Windows Help & Advice - UK (2020-03)

Shred data

securely

delete this backup. However, if you

plan to keep the backup, check out

the box on page 55 about encrypting

your backups.

The creation process is similar to

setting up virtual drives. Start by

selecting Encrypt a non-system

partition/drive on the first page of the

wizard. Choose whether the volume will

be a standard one or hidden, then click

Next. Click Select Device... to choose

your target drive or partition.

The next step is crucial – you have a

choice between Create encrypted

volume and format it (destructive, and

best for empty drives or drives with no

data worth keeping) and Encrypt

partition in place. The latter is much

slower but preserves existing data

• see the box on page 52 for details. If
  creating an encrypted volume from
  scratch, the process is virtually identical
  to creating virtual drives.
  Once the drive has been encrypted,
  read any warning messages, then
  click Finish. To mount the drive,
  select the drive letter you wish to
  assign to it, then click Auto-mount
  Devices. Enter the credentials required,
  wait, and then the drive is mounted
  and available.
  Ordinarily, you have to do this every
  time you restart Windows – to have the
  drive automatically mount when you
  log into Windows, right-click it in the
  main VeraCrypt window after mounting,
  and choose Add to Favorites. Be sure to
  check Mount selected volume upon
  logon before clicking OK. In the future,
  you will be prompted to provide the
  password and any key files each time
  you log into Windows, and then the
  drive will be available.
  One problem with this approach
  occurs if you’ve moved system folders


• such as user folders or those linked to
  cloud services – on to this encrypted
  storage space. You get errors about

missing folders before you unlock

the drive. If you’ve encrypted your

Windows boot drive, you can get

around this by ensuring the password

on your data drive is the same as

that required to unlock your

Windows boot drive, then choose

Add to System Favorites – this way,

the drive is unlocked with your boot

drive, and available when

Windows loads.

(QFU\SWFORXGEDFNXSV

VeraCrypt can protect your files locally,

but copy them anywhere else, and

they’re left unprotected. The box

opposite reveals what to do about

protecting local backups using the

same types of algorithms with suitable

backup software, but what about

those files you back up to the cloud?

Cloud providers claim to encrypt your

files, but sometimes that only applies

to the way the files are transferred

– when stored ‘at rest’ in the cloud,

they may be left unencrypted, and

therefore potentially vulnerable.

Even where encryption is provided,

is it true end-to-end encryption, where

only you possess the all-important

encryption keys required to decrypt

the files? Some cloud providers

– SpiderOak (https://spideroak.com)

and Tresorit (https://tresorit.com),

for example – adopt this ‘no knowledge’

policy, but others don’t.

You don’t need to switch cloud

provider to get this kind of protection;

instead, add your own layer of

encryption to critical files, with keys not

shared with anyone else. An open-

source encryption tool designed for

cloud-based storage is Cryptomator

(https://cryptomator.org), which works

with any cloud provider from OneDrive

to Dropbox. The principle is identical

to VeraCrypt: You create a password-

protected virtual drive – or vault – inside

Select “Volume Properties...” to verify the security of your drive.

WKHQ\RXGHOHWHDÀOHLW·VQRW

physically removed from your PC;

LQVWHDGWKHÀUVWIHZE\WHVRIWKHÀOH

are overwritten with a tag that tells

:LQGRZVWKDWWKHÀOHLVGHOHWHGDQG

the space it currently resides in is

DYDLODEOHZKHQZULWLQJRWKHUÀOHVWR

disk. It speeds things up, but it’s not

good for security.

UQWLOWKHÀOHLVSK\VLFDOO\RYHUZULWWHQ

E\DQRWKHUÀOHLWVFRQWHQWVDUHVWLOO

retrievable. What’s more, even if the

ÀOH is overwritten, it might be possible

to retrieve part or all of it using

VRSKLVWLFDWHGÀOHUHFRYHU\WHFKQLTXHV

So, how do you protect yourself against

that kind of technology?

7 hankfully, there are tools that can

VHFXUHO\ZLSHGDWDIURP\RXUGULYH2QH

that’s free and open source is Eraser

(grab the latest stable version, 5.8.8,

IURPKWWSVHUDVHUKHLGLLHGRZQORDG

During installation, enable the Windows

Explorer extension to allow you to

VHFXUHO\VKUHGDQ\ÀOHE\ULJKWFOLFNLQJ

it and choosing Eraser > Erase. What

DERXWÀOHV\RX·YHSUHYLRXVO\GHOHWHG"

Eraser can securely wipe all free space

WRPDNHGHOHWHGÀOHVXQUHFRYHUDEOH

• right-click the drive in File Explorer,
  and click Erase > Erasing Free Space.
  2 pen the main Eraser program and
  you can set up on-demand and
  scheduled tasks to periodically shred
  VSHFLÀFÀOHVIROGHUVRUIUHHVSDFH%\
  default, Eraser wipes data using the
  Gutmann technique – if this is too
  slow, choose Edit > Preferences >
  Erasing to choose a different method,
  including one of two used by the US
  Department of Defense.

54 |^ |^ March 2020