Full Disk Encryption with TrueCrypt (for Windows)

Take a moment to think about the information that is present on your personal computer.  Most people come up with a similar list:  Photos.  Taxes.  Passwords.  Financials.  Emails.  Documents and spreadsheets from work.

What would happen if your computer was lost or stolen, and the information on your system is made public?  Are your accounts safe?  What about your credit score?  Were any of the work files confidential?  Was your online banking password on there?  Losing your computer can be a terrifying prospect.

There is a solution to this problem, and it doesn’t come in the form of a laptop lock (even though they do help).  The solution is full disk encryption.  A full disk encryption program, such as TrueCrypt, encrypts every byte of data present on the hard drive of your computer.  It even encrypts the files that allow you to boot into Windows.  As such, TrueCrypt will ask you for your password every time you reboot your computer — before Windows begins to load.  Should your computer fall into the wrong hands, your data is safe and secure.

Are you ready to encrypt your computer?  Let’s get started!

This procedure is for your personal, Windows-based computer only.  Bucknell-managed systems use Microsoft’s Bitlocker encryption, which is designed for large, centrally managed networks.  TrueCrypt is perfect for stand-alone systems like those you have at home.

First:  Back up your computer!  Before making any major change to your computer, it is always a good idea to create a backup of your important files.

Download the TrueCrypt installer from their website:


Run the setup program (TrueCrypt Setup N.NN.exe) and perform a default installation.

Launch TrueCrypt by clicking on the icon in your Start menu.


Under the System menu, select Encrypt System Partition/Drive…    Select Normal, then click Next.


Select Encrypt the system partition or entire system drive, then click Next.


Select No to Encryption of Host Protected Area, then click Next.


Select Single-boot.  If you have a dual-boot setup, you cannot use TrueCrypt full disk encryption at this time.


Accept the defaults on the Encryption Options screen, then click Next.


Choose a very strong password and enter it on the Password window.  Choosing a strong password is the most important part of full disk encryption.


On the Collecting Random Data screen, wiggle your mouse in a haphazard fashion.  TrueCrypt will use the readings from your mouse to generate a high-quality random number to be used during the encryption process.  Click Next.


At the Rescue Disk screen, click Next.  TrueCrypt will create a CD-ROM Iimage in your Documents folder.


At the Rescue Disk Recording screen, click Next.  You must now burn the rescue image to a CD.  This CD is very important — should you lose or forget your password, this disc is the only way to regain access to your computer.


The Windows Disc Image Burner screen appears.  Insert a blank CD into your drive, then click Burn.


When the disc is complete, the system will eject it from your system.  Re-insert the disc, then click Next on the Rescue Disk Recording screen.

TrueCrypt will verify that the Rescue Disk works properly.  Remove the CD, label it, and store it in a safe place.  Click Next.


On the Wipe Mode screen, choose None (fastest).  Click Next.


TrueCrypt is now ready to reboot your system and begin the encryption process.  Yes.


After your computer restarts, but before Windows begins to load, TrueCrypt will prompt you for your password.   Type it in, then hit Enter.


After your desktop appears, the TrueCrypt Pretest Completed window will appear.  Click Encrypt.

Truecrypt will now begin to encrypt your hard drive.  This will take several hours, depending upon the speed of the computer and size of your hard drive.  You can minimize this window and use your computer while the encryption process continues.


After the encryption process completes, you can use your computer exactly as before.  The only change which you will notice is the TrueCrypt password prompt, which appears every time your system boots.  If your computer is lost or stolen, you can rest assured that your data is secure and inaccessible to anyone who does not know your TrueCrypt password.  In fact, TrueCrypt’s AES encryption is so strong that not even the FBI can break it!

Comments are closed.


Places I've Been

The following links are virtual breadcrumbs marking the 12 most recent pages you have visited in Bucknell.edu. If you want to remember a specific page forever click the pin in the top right corner and we will be sure not to replace it. Close this message.