TrueCrypt Full Partition Encryption

TrueCrypt is an easy to use on-the-fly encryption tool.  It can be used to create an ecrypted volume (think of a volume as a virtual hard drive or virtual USB memory stick).

If trueCrypt is not currently installed, navigate to: http://www.truecrypt.org/downloads and download the appropriate version for your operating system.

Create an Encrypted Full Partition

Open TrueCrypt from the Start Menu on Windows, the Applications folder on OS X, or your launcher in Linux.

Select the Create Volume button to begin the process of creating a secured area for your files.

Select Encrypt the system partition or entire system drive from the options. In this example, TrueCrypt is encrypting the partition or drive where Windows is installed.  This option will require the user to enter their correct password each time before Windows boots.

In this example, normal system encryption will be used.  If Hidden TrueCrypt Volume, were selected, it would create a hidden operating system install within the hard drive.  This allows for additional layer of security.  The hidden volume will require an additional password. More information can be found at: http://www.truecrypt.org/docs/?s=hidden-volume.

The Area to Encrypt can be either the Windows system partition or the whole drive.  For ease of use in this example, select Encrypt the Windows system partition.  Read both option and determine which might be best for each individual case.

Select the Number of Operating Systems. For most users, the answer will be Single-boot.

There are different encryption algorithms that can be utilized by TrueCrypt. For the case of a majority of UMS data, the default, AES, will be sufficient. Before selecting an algorithm, ensure that there are no regulatory obligations that may require a specific level of encryption.  The Office of Information Security requires all compliant data reside on an AES-256 encrypted volume or disk. If AES-256 cannot be utilized or if it may cause undesirable performance overhead, please fill out an exception form with the CISO.

Select a strong password to encrypt the container. It is advised to use more than 20 characters and a random mixture of upper and lower case letters, numbers, and special characters. The maximum length is 64 characters. See the password vaults page for more information on securely storing complex passwords.

TrueCrypt will need to collect random data to process the encryption algorithms. Most the mouse around for a few minutes, then press Next.

Press Next to verify the generated keys.

TrueCrypt will create a rescue disk image (ISO format).

Enter the TrueCrypt password to continue to Windows.  Log in to Windows as normal.