How to Encrypt your Windows Computer
A basic Windows password offers zero protection to your data even to the most unskilled computer hacker. On the other hand, encrypting your computer’s data, theoretically, protects the data. A number of different encryption algorithms and software are available with Microsoft’s BitLocker hard drive encryption utility installed in Ultimate and Enterprise versions of Windows 7 and Vista. This is obviously limiting and so this tutorial will use a free Open Source utility called TrueCrypt. It provides on-the-fly encryption and works in the background and allows you to continue using everything you normally would.
The first step of this tutorial is to download and install TrueCypt.
The installation is straightforward and I would recommend that you select the option to create a system restore point. It is highly unlikely that you will run into any serious problems but even making a full system image is probably a good idea. (Remember that this system image will be unencrypted).
Once the installation is complete open TrueCrypt.
Click ‘Create Volume’, which gives you the following set of options.
At this point you have a number of different options, depending on your situation.
Create an encrypted drive
I will cover this option in a later tutorial.
Encrypt the entire system drive
This encrypts the entire system drive where Windows is installed and offers the maximum type of security. Before anyone can gain access to the system they must enter the correct password before Windows boots.
Select the third option to ‘Encrypt the entire system drive’ and click ‘next’.
Select ‘Standard TrueCrypt Volume’ and click ‘next’.
Select ‘Encrypt the whole drive’ and click ‘next’.
The answer to this question will vary depending on your situation. Many computer manufacturers include a protected area of the hard drive to store system recovery or even RAID utilities. It is therefore safest to answer ‘no’ to this question to avoid any problems.
In my situation I only have one operating system installed so I selected ‘Single-boot’.
The next set of options allow you to specify the level of encryption you would like to use. All the algorithms have their good and bad points. I would recommend that you just stick with the ‘AES’ algorithm unless you have a specific need to use an alternative.
Enter the password (the stronger the better).
You will then see a screen with some strange hex numbers. Basically they change based on your mouse movement to create unique key.
Once you have clicked next, you will see the generated keys.
Before your computer can be encrypted you must create a rescue disk. This can be used if Windows gets damaged and will be a lifesaver if it is needed. For this reason you must create the rescue disk, you won’t be allowed to continue without it.
Click ‘next’ and follow through the Windows Disk Image Burner wizard to create the disk. You will obviously need a blank CD/DVD. [alert message=”You won’t be able to continue without the rescue disk.”]
Don’t be confused by the word ‘wipe’. Basically, when TrueCrypt first encrypts the data, using advanced digital forensic techniques, it may be possible to recover the original data. TrueCrypt can prevent, or make it extremely difficult, to recover the unencrypted data by wiping it. This can take a long time depending on the number of times the data is overwritten (passes). In this tutorial I will be select the Wipe Mode as ‘None’.
Select ‘test’ to restart your computer and allow TrueCrypt to make sure everything will work correctly. On the restart you will be prompted to enter the password you entered earlier.
Once the computer has restarted you should see the following pretest successful message.
If you are 100% happy, click ‘Encrypt’.
In this tutorial I encrypted a clean install of Windows 7 installed on a SSD with an Intel I7 processor and it took over 15 minutes.
Once the encrypting has finished you will have successfully encrypted your Windows computer. If you run into any problems, leave a comment below.