory entries" are selected. Click "OK" and go play some Solitaire. Please note that this procedure will take an extremly long time (days at times). Perform the last two steps for each hard drive you have: delete all private files, right-click on the drive and BCwipe the free space. Reboot when done.

5. At this point your system is clean but with none of your private files on it. Load up BestCrypt and choose menu "Container" -> "New container". Change the Algorithm to "RIJNDAEL". Select how big you want this new "encrypted hard drive" to be. If your C: drive has 50GB free and you intend on filling all of it with private files, then choose something like 45GB. After the container is made your C: drive will only have 5GB free. Don't worry though, the container will not grow in size. If you just want to test this process of containers, then select something small like 2MB. Make sure that "Fill in container by random data" is selected, and finally click "Create". You'll be prompted to choose a password. I suggest you choose a sentence instead of a simple word. The password length makes a dramatic difference in security! What you don't want to do is select a common phrase or quote -- it should be something you come up with and can easily memorize. Obviously if you store your password on your unencrypted hard drive, it becomes COMPLETELY useless. In fact, you must make sure NOT to store the password on your unencrypted drives at any time or maybe someone can recover the file some day and unlock all of your encrypted data. Once the container is made a new window should automatically pop-up allowing you to choose the filesystem type to format the new (virtual) drive with. After that it should automatically mount the "virtual, encrypted hard drive" as the drive letter you had specified.

6. This new drive is just like any of your other drives but it's encrypted. All data written to this drive is actually written to the container file -- wherever you saved that file. The total volume of the virtual drive is already established so you need not worry about the container file growing in size. Use this drive for all of your private files and programs. Every time you reboot you'll need to load BestCrypt and "Mount" the container to a drive letter by supplying your password.

7. Lucky seven, you're a winner! Ok bye now. :-)



> IV. Final notes:
If you burn a lot of bin/cue CD images, try using daemon-tools at http://www.daemon-tools.com. It allows you to mount the CD image to a drive letter (sort of like a virtual CD), thus saving you the time and cost of burning a CD. If your CD images are private files, keep them on your new and improved encrypted hard drive!