Backup and Recovery

Now is a good time to think about backing up the contents of your hard disk. If something goes wrong with the encryption process, you will want to keep a backup of your files in order to be able to restore the system. The files can (or should) of course also be stored on an encrypted data carrier that can be easily mounted by a booted system.

Next, select whether you have one or several operating systems installed on your data carrier. Then click Next and set the encryption parameters as described above. You are then taken to the PIN entry screen. Of course, you cannot select any files here, because you do not have access to the hard disk at system boot time.

VeraCrypt sets the keyboard layout to English when you enter the password. This is because only the BIOS settings are available at boot time before the operating system possibly adopts your choice of keyboard layout. You need to take this into account, especially if you want to use nonstandard characters in your password. You will normally have an English keyboard layout, but to be on the safe side and make sure that the BIOS is not playing tricks on you with a country-specific language setting, it is a good idea to display the password so that you can enter the password with your local keyboard layout in case of an emergency.

VeraCrypt also lets you create your own VeraCrypt rescue medium. This helps you to repair a defective VeraCrypt bootloader and also – with the correct password, of course – to permanently decrypt the system partition again, for example, to repair a defective Windows system. You need to burn the ISO image you create to a CD/DVD or transfer it to a USB stick. If you encrypt several systems with VeraCrypt, you will need an individual rescue medium for each system.

Before the encryption process starts, you need to define the delete options for the existing system files. You can overwrite files multiple times to prevent an attacker from restoring them – even after overwriting the free disk areas with the encrypted volume. Now take note of the recovery instructions and warnings before starting the obligatory pre-test. The computer reboots and Windows launches again after you enter the password. VeraCrypt displays a success message for the test after the reboot.

Click on Encrypt and say yes to warning prompts. The encryption process then starts. You will need some patience, depending on the size of your data carrier. Once the process has completed, you can close the dialog box and will see your system partition mounted in the drive overview. Of course, you cannot eject the drive. To protect your data, shut down the system.

After restarting, you will be prompted to enter the key. Remember that you must type the key with an English keyboard layout. In addition to the password, you will be asked to enter a PIM if you set one. If you have not set a PIM, you can simply press Enter to confirm, otherwise you need to enter the correct value here. The operating system then boots in the usual way, and you can work with virtually no loss of performance.

Conclusions

Encrypting data, especially on mobile devices, is essential in the corporate environment. As an alternative to BitLocker, VeraCrypt offers a sophisticated approach to encrypting data carriers. It protects USB memory sticks, hard disks, and your system partition (though only when the computer is switched off or not connected). Hidden volumes also give users the ability to credibly deny the existence of any such volumes, should someone attempt to force you to hand over your data.

With the steps covered in this article, you can encrypt your computer with VeraCrypt. Keep in mind, however, that secure passwords are an important security aspect.