Of course, this type of attack is usually of greater concern for laptops and netbooks, since it’s easy for them to get lost or stolen, but you might want it for your desktop PCs, too.
DiskCryptor is a free, open-source program that can encrypt entire drives, including the drive (or partition) where Windows is installed. Best of all, it usually doesn’t require you to format the Windows drive. Instead (usually), you can just apply the encryption without having to worry about reinstalling Windows. Another popular free utility, TrueCrypt, offers similar encryption but it sometimes does require you to format the Windows drive (unless you’re just encrypting individual files). The Ultimate and Enterprise editions of Windows 7 and Vista offer a disk-encryption utility called BitLocker, but it can be somewhat tricky to set up.
First, you should be aware that, once you apply the encryption with DiskCryptor, you’ll have to enter the encryption password every time you turn on your computer in order to enable it to boot. Once you’ve entered the password, your computer will boot and Windows will start up as usual. If you have a set a separate Windows password, you’ll also have to enter that.
If you would like to use DiskCryptor, download it from the company’s website. You’ll probably want to choose the latest Stable Installer version.
As DiskCryptor’s makers suggest, you should create a bootable Windows disk (LiveCD) with DiskCryptor, using the company’s instructions, before encrypting your Windows drive. That way, if you run into booting problems later, you can insert the disc and use the included DiskCryptor utility to decrypt the drive with your password. (If you don’t perform this step, you won’t be able to retrieve your files.) You could use a different PC to create this bootable disc later, if you run into booting problems, but it’s wiser to create it ahead of time so that you’ll have it on hand when the need arises.
When you’re ready to encrypt, simply open DiskCryptor, select the system drive (usually C:), and click Encrypt. Then follow the prompts to configure the various settings. You’ll probably want to keep the default encryption and boot settings. When setting the password, try to make it as complex as possible, with upper- and lower-case letters and some numbers. But choose something you won’t forget, because you won’t be able to recover your files if you do forget it.
DiskCryptor may take a few hours to encrypt the drive, depending on the drive’s size. You can continue to use your computer, but if you need to restart or shut down, be sure to click Pause first. To resume the process, simply select the drive and click Encrypt again. If you’re encrypting a laptop, plug it into the wall so you don’t lose power partway through the process.
Once the encrypting process is complete, DiskCryptor should list your drive as ‘mounted’.
After you’re done encrypting your drive, back up the volume header information of your drive. That way, if the header becomes lost or corrupted, you can restore it and not lose all of your encrypted data. To back it up, open DiskCryptor; click Tools, Backup Header; and then save the backup to a USB drive or to another computer. Keep it in a safe spot in case you run into problems.
Remember, utilities outside Windows (such as LiveCDs or bootable USB drives) can’t access your encrypted drive. As a result, you won’t be able to repair, reinstall, or upgrade Windows without first decrypting the system drive, either by running DiskCryptor in Windows or by using the custom bootable Windows disk that you create with DiskCryptor included.
Eric Geier is a freelance tech writer—become a Twitter follower to keep up with his writings. He’s also the founder of NoWiresSecurity, which helps small businesses easily protect their Wi-Fi network with Enterprise-class security.