TrueCrypt can also be used to password protect drive access. This can either be portable drives, or the drives on a machine. We’ll be first detailing how to completely encrypt a portable drive. The drive will detect on all systems, but will display as being unformatted. To read or write in the drive, you will have to mount it on another mount point in the system, then enter the password. That is, if the portable drive is allocated the drive letter G by the system, you will have to mount it using TrueCrypt to drive letter H to be able to write and read from it. Before encrypting the drive, copy all the data to another location. Although TrueCrypt can keep the data on the drive, this is a longer process. The data is moved around, the drive is encrypted, and the data is moved back in. This is faster if the user does it. We will be showing a method that deletes all the data in the drive, as it is considerably faster and more practical.
Go to Volumes>Create New Volume in TrueCrypt. Select the second option, Encrypt a non system partition/drive. Then click on Next. Select the Standard TrueCrypt volume as the volume type. Then select a partition or device. In this step, you can either choose an external drive, or a drive where the operating system you are running is not located. On most systems, this means everything but the C drive is ok to go. Here, we are encrypting a thumb drive. Click on Next. Then select a creation Mode. To save time and resources, choose Create Encrypted volume and format it. Then click on next. The encrypt partition in place should be used only when you have nowhere else to transfer the data to. In that case, it’s a good idea to leave the operation overnight, and is a little risky as you have to ensure that the power is supplied throughout the operation. Next, select an encryption algorithm, and click next. You will be prompted about the imminent loss of all data on your drive. Agree, and continue. That is it, whether this is an external drive, or a non-system partition, you will have to mount it using the password and TrueCrypt, before it shows up in the list of drives on the system.
TrueCrypt can also be used to encrypt a system volume, which is the partition of the hard drive where the operating system is located. Doing this is a little risky, because if you forget the password, you won’t be able to boot up your machine. Go to Volume>Create New Volume, and select the third option, which is “Encrypt the system partition or entire system drive”. Choose “Normal” as against “Hidden”. The “Hidden” option creates a fake encrypted Operating System. There will be two hidden and encrypted Operating System on the system, and you can reveal one of these under force.
Now there are two options. The first option allows you to encrypt just the partition of the hard drive where the operating system is located. The second option allows you to encrypt not just the partition where the operating system is located, but all the partitions on the drive where the operating system is located. There is no option to encrypt all the drives in the hard disk, because this can be done through the Operating System later on. TrueCrypt does this by installing a small bootloader in the hard drive, which requires the password to be entered before the Operating System boots up. Click on Next. The next Window gives users a choice on encrypting the host protected area of the Operating System. This is usually where the backup data is located, or some such functionality in Laptops and on some Desktops. The safest option here is to select No. The next screen is for advanced users. Most users can select single boot. However, if your machine has more than one operating system installed, select Multi-boot. TrueCrypt is cross platform, so the same method can be used from a Linux Operating System to encrypt and password protect a Windows installation on the same machine. Note that, in case of multi- boot, the other Operating System need not be located on the same hard drive as the one being encrypted, this option is just so that the TrueCrypt bootloader is configured correctly.
The next step is to choose the encryption algorithm. Choose an cipher, and click on Next. Then, key in a password. If you choose to use a keyfile at this point of time, the keyfile will have to be selected before system load from an external device. This means that every time the Operating System has to be booted, there has to be a USB drive plugged in to the system. This is very secure, but if you lose the keyfile, you will lose access to your data as well. The next step generates encryption keys using random data. Just move the mouse randomly for some time, and click on next. The next window allows you to create a rescue disc in case you lose your keyfile. This operation basically allows you to restore the system to the current state. This is necessary in case your keyfile gets corrupt, the bootloader gets corrupt, or the Windows installation becomes unusable or infected by malware. The rescue disc is an iso image that must be burned on, which is a bootable disk. Burn the iso image before proceeding with the encryption. Don’t burn the image on the DVD itself, but burn the files inside the iso, that is open the iso file using a DVD burning software, and proceed.
You will have to burn the disc, put it in the tray, and click on Customize the bootloader. Click on Next. You get to customize the bootloader now. Enter some text for the password prompt. This can be anything that you prefer. Click on Next, and the encryption process starts. This will take some time. The next time you boot the operating system, you will be prompted for a password.