In a previous blog I taught you how to install TrueCrypt on your computer and use it to encrypt your hard drive. In this blog I will teach you how to now hide the fact that you have TrueCrypt installed and take your computer’s security to the next level.
READ THIS: This was tested and performed on a computer running Windows XP and TrueCrypt 7.1a. These instrucitons are provided for educational purposes only. Always cooperate with law enforcement if they request access to your system. I am not responsible for any legal trouble you may get yourself into, any changes YOU make to YOUR computer are YOUR responsibility and are YOUR choice. It may be possible to detect TrueCrypt through data patterns with hard drive analysis tools. Always back up your files before modifying your operating system.
As you would have noticed by now TrueCrypt puts a rather obvious password prompt on your screen when the computer is started. This of course tells a stranger that has his hands on your computer that it can be unlocked with just a simple password. There are a couple methods to make it seem as through TrueCrypt is not installed.
The first method would be to use TrueCrypts built-in custom text where you can specify an “error” when the computer is booted, but it’s secretly a password prompt. The drawbacks to this methods would be that you have a limited amount of characters that you can enter, and the computer still leaves a flashing cursor on the screen. To enable this method of obscurity, you can edit the boot options in TrueCrypt to change the password prompt on the loader. Many people like using an error, such as “NTLDR is missing.” or “No operating system installed”. It is up to you on what you choose to put here.
The other method is my own personal favorite. The second method hides your TrueCrypt installation the most, because we’ll be restoring the Windows boot loader. Booting the computer would require the use of the TrueCrypt Rescue CD that you made when you installed TrueCrypt on the computer. When someone tries to boot the computer without the TrueCrypt Rescue CD, they’ll get “Error loading operating system.”
Why do this instead of the previously mentioned custom command prompt? Using this method restores the Windows bootloader. If questioned anyone can look at the data on the drive and see the Windows bootloader and may assume there was something wrong with the data on the drive (such as Windows drive compression or Windows built-in encryption). With TrueCrypt’s built-in method, it would be simple to detect the TrueCrypt loader almost immediately when suspected.
Here’s how it’s done:
- Do a full shutdown on your computer — DO NOT hibernate Windows. Making changes to the hard drive when Windows is hibernated may damage your installation.
- Boot the computer using your TrueCrypt Rescue CD.
- Use option 4 to reinstall the Windows Boot Loader.
- Use option 3 to reinstall your TrueCrypt key on the drive.
- Enter your password and boot the computer.
- The next time you restart, you will be required to load the computer with the TrueCrypt Rescue CD. Now when a stranger gets their hands on your computer they will think your windows installation was just left in an unusable state, rather than believing there is a chance to access it.
I recommend making at least 2 copies of your TrueCrypt Rescue CD. One to keep with you to start your computer, one kept in a safe place. If you lose your CD, you will lose all the information stored on your computer!
Unfortunately, I have no found a way to get a properly working TrueCrypt Rescue CD on a flash drive to boot the computer from, so a CD must be used. The good news is if you wanted to disguise your TrueCrypt Rescue CD as something else, you should be able to do so by making a bootable CD and specifying the TrueCrypt Rescue CD image as the boot image for that disc. This would enable you to put your own files on the CD, while having a (mostly) invisible boot CD for your computer. In ImgBurn this may be done by selecting “Write files/folders to disc”, then going to the Advanced tab on the left, and selecting the Bootable Disc subtab.