Encrypted file-hosted volumes
In this chapter we are focusing on how to use encryption for protecting your data. An encrypted file-hosted volume may sound somewhat confusing, but it’s basically a “securely encrypted folder with a password where you can store and edit files”. Encrypted file-hosted volume is a sturdy safe inside your computer.
Interview widget: Do you use encrypted file-hosted volumes?
We are exploring this theme in the second paragraph as a bit later you will learn how to create and use encrypted file-hosted volumes, but for now you should think through how to switch to storing all your sensitive information in encrypted file-hosted volumes.
I am going to show you how I came to using encrypted file-hosted volumes for my data to navigate you through the setup of encrypted file-hosted volumes on your computer or mobile device.
Like many of you, I have my files sorted across folders. I always tried to keep everything on my computer in order: I had a folder titled “Work” with a huge number of folders in it, a folder “Studies” containing educational materials, then all kinds of folders with photos, videos and staff. Of course, I had a folder with the data I deemed especially sensitive and therefore prudently renamed “Lectures”. The total volume of the files was around 112 GB.
To switch to encrypted file-hosted volumes, I separated my files into three groups. The first group comprised very important files that I don’t use every day. The second one had all the important files I use for work or studies daily. I put low-priority stuff I didn’t even think of protecting into the third group and got it into an encrypted file-hosted volume only for the sake of general order on my computer.
As a rule of thumb, keep it simple: the fewer files your encrypted file-hosted volume has, the safer it is. When you mount an encrypted file-hosted volume that keeps ten files, you open access to all ten files from a single one. Ideally, every file should be placed in a separate encrypted file-hosted volume, but in practice this is totally unfeasible.
When files are kept in an unmounted encrypted file-hosted volume, they are securely protected – your computer may catch a Trojan, or forensic experts may scour it for sensitive data – their efforts are in vain provided you have a solid password. Unless, of course, you yourself give it up or you carelessly keep it in a txt document on your desktop. You will find out how to break encrypted file-hosted volumes in the final paragraph.
What is a mounted encrypted file-hosted volume? Imagine that an encrypted file-hosted volume is an encrypted folder with a password. You enter your password, work with the files, then you close the folder. Now to access these data, you need to enter the password again. So when you have already entered the password and opened access to your data, Trojan malware that found its way into your computer, or a third party that accessed your computer, now has access to the files as well.
We have just described what a mounted encrypted file-hosted volume is. The process of password entering and opening access is called “mounting”. An encrypted file-hosted volume can be compared with a safe that is protected only when it is locked. When opened, anyone can gain access to its content. Storing your things in an open safe is no safer than on a table next to it.
Create as many encrypted file-hosted volumes as you can. It is unsafe to store all data in a single encrypted file-hosted volume.
Now after I created encrypted file-hosted volumes, I made a backup copy of my files (just to be on the safe side) and got all the files into the encrypted file-hosted volumes I have just created. This way I got rid of the chaos of files and folders that reigned my hard disk and instead streamlined it to three securely encrypted files.
It basically comes to this: you create as many encrypted file-hosted volumes as you need and put your files into them. Moving data into encrypted file-hosted volumes is one of the most important steps to building a secured system.
Store all your information only in encrypted file-hosted volumes.
Encrypted file-hosted volumes have one more advantage. For instance, you need to have an emergency destruction of data that take up 100 GB of space on the hard drive. How much time will its safe removal take? Depending on the capabilities of the hard drive, it may take up to 30 minutes.
However, if this 100 GB is stored in an encrypted file-hosted volume, you can take advantage of the CryptoCrash technology to destruct it in seconds. We are looking at it in detail in the chapter that explores emergency data destruction and protection from forensic analysis.
In the next paragraphs you will find out about the applications that allow to create and use encrypted file-hosted volumes. You will also learn how to disguise encrypted file-hosted volumes and use encrypted file-hosted volumes with a “false bottom” - this information will equip you with valuable skills to help you make your data more secure.