Truecrypt

Free open source on-the-fly encryption software

Portable Mode

TrueCrypt can run in so-called portable mode, which means that it does not have to be installed on the operating system under which it is run. However, there are two things to keep in mind:

  1. You need administrator privileges in order to be able to run TrueCrypt in portable mode (for the reasons, see the chapter Using TrueCrypt Without Administrator Privileges).
    Note: No matter what kind of software you use, as regards personal privacy in most cases, it is not safe to work with sensitive data under systems where you do not have administrator privileges, as the administrator can easily capture and copy your sensitive data, including passwords and keys.
  2. After examining the registry file, it may be possible to tell that TrueCrypt was run (and that a TrueCrypt volume was mounted) on a Windows system even if it had been run in portable mode.

Note: If that is a problem, see this question in the FAQ for a possible solution.

There are two ways to run TrueCrypt in portable mode:

  1. After you extract files from the TrueCrypt self-extracting package, you can directly run TrueCrypt.exe.Note: To extract files from the TrueCrypt self-extracting package, run it, and then select Extract (instead of Install) on the second page of the TrueCrypt Setup wizard.
  2. You can use the Traveler Disk Setup facility to prepare a special traveler disk and launch TrueCrypt from there.

The second option has several advantages, which are described in the following sections in this chapter.

Note: When running in ‘portable’ mode, the TrueCrypt driver is unloaded when it is no longer needed (e.g., when all instances of the main application and/or of the Volume Creation Wizard are closed and no TrueCrypt volumes are mounted). However, if you force dismount on a TrueCrypt volume when TrueCrypt runs in portable mode, or mount a writable NTFS-formatted volume on Windows Vista or later, the TrueCrypt driver may not be unloaded when you exit TrueCrypt (it will be unloaded only when you shut down or restart the system). This prevents various problems caused by a bug in Windows (for instance, it would be impossible to start TrueCrypt again as long as there are applications using the dismounted volume).

Tools -> Traveler Disk Setup

You can use this facility to prepare a special traveler disk and launch TrueCrypt from there. Note that TrueCrypt ‘traveler disk’ is not a TrueCrypt volume but an unencrypted volume. A ‘traveler disk’ contains TrueCrypt executable files and optionally the ‘autorun.inf’ script (see the section AutoRun Configuration below). After you select Tools -> Traveler Disk Setup, the Traveler Disk Setup dialog box should appear. Some of the parameters that can be set within the dialog deserve further explanation:

Include TrueCrypt Volume Creation Wizard

Check this option, if you need to create new TrueCrypt volumes using TrueCrypt run from the traveler disk you will create. Unchecking this option saves space on the traveler disk.

AutoRun Configuration (autorun.inf)

In this section, you can configure the ‘traveler disk’ to automatically start TrueCrypt or mount a specified TrueCrypt volume when the ‘traveler disk’ is inserted. This is accomplished by creating a special script file called ‘autorun.inf’ on the traveler disk. This file is automatically executed by the operating system each time the ‘traveler disk’ is inserted.

Note, however, that this feature only works for removable storage devices such as CD/DVD (Windows XP SP2, Windows Vista, or a later version of Windows is required for this feature to work on USB memory sticks) and only when it is enabled in the operating system. Depending on the operating system configuration, these auto-run and auto-mount features may work only when the traveler disk files are created on a non-writable CD/DVD-like medium (which is not a bug in TrueCrypt but a limitation of Windows).

Also note that the ‘autorun.inf’ file must be in the root directory (i.e., for example G:\, X:\, or Y:\ etc.) of an unencrypted disk in order for this feature to work.

Translate »