Secure disk encryption by using Windows BitLocker "Go"

Users of laptops must have the suspicion that when your laptop is lost or is being acquired because of an irresistible force, how can you prevent personal data files from being acquired by others?

The simplest and most reliable way to protect your computer data from seeing your data files (including directories, filenames) is to use Windows-brought encryption tools for Windows BitLocker.

BitLocker Drive Encryption is a data protection feature of Windows that protects data by encrypting the entire drive, with the goal of freeing Windows users from threats caused by data theft or leaks due to lost or stolen computer hardware.

BitLocker encryption can support both FAT and NTFS two formats, encrypt your computer's entire system partition, or encrypt removable portable storage devices such as USB flash drives and removable hard disks. BitLocker is encrypted using AES (Advanced Encryption Standard/advanced encryption) 128-bit or 256-bit encryption algorithm, and its cryptographic security reliability is guaranteed, usually, as long as the user's password is strong enough, This encryption is hard to crack.

　　Encrypted drive

The method of BitLocker encryption on a disk is simple, open the Explorer, right-click on the disk you want to encrypt, and select "Enable BitLocker". You can also enable and manage encryption in Control Panel-system and security-BitLocker Drive Encryption.

After the user taps the "Enable BitLocker" button, you are about to set the password for the encrypted drive in the new pop-up window, click "Next" when you are done and choose where to save the recovery key.

Generally, the recovery key is stored in a USB flash drive or printed out in a good safety factor, because in that case, the encryption drive and recovery key separation storage, security is better, if the recovery key is saved on the hard disk, it is possible to be a third-party tool software scanning to obtain.

BitLocker then encrypts the entire drive, and BitLocker's encryption and decryption of the drive takes a long time, and the user waits for a considerable period.

Once the encryption is complete, you can see that there is a lock on the original disk icon, which means that the drive is encrypted.

　　Encrypt USB drives and removable hard drives

In addition, BitLocker provides the BitLocker to go feature specifically for encrypting Removable Storage devices such as USB flash drives, removable hard disks, etc., with encrypted decryption and local drives as easy to use.

When a USB flash drive is inserted on the computer, the "Enable BitLocker" feature in "Control Panel"-"System and Security"-"BitLocker Drive Encryption" is enabled, and after entering the encryption interface, it is identical to the previous local drive encryption process.

Because you are encrypting the USB flash drive, you will see that BitLocker prompts the user to save the recovery key to a local file on your computer or to print, which is typically saved in a local location. After the encryption is complete, when you look at all the drives in your computer, you will see a key on the USB flash drive that is already encrypted.

After the encryption is complete, the disk icon on the USB flash drive has a lock, which means that the USB flash drive is encrypted. Then, if the USB drive is removed and then inserted into the USB drive again, a prompt will appear to enter the password, only the correct password to open the USB flash drive.

Encrypt directory

Many users do not want to encrypt the entire disk, they want to encrypt only one folder or file. Although BitLocker does not support folder encryption, you can use a workaround to encrypt folders or files.

The idea of encryption is simple, using the VHD feature to create a virtual hard disk in the system, then encrypt it with BitLocker, and then save our privacy file in this "encrypted disk".

The VHD is a virtual disk file of Microsoft Vsan, which can be created and mounted separately in a Windows system using the following methods:

Right click on "Computer" select "Manage", in "Computer Management" We click "Disk Management", right click "Create VHD". Here Click "Browse" or enter the path of the VHD we want to create, determine the size of the virtual hard disk, size can be based on the hard disk available space and its own needs to decide, others can choose the default. Once determined, the system will start creating a new disk.

To refresh the Disk Management page, you can see a disk with a property displayed as "Unknown". Right click on unknown disk, select "Initialize Disk", format with default, click OK. At this point we see that the unknown disk has become a basic and online state.

Right-click on the Unassigned area, select "New Simple Volume", the dialog box appears, continue to the next step until the completion, display a new volume, here, we create the VHD step is complete.

At this point, the VHD virtual disk has been created, and we can use the encryption drive above to encrypt it BitLocker.

Annotated: Moonlight Blog for original, original address: http://www.williamlong.info/archives/4296.html

Secure disk encryption by using Windows BitLocker "Go"