How to Encrypt a Harddrive?

abhinashBy
encrypt-drive

Most of us use a password on our computers, files, and folders to protect against unauthorized access. However, password protection does not guarantee the safety of data.

So, to prevent data theft, encrypting the hard drive is the best option. While Encryption also uses a password for protection, it adds up the security by scrambling all the data inside a file and changing them into cipher codes. So, even if someone finds the file, they won’t be able to make sense of the data without the encryption key.

Encrypting a Harddrive in Windows

You have several options to encrypt the hard drive, such as the built-in BitLocker or other third-party tools in Windows. Let’s discuss the stepwise process to add the encryption using both methods here.

Using BitLocker

BitLocker has been incorporated into Windows OS since the time of Windows Vista. It now has much-improved security algorithms.

When you lock your drive with BitLocker, it encrypts all the files, and you will require the security password or recovery key to decrypt and access those data. It employs an AES encryption type with 128 or 256-bit keys algorithm for protection.

Let’s move on to keep your drive encrypted using BitLocker.

  1. Open Windows Explorer by pressing Windows + ‘E’.
  2. Click on This PC or Computer to list the drives on your system.
  3. Right-click on the drive and select Turn on BitLocker.
    turn on bitlocker
  4. Select Use a password to unlock the drive. It may not be usual for everyone to possess a Smart card.
  5. Set a strong password of at least 8 characters and click Next.
    use-a-password-to-unlock-the-drive
  6. Save the recovery key to the location of your choice. We recommend you save it in atleast two different locations in case you cannot access one of them. You will lose all your data if you forget your password and the recovery key.
    save-recovery-key
  7. Select either Encrypt used disk space only or Encrypt entire drive, depending upon your requirement. The option to encrypt the used disk space only is faster and encrypts all the files available currently and any added in the future. Both options are secure.
    encrypt-used-disk-space-only
  8. Select the Encryption mode and click Next.
    encryption-mode
  9. Finally, click on Start Encrypting.
    start-encrypting
  10. Once the encryption completes, restart your PC.

If you do not find the Turn on BitLocker feature in the context menu of the drive (in the case of earlier Windows versions), you can do this through Control Panel.

  1. Press Windows + ‘R’ and enter control to navigate to the Control Panel.
  2. Select View by Small Icons.
  3. Find BitLocker Drive Encryption and click on it. In some OS, you may find it inside System and Securities.
    bitlocker drive encryption
  4. Click on Turn on BitLocker on the right side of the drive you want to lock.
    turn on bitlocker control panel
  5. Here onwards, follow the same instructions mentioned in and after Step 5 above.
The drawback of BitLocker is that once you unlock the drive using the password or recovery key, it will remain unlocked until you restart your PC. And while the drive is unlocked, you can easily obtain the recovery key using Command Prompt. This can provide a window for infiltrators to access your recovery key and hence the drive.

Using Third-Party Tools

You can also use several reliable third-party freeware applications that can encrypt your drive with the highest security if you do not find BitLocker secure. Some of them are TrueCrypt, AESCrypt, VeraCrypt, and so on.

Here, we are going to provide the steps to encrypt the drive using an open-source application, VeraCrypt, for demonstration.

To Encrypt Non-System Partition

  1. Download the VeraCrypt Installer file and Install it accordingly on your system.
  2. Run VeraCrypt on your PC.
  3. Click on Create Volume.
    create volume
  4. Choose Encrypt a non-system partition/drive. It is used to encrypt the partition without the operating system, external drive, USB flash drive, etc.
    encrypt a non-system partition
  5. Select Standard VeraCrypt volume or Hidden VeraCrypt volume by reading the information given there.
  6. To select Volume, click on Select Device and choose the respective partition that you want to protect.
    select partition
  7. Click Next.
  8. Now, choose Encrypt partition in place. Selecting Create encrypted volume and format it will remove all the data in the drive.
    encrypt partition in place
  9. Leave the Encryption Algorithm and Hash to default and click Next.
  10. Set a strong Password.
    set password
  11. Move your mouse to improve randomness in the encryption process, and click Next.
    mouse movement
  12. Choose the Wipe mode, and finally, click Encrypt.
    encrypt
  13. Select Yes in the confirmation window.

To Encrypt a System Partition

If you are trying to encrypt the drive containing the Operating System, the process is a little different.

  1. Follow the same process up to step 3 mentioned above,
  2. Choose Encrypt the system partition or the entire system drive.
    encrypt system drive partition
  3. Select Encrypt the Windows system partition.
    encrypt the windows system paritition
  4. Choose either Single-boot or Multi-boot depending on the number of OS on the drive.
    single boot or multiboot
  5. Choose the Encryption method and set Password.
  6. When you reach the Rescue Disk stage, check the Skip Rescue Disk verification. This will create a rescue disk automatically for safety purposes.
    skip rescue disk verfification
  7. Now, copy the rescue disk image created to a USB flash drive or another unencrypted drive and click Next. You will not be able to move forward unless you copy the file somewhere safe. If any error appears even after copying the image file, reinsert the USB drive and copy the rescue disk image again.
  8. Now continue according to the instruction mentioned earlier.

It will take seconds to a few minutes to complete the process. You cannot access the encrypted drive yet, as it is hidden and unmounted. So, to access the encrypted drive,

  1. Run VeraCrypt again.
  2. Click on Select Device.
    select Device
  3. Select the Partition you just encrypted and click OK.
    select encrypted partition
  4. Choose a random unused Drive letter from the list.
  5. Click on Mount. Alternatively, you can select Auto-Mount Devices to mount all encrypted drives at once.
    mount partition
  6. Enter the password and press OK.
    enter password

After the drive is mounted, you can now access it from File explorer normally. For security purposes, once your work is completed, you can click on Dismount All to hide the drive again.

Decrypting an Encrypted Drive

Once you are free from security threats or you want to remove the encryption, you can easily decrypt the drive.

For BitLocker

You can turn off the protection in the drive to decrypt it completely.

  1. Open Control Panel and navigate to BitLocker Drive Encryption.
  2. Click on Unlock Drive for the encrypted one.
  3. Enter the password or recovery key to unlock it.
  4. Now, click on Turn off BitLocker and follow the instruction.
    turn off bitlocker

The encryption will be removed from the drive.

For Third-party Applications

Every application has its own way of decrypting the drive. However, the general steps are usually the same. You will have to select the drive within the application, enter the password to unlock the drive, find the Decrypt option, and click on it. After a short while, your drive will be free of encryption.

I am a mechanical engineer who was awe-struck at first sight of computer. Since then, I have excelled at writing tech-contents regarding every problems and features of windows, software, hardware and anything it incorporates. In addition, I love to study, play FIFA, write poetry and enjoy the gift of life that the mother nature have provided to us.

Related Posts

Add A Comment

Leave A Reply