SEARCH

How-To Geek

How to Protect Your Flash Drive Data with TrueCrypt

image

Just about any self respecting geek always has a flash drive handy. Whether it is on your key ring on in your purse, having the ability to access certain files and utilities anywhere can really come in handy at times. However, if you were to lose or have this flash drive stolen, depending on what is stored on the drive, you could be setting yourself up for a completely preventable disaster.

With the help of TrueCrypt, you can easily protect the data stored your flash drive so that if it is lost or stolen, nobody will be able to get to your sensitive files.

Image via LadiesGadgets

Creating a TrueCrypt Volume

Plug in the flash drive you want to protect data on copy any data you want to protect onto a folder on your hard disk. We will move them to the encrypted volume once we are done.

The process of creating an encrypted file container for a flash drive is no different from the normal TrueCrypt process. If you are familiar with how to do this already, you can skip this section or just scroll through it for a quick refresher.

From the Tools menu, select Volume Creation Wizard.

image

Select the option to Create an encrypted file container.

We do not want to select the option to encrypt a non-system partition/drive because this would prevent us from loading the files required to mount a TrueCrypt volume on our flash drive. This would mean the computer we plug our flash drive into would have to already have TrueCrypt installed in order to access our data.

image

Select the option to create a Standard TrueCrypt volume.

image

Set the destination to a file located on your flash drive.

image

Set your encryption options. The default values will do nicely.

image

Set the size for the encrypted volume. Make sure you leave at least 10 MB free so there is room for the TrueCrypt files required for mounting and dismounting the volume.

image

Set a strong password.

image

Wait patiently while the TrueCrypt volume is created.

image

image

Loading the TrueCrypt Binary Files on Your Flash Drive

In order to access your encrypted volume on systems which do not have TrueCrypt loaded, you must load the required binary files needed to mount the container on the host system. Thankfully, TrueCrypt has a function which makes this easy.

From the Tools menu, select Traveler Disk Setup.

image

We will come back to what this notice means a bit later.

image

Browse to the drive letter of your flash drive under the File Settings.

Under AutoRun Configuration, select the option to Auto-mount the TrueCrypt volume and then set the following options:

  • Enter the file name only of the TrueCrypt volume file.
  • Select First available as the drive letter.
  • Select the option Open Explorer window for mounted volume.

Create traveler disk with the set options.

image

This is an important notice.

In order for TrueCrypt to mount a volume on a host system, one of the following conditions must be met:

  1. TrueCrypt must be installed natively on the host system already.
  2. You must have administrative rights on the host system.

The reason you need administrative rights if TrueCrypt is not installed natively is due to the requirement that a system driver must be loaded on the host system in order to mount the encrypted volume. Since only administrators can load and unload system drivers, you must have this level of access or you will not be able to mount the TrueCrypt driver.

On the other hand, if the driver is already present on the host (i.e. TrueCrypt is installed natively), you should be able to mount your encrypted driver with normal user level access.

image

Once the traveler disk setup is complete, you should see your flash drive shows with a TrueCrypt icon in Windows Explorer.

image

Easily Opening the TrueCrypt Volume on the Host Machine

Once you have configured your flash drive as a TrueCrypt Traveler Disk, opening the contents in Windows Explorer should look something like the screen below.

image

Notice there is an autorun.inf file which was created during the setup. Getting back to the message box we said we would discuss later, this is intended to run automatically when the flash drive is plugged into the host machine, however most Windows machines have the AutoRun option disabled (as they should), so this will never execute. Because of this, you will have to mount and dismount your TrueCrypt volume manually.

Of course, doing it manually isn’t acceptable so with a couple of batch scripts we can easily mount and dismount the TrueCrypt volume with a double-click.

Open the autorun.inf file in Notepad and copy the text following the line which begins with “open=”.

image

Create a new text file called MountTC.bat and paste what you previously copied into this file. When run, this batch file will mount the TrueCrypt volume stored on the flash drive onto the host system.

image

Back in the autorun.inf file, copy the text following the line which begins with “shell\dismount\command=”.

image

Create a new text file called DismountTC.bat and paste what you previously copied into this file. When run, this batch file will dismount all the TrueCrypt volumes on the host system.

image

When finished, you should see the two batch files we created in your flash drive.

image

Opening the TrueCrypt Volume

After you plug in the flash drive to the host machine if the TrueCrypt volume does not attempt to mount itself automatically, simply run the MountTC.bat file. Remember, TrueCrypt must be natively installed or you have to have administrative rights on the host machine. You will get a UAC prompt if TrueCrypt is not natively installed, so confirm you want to continue.

Enter your password for the TrueCrypt volume.

image

Your volume will be mounted and your encrypted files will now appear.

Copy any files you want to protect inside of your TrueCrypt volume and nobody will be able to access them without the password.

image

Once you are finished, simply run the DismountTC.bat file and your TrueCrypt volume will be gracefully dismounted.

Important Security Notice

It is important to understand that while your files are encrypted on the flash drive, once you mount the TrueCrypt volume on the host machine, they are at the mercy of this machine. As a result, you should be careful where you decide to access your files.

Download TrueCrypt

Jason Faulkner is a developer and IT professional who never has a hot cup of coffee far away. Interact with him on Google+

  • Published 05/3/11

Comments (31)

  1. AJ

    Nice article, however its a shame that you need admin rights to run true crypt.

  2. Dan

    @AJ

    It’s a necessary evil, unless you want your OS to allow un-credentialed users from installing system drivers (if so, then you should stick with Win98). Another option is to use FreeOTFE which has a driverless utility that can access its own created volumes. I’ve used FreeOTFE, and while it’s generally slower than Truecrypt (based on my personal benchmarks), it’s still a decent alternative.

  3. Dan

    BTW, I would suggest flash drive volumes to use keyfiles in addition to a password. Since flash drives are ridiculously easy to lose, you need all the protection you can get.

  4. Moroni

    You will lose some portability because you can’t use this flash drive on Linux or Mac.

  5. ion

    I prefer FreeOTFE, it’s portable, and the FreeOTFE Explorer doesn’t need any Administrator privileges.

  6. Megagamerx1

    @Moroni: Truecrypt is open source, and is available for Linux and Mac, too.

  7. studyhard

    isnt it same as bitlocker ? whats the difference?

  8. Demetre

    Truecrypt is an excellent program, I’ve used it for years on Windows and Ubuntu based computers.
    I also used it with my Mac up to Leopard. When Snow Leopard came along Truecrypt became unstable leaving files open, not shutting down properly ect…

    I would really like to see a version compatible with Snow Leopard and Leo as well…

  9. Jeroen

    Good article. I’ll want to use it at my work where I don’t have admin rights and the USB pc doesn’t have truecript installed. Any ideas how to use a encrypted flash drive in this case.

    It’s good that thruecript is available for Ubuntu too.

  10. MrKrowe

    @Jeroen Assuming a Windows based machine … copy the following files to your USB stick …

    truecrypt-x64.sys
    truecrypt.sys
    TrueCrypt.exe

    You should then be able to run the program from the stick and mount a previously created encrypted file, without admin rights.

  11. Corey

    Would this work for a portable hard drive as well?

  12. MrKrowe

    Oops, should read ‘Windows XP based machine’

  13. Harry

    I’d just like to say what a well written article this is.

    I’ve just followed the instructions, looked at the images and it all works.

    Thanks very much – let’s have more from Mr Faulkner.

    - Harry

  14. trythat

    Very nice. But I don’t understand whats bad with BitLocker who does everything for you and its very well encrypted.
    Thanks.

  15. bill

    might i suggest using 7zip to create a self extracting encrypted exe that contains your files?

  16. Jason Faulkner

    @studyhard / @trythat – With Bitlocker, it is all or nothing on the flash drive encryption. If you want to keep unprotected stuff such as commonly used utilities (where you don’t have to enter a password to access them each time) along with protected data, you couldn’t do this with Bitlocker.
    Overall though, there is nothing wrong with Bitlocker, so go with what suits you best.

    @Corey – It should work exactly the same way with a portable HD.


    As for alternatives, there are loads of them out there, however TrueCrypt seems to be the gold standard for encryption and the fact that it works like a normal system drive is a huge plus.

  17. Nate

    This is awesome. I never understood how to create a TrueCrypt container. Every time it would say Volume Location, I didn’t know what to put in. It doesn’t specify an extension for you so I tried .tcv and others but nothing worked when I tried to mount it. Lotta time wasted due to poor documenting on their part. Thanks for this tutorial!

  18. CJ

    Whups! Apologies. It seems since I discovered usbsafeguard they have changed the site, and the app. The free version now only works on drives 2g or smaller. Beautifully written app though. Glad I still have the original free version.

  19. Andreas

    The fact that you need admin rights makes this completely useless in many if not most situations.
    At the office (highschool) I suggested several years ago to have truecrypt installed on the school network. There have been a few incidents with lost memory sticks and sensitive student data. But they won’t listen. So the unnecessary incidents keep repeating themselves.

    I never heard of FreeOTFE. It sounds like this might be a solution for me. Thanks for the tip.

  20. David

    @studyhard
    Study harder. Capitalize the first letter of a sentence and the first letter of a name. Use apostrophes for possessive nouns and abbreviated words.

    isnt it same as bitlocker ? whats the difference? >>
    Isn’t it the same as Bitlocker? What’s the difference?

    Apologies to those who discover any mistakes I’ve just made.

    PS.
    While I’m at it, don’t forget the commonly misspelt homophones:
    eg.
    There, their, they’re
    To, two, too
    Your, you’re, yaw, yore
    etc.

    goo.gl/fNuNX

  21. Chris

    @studyhard – BitLocker is a great solution, but you can only access drives if you have the Ultimate or Enterprise version of Windows Vista or 7. Cost of the OS(s) could be an issue depending what your environment is (home or corporate). BitLocker also doesn’t work on Linux, BSD, or Mac OS X systems, so you are limited to certain Windows OSs. There is a BitLocker To Go application that lets you share encrypted volumes with Windows XP, but you only have READ access to the files (no write!).

    @Jason Faulkner – Thanks for the article. It’s very informative!

  22. terri

    Let me get this straight. I just bought a little flashdrive SanDisk Cruzer 4 Gig. Encrypt the drive and then load all my tools. When I go to fix someones machine with one of the tools on the flash drive- Truecrypt has to be already installed on the machine to be fixed??? Or this encryption wont affect who or what I am working with– its just a deterrant against my passwords and tools being stollen if I lose the flash drive?

  23. Jason Faulkner

    @terri – You can create a TrueCrypt file is is only, say, 2 GB and leave the other 2 GB to store your tools. This way you can access your tools without mounting the TC volume, however if you want to get to the protected data you would have to load it through TC.

    So if you lose it, people could only get to your unprotected files (i.e. the tools) and the files in your TC volume are protected behind the password.

  24. terri

    Jason Thanks!

  25. Erik

    @Chris – “BitLocker is a great solution, but you can only access drives if you have the Ultimate or Enterprise version of Windows Vista or 7.”

    You can only create the encrypted partition if you have Win7 Ultimate/Enterprise. Once Bitlocker To Go is setup on the drive you can use the drive with ANY version of Windows 7, Starter, Home, Pro, or Ultimate/Enterprise.

    But your second statement is correct, for Windows XP and Vista the drive will be Read-Only and of course it is not compatible with other OSes beyond that.

  26. Chris

    @Erik – Thanks for the clarification.

  27. tony

    why not just create an encrypted winzip file on the drive and dump your files in there?

  28. Jason Faulkner

    @tony – The problem with this is files are often unzipped to the temp directory on the local computer and either opened or copied from there. Depending on the zip client you use, it may not be deleted from the temp directory automatically… this is obviously very dangerous if the file is sensitive.

  29. jerome

    can anyone help? ive followed these instructions with flash drives and sd cards, but i get the same result each time: files on them arent encrypted when i put them into other pcs. i can open any documents on there as if none of the truecrypt files were there. if i open the ‘mountTC.bat’ file, i am asked to enter my password, although just pressing cancel takes me back to my unencrypted documents

  30. Jason Faulkner

    @jerome – It sounds like you are saving the files directly on the flash drive instead of into the TrueCrypt container stored on the flash drive.

    In order for the files to be protected by TrueCrypt, you have to mount the TrueCrypt container onto the host machine and save them then in the respective drive letter.

  31. jerome

    @Jason, thanks for your help but thats what i think thats what i was doing. do you have any other ideas what this might be? i really want this to work but ive tried the process about 5 times and get the same results

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!