07 January 2008

Keeping Your USB Drive Safe: Part 1

This is gonna be the first part of several posts on how to keep your thumb drive encrypted, backed up, and safe from anyone who wants to steal it. This tutorial will teach you how to use TrueCrypt and autorun.inf files to secure your USB drive and automatically ask for a password when you plugin your USB.

Encryption

So the first situation to avoid is letting your "private" information come into the wrong hands. To do this, we're going to use TrueCrypt (download), a freeware encryption software.

To prepare your drive first, install TrueCrypt in the "traveller mode" and copy the files to the root directory of your USB drive and start up TrueCrypt from your USB.

Using TrueCrypt



There are two things you can do from here: 1) Encrypt your whole USB drive or 2) Make an encrypted file container. The bad thing about encrypting your whole drive is let's say you take your USB to work or anywhere else and they don't have TrueCrypt. Crap, what do you do? You can't do anything unless you have TrueCrypt. So in this example we're going to make a file container so that you can keep TrueCrypt on your USB (did I mention it's portable?) along with your encrypted files so you can access your secret files from anywhere. (**If you plan to encrypt your whole drive, then you'll have to start TrueCrypt from your hard drive.)

File Container



Click on 'Create Volume'. Pick your drive in the next screen and create a file container using some filename you don't already have on your drive.

Pick Your Algorithms



Pick some encryption and hash algorithm. I usually pick Twofish since it works the fastest for me and Whirlpool (no particular reason for that).

Size and Password

Once you click next, you're going to pick a file container size. I made the container the size of the whole drive so I could keep everything encrypted. Pick your size and then pick your password in the screen after that.



TrueCrypt will allocate the space for the file container and you're done! Just start TrueCrypt and select your file container, mount, and enter the password whenever you want to access your files.

Optional Stuff (My Addition to this Process)

Let's say you've done all this but you want to make sure a person has to enter in the password to view any files. There are some things you can do to make it slightly harder for other's to access your files and easier for you.



We're going to do two things: 1) Make TrueCrypt start automatically and 2) Keep all your unencrypted files 'hidden' and harder to access.

So let's start off by creating a file called 'mount.bat' in the root folder of your USB. As many of you may know, this will let you command line arguments from a file. If you followed the previous part (encrypting) as explained, then open 'mount.bat' using a text editor and type the following:

start "" truecrypt /v usb /a /q /e
**Instead of entering 'usb', enter the name of your file container.

Create another file called 'unmount.bat' (also in the root folder) and type:

start "" truecrypt /d /q

Now create one last file called 'autorun.inf'. This is the file that will automatically execute this stuff as soon as your USB drive is plugged in. Type this in that file:

[autorun]
open=mount.bat
UseAutoPlay=1
shell\mount=Mount
shell\mount\command=mount.bat
shell\unmount=Unmount
shell\unmount\command=unmount.bat
shell=mount




The first line with 'open=..." says to open the following file as soon as the drive is plugged in. The second line says to just run the file instead of having Windows ask what to do (disable Autoplay feature). The next four lines sets some shell menu options to 'Mount' and 'Unmount' the device. The last line says that whenever you double-click on your USB drive from My Computer (if you're using Windows), it will ask you to enter the password for the TrueCrypt container (only if you haven't already done so).

Lastly, open command prompt and navigate to your USB drive (Just type the letter of your drive and ':' [colon] and enter). Type 'attrib +r +h +s' and press enter. This will make all your files read-only, hidden, and system files.

If you have any questions feel free to comment below and I'll try to answer them.

1 comment:

geek sisters said...

Hi, your article was accepted to the Information Security Carnival. You can visit it .

Don't forget to link back, comment, spread the word.