How to Protect Your Flash Drive Data with TrueCrypt

Creating a TrueCrypt Volume

Plug in the flash drive you want to protect data on copy any data you want to protect onto a folder on your hard disk. We will move them to the encrypted volume once we are done.

The process of creating an encrypted file container for a flash drive is no different from the normal TrueCrypt process. If you are familiar with how to do this already, you can skip this section or just scroll through it for a quick refresher.

From the Tools menu, select Volume Creation Wizard.

Select the option to Create an encrypted file container.

We do not want to select the option to encrypt a non-system partition/drive because this would prevent us from loading the files required to mount a TrueCrypt volume on our flash drive. This would mean the computer we plug our flash drive into would have to already have TrueCrypt installed in order to access our data.

Select the option to create a Standard TrueCrypt volume.

Set the destination to a file located on your flash drive.

Set your encryption options. The default values will do nicely.

Set the size for the encrypted volume. Make sure you leave at least 10 MB free so there is room for the TrueCrypt files required for mounting and dismounting the volume.

Set a strong password.

Wait patiently while the TrueCrypt volume is created.

Loading the TrueCrypt Binary Files on Your Flash Drive

In order to access your encrypted volume on systems which do not have TrueCrypt loaded, you must load the required binary files needed to mount the container on the host system. Thankfully, TrueCrypt has a function which makes this easy.

From the Tools menu, select Traveler Disk Setup.

We will come back to what this notice means a bit later.

Browse to the drive letter of your flash drive under the File Settings.

Under AutoRun Configuration, select the option to Auto-mount the TrueCrypt volume and then set the following options:

  • Enter the file name only of the TrueCrypt volume file.
  • Select First available as the drive letter.
  • Select the option Open Explorer window for mounted volume.

Create traveler disk with the set options.

This is an important notice.

In order for TrueCrypt to mount a volume on a host system, one of the following conditions must be met:

  1. TrueCrypt must be installed natively on the host system already.
  2. You must have administrative rights on the host system.

The reason you need administrative rights if TrueCrypt is not installed natively is due to the requirement that a system driver must be loaded on the host system in order to mount the encrypted volume. Since only administrators can load and unload system drivers, you must have this level of access or you will not be able to mount the TrueCrypt driver.

On the other hand, if the driver is already present on the host (i.e. TrueCrypt is installed natively), you should be able to mount your encrypted driver with normal user level access.

Once the traveler disk setup is complete, you should see your flash drive shows with a TrueCrypt icon in Windows Explorer.

Easily Opening the TrueCrypt Volume on the Host Machine

Once you have configured your flash drive as a TrueCrypt Traveler Disk, opening the contents in Windows Explorer should look something like the screen below.

Notice there is an autorun.inf file which was created during the setup. Getting back to the message box we said we would discuss later, this is intended to run automatically when the flash drive is plugged into the host machine, however most Windows machines have the AutoRun option disabled (as they should), so this will never execute. Because of this, you will have to mount and dismount your TrueCrypt volume manually.

Of course, doing it manually isn’t acceptable so with a couple of batch scripts we can easily mount and dismount the TrueCrypt volume with a double-click.

Open the autorun.inf file in Notepad and copy the text following the line which begins with “open=”.

Create a new text file called MountTC.bat and paste what you previously copied into this file. When run, this batch file will mount the TrueCrypt volume stored on the flash drive onto the host system.

Back in the autorun.inf file, copy the text following the line which begins with “shell\dismount\command=”.

Create a new text file called DismountTC.bat and paste what you previously copied into this file. When run, this batch file will dismount all the TrueCrypt volumes on the host system.

When finished, you should see the two batch files we created in your flash drive.

Opening the TrueCrypt Volume

After you plug in the flash drive to the host machine if the TrueCrypt volume does not attempt to mount itself automatically, simply run the MountTC.bat file. Remember, TrueCrypt must be natively installed or you have to have administrative rights on the host machine. You will get a UAC prompt if TrueCrypt is not natively installed, so confirm you want to continue.

Enter your password for the TrueCrypt volume.

Your volume will be mounted and your encrypted files will now appear.

Copy any files you want to protect inside of your TrueCrypt volume and nobody will be able to access them without the password.

Once you are finished, simply run the DismountTC.bat file and your TrueCrypt volume will be gracefully dismounted.

Important Security Notice

It is important to understand that while your files are encrypted on the flash drive, once you mount the TrueCrypt volume on the host machine, they are at the mercy of this machine. As a result, you should be careful where you decide to access your files.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s