In this example, TrueCrypt is creating an encrypted container that will reside on the file system. Only files placed in this container will be encrypted (unless another form of full-disk encryption, such as BitLocker or FileVault, is to be used).
In this example, a Standard TrueCrypt volume will be created. If Hidden Truecrypt volume were selected, it would create a hidden volume within a volume. This allows for an additional layer of security. The hidden volume would require an additional password. More information can be found at: http://www.truecrypt.org/docs/?s=hidden-volume.
Select the area on the file system that the container will reside. The container acts just like a normal file; it can reside on the C:\ drive or a USB memory stick.
There are different encryption algorithms that can be utilized by TrueCrypt. For the majority of UMS data, the default AES, will be sufficient. Before selecting an algorithm, ensure that there are no regulatory obligations that may require a specific level of encryption. The Office of Information Security requires all compliant data reside on an AES-256 encrypted volume or disk. If AES-256 cannot be utilized or if it may cause undesirable performance overhead, please fill out an exception form with the CISO.
The volume size will vary per user, but ensure that there is more than enough room to adequately store any sensitive files or data.
Select a strong password to encrypt the container. It is advised to use more than 20 characters and a random mixture of upper and lower case letters, numbers, and special characters. The maximum length is 64 characters. See the password vaults page for more information on securely storing complex passwords.
Select the volume format of the drive. For many users, the default FAT, will be sufficient. Spend a minute moving the mouse and doing normal activity before selecting next as the computer is using the entropy from the computer’s activity to generate the encryption keys that will be used.
Depending on the size and format of the volume, the formatting period will vary.
Congratulations! An encrypted volume has been created on the computer.
Select a drive letter (in this example, T:) that Windows will use to mount the encrypted volume. Press Select File... and navigate to the volume created in the steps above. Finally, press Mount.
Enter the strong password created above and press OK.
The volume is now mounted. Navigate to My Computer to use the encrypted volume just as if it were a normal drive on the computer.