Quick Links

Just about any self respecting geek always has a flash drive handy. Whether it is on your key ring on in your purse, having the ability to access certain files and utilities anywhere can really come in handy at times. However, if you were to lose or have this flash drive stolen, depending on what is stored on the drive, you could be setting yourself up for a completely preventable disaster. With the help of TrueCrypt, you can easily protect the data stored your flash drive so that if it is lost or stolen, nobody will be able to get to your sensitive files. Image via LadiesGadgets

Creating a TrueCrypt Volume

Plug in the flash drive you want to protect data on copy any data you want to protect onto a folder on your hard disk. We will move them to the encrypted volume once we are done. The process of creating an encrypted file container for a flash drive is no different from the normal TrueCrypt process. If you are familiar with how to do this already, you can skip this section or just scroll through it for a quick refresher. From the Tools menu, select Volume Creation Wizard.

image

Select the option to Create an encrypted file container. We do not want to select the option to encrypt a non-system partition/drive because this would prevent us from loading the files required to mount a TrueCrypt volume on our flash drive. This would mean the computer we plug our flash drive into would have to already have TrueCrypt installed in order to access our data.

image

Select the option to create a Standard TrueCrypt volume.

image

Set the destination to a file located on your flash drive.

image

Set your encryption options. The default values will do nicely.

image

Set the size for the encrypted volume. Make sure you leave at least 10 MB free so there is room for the TrueCrypt files required for mounting and dismounting the volume.

image

Set a strong password.

image

Wait patiently while the TrueCrypt volume is created.

image
image

Loading the TrueCrypt Binary Files on Your Flash Drive

In order to access your encrypted volume on systems which do not have TrueCrypt loaded, you must load the required binary files needed to mount the container on the host system. Thankfully, TrueCrypt has a function which makes this easy. From the Tools menu, select Traveler Disk Setup.

image

We will come back to what this notice means a bit later.

image

Browse to the drive letter of your flash drive under the File Settings. Under AutoRun Configuration, select the option to Auto-mount the TrueCrypt volume and then set the following options:

Create traveler disk with the set options.

image

This is an important notice. In order for TrueCrypt to mount a volume on a host system, one of the following conditions must be met:

The reason you need administrative rights if TrueCrypt is not installed natively is due to the requirement that a system driver must be loaded on the host system in order to mount the encrypted volume. Since only administrators can load and unload system drivers, you must have this level of access or you will not be able to mount the TrueCrypt driver. On the other hand, if the driver is already present on the host (i.e. TrueCrypt is installed natively), you should be able to mount your encrypted driver with normal user level access.

image

Once the traveler disk setup is complete, you should see your flash drive shows with a TrueCrypt icon in Windows Explorer.

image

Easily Opening the TrueCrypt Volume on the Host Machine

Once you have configured your flash drive as a TrueCrypt Traveler Disk, opening the contents in Windows Explorer should look something like the screen below.

image

Notice there is an autorun.inf file which was created during the setup. Getting back to the message box we said we would discuss later, this is intended to run automatically when the flash drive is plugged into the host machine, however most Windows machines have the AutoRun option disabled (as they should), so this will never execute. Because of this, you will have to mount and dismount your TrueCrypt volume manually. Of course, doing it manually isn't acceptable so with a couple of batch scripts we can easily mount and dismount the TrueCrypt volume with a double-click. Open the autorun.inf file in Notepad and copy the text following the line which begins with "open=".

image

Create a new text file called MountTC.bat and paste what you previously copied into this file. When run, this batch file will mount the TrueCrypt volume stored on the flash drive onto the host system.

image

Back in the autorun.inf file, copy the text following the line which begins with "shell\dismount\command=".

image

Create a new text file called DismountTC.bat and paste what you previously copied into this file. When run, this batch file will dismount all the TrueCrypt volumes on the host system.

image

When finished, you should see the two batch files we created in your flash drive.

image

Opening the TrueCrypt Volume

After you plug in the flash drive to the host machine if the TrueCrypt volume does not attempt to mount itself automatically, simply run the MountTC.bat file. Remember, TrueCrypt must be natively installed or you have to have administrative rights on the host machine. You will get a UAC prompt if TrueCrypt is not natively installed, so confirm you want to continue. Enter your password for the TrueCrypt volume.

image

Your volume will be mounted and your encrypted files will now appear. Copy any files you want to protect inside of your TrueCrypt volume and nobody will be able to access them without the password.

image

Once you are finished, simply run the DismountTC.bat file and your TrueCrypt volume will be gracefully dismounted.

Important Security Notice

It is important to understand that while your files are encrypted on the flash drive, once you mount the TrueCrypt volume on the host machine, they are at the mercy of this machine. As a result, you should be careful where you decide to access your files. Download TrueCrypt