Full disk encryption

Mutt

Professional
Messages
1,159
Reaction score
826
Points
113
Today we need the VeraCrypt utility. If you haven't downloaded it yet, download it from the download page on the official website. We put the regular version (not portable)

Launch VeraCrypt, in the main program window go to the "System" tab and select the first menu item "Encrypt system partition / drive".

Choosing an encryption type
Leave the default type as Normal. Click the Next

Encryption area
If there is only one disk and it is the system one (usually it is the C: \ drive), then you can limit yourself to the item with the encryption of the system partition. It is possible that your physical disk is split into multiple partitions, such as C: \ and D: \. If so, then you only need to select Encrypt the whole drive.

Encrypting hidden partitions
Select Yes if your device has hidden partitions with computer manufacturer's utilities and you want to encrypt them, usually this is not necessary.

Click the Next button.

Number of operating systems
Select Single boot and click Next.

Encryption settings
Choice of encryption and hashing algorithms. Here you can safely leave the default AES and SHA-256 values as the strongest option.

Password
When choosing a password, it's best to think of it out of your head. It must be longer than 12 characters and must not contain easily matched elements. The password 000000000000 will obviously be picked up very quickly, but something like ZZZZZZZZZZZZ will be picked up in a short time. When hacking, they do not use brute force directly - this is impossible for long passwords, but complex algorithms based on dictionaries. Therefore, it is necessary to avoid obvious patterns in the password.

Collecting random data
This step is necessary to generate an encryption key based on the password entered earlier, the longer you move the mouse, the more reliable the received keys will be. Move the mouse randomly at least until the indicator turns green, then click Next.

Generated keys
This step informs you that the encryption keys, binding, and other parameters have been successfully generated. This is an informational step, click Next .

Recovery disc
Specify the path where the ISO image of the rescue disk will be saved, this image may be needed in case of damage to the VeraCrypt bootloader, but you still need to enter the correct password. Save the image of the recovery disc to a removable medium (such as a USB flash drive) or burn it to an optical disc and click Next .

To save to a USB flash drive, at this step you need to check the " Do not check recovery disk " checkbox and at the next step select that there is no writing drive

Recovery disc created
Note! Each encrypted system partition requires its own recovery disk. Be sure to create it and store it on removable media. Do not store the recovery disc on the same encrypted system drive. Only a recovery disc can help you decrypt data in case of technical failures and hardware problems.

Free space cleaning
Free space cleaning allows you to permanently delete previously deleted data from the disk, which can be restored using special techniques (especially important for traditional magnetic hard disks). If you encrypt an SSD drive, choose 1 or 3 passes, for magnetic disks we recommend 7 or 35 passes. Please note that this operation will affect the total disk encryption time, for this reason, abandon it if your disk did not contain important deleted data before. Do not choose 7 or 35 passes for SSD drives, magnetic force microscopy does not work in the case of SSDs, 1 pass is sufficient.

If the disk does not contain information that needs to be hidden from prying eyes, do not set too many passes. This will greatly increase the cleaning time.

System encryption test
This step is a check before encryption. It is relatively safe and rarely breaks anything on it, but just in case, read the text here and on the next page.

What to do if Windows won't boot
Check out, or rather print out, the recommendations in case of what to do if Windows does not boot after reboot (this happens). Click OK if you have read and understood the message.

Reboot
Reboot your computer.

Entering a password at boot
After rebooting and before starting to boot the operating system, you will see the VeraCrypt bootloader interface and a password prompt. Enter the password you entered. If PIM asks after the password, just press enter. This is an encryption algorithm parameter that can be automatically configured.

ae9d7225-d7ea-40c8-93a5-ca6ca2d42a51.png


Test completed
If your Windows has booted, and you see this window, then the test is completed successfully, press Encrypt to start encryption.

d5245eed-c275-4841-86db-15eb7ddc16ad.png


See instructions on how to download a recovery disc.

5157243a-483e-4925-ae36-3d61754eee7c.png


Encryption
After the end of the encryption process, you will receive a message, click OK.

262bdd26-a163-4765-976e-a8e867734268.png


Click Finish
Congratulations, all of your files and operating system files are now encrypted and will decrypt on the fly when accessed. All decrypted data is stored in RAM. VeraCrypt never writes them decrypted to disk.

cd2fe4d7-75c2-487e-928d-b2bfd60c8b37.png
 
Top