All important data must be stored encrypted. Flash drives are lost more often, so let's look at the simplest and most effective ways to protect information on USB drives, reports Tech Today.

Use a flash drive with hardware encryption

This is the simplest and at the same time the most expensive method of protection. Such drives are designed to securely store corporate secrets and will only allow the owner and, possibly, intelligence agencies to access them. Devices of this class, for example, DataTraveler 2000 Metal Security manufactured by Kingston, support the most advanced encryption algorithms and have keys for entering a password. It is convenient that cryptographic protection is provided by the flash drive itself and does not depend on the type of operating system on the computer and installed programs.

It is enough to enter a numerical code, and you can work with the files on the flash drive as usual. After disconnecting from the computer, access to data will be closed. Disadvantage of secure flash drives: if you forget the password or enter it incorrectly, for example 10 times in a row, the encryption key and data will be destroyed and the drive will return to factory settings.

BitLocker - Built-in Encryptor in Windows 7/8/10
If you are using the maximum version of Windows, BitLocker's standard cryptographic protection is at your service.

To encrypt a flash drive, right-click on the disk icon in the "My Computer" window and select "Encryption" from the context menu. The disk encryption process will start.

Choose encryption with a password and create a strong password. Depending on the size of the flash drive, the encryption procedure lasts from ten minutes to several hours. After the encryption process is completed, the flash drive is ready for use.

Connecting it to a computer, each time you will need to enter a password to access data. In the settings, it is possible to disable the mandatory entry of a password for a specific computer.

VeraTrueCrypt - free data encryption
The small utility VeraCrypt is a descendant of another popular data encryption tool, TrueCrypt, which was discontinued last year. There are versions of VeraCrypt for Windows, Mac OS X, Linux, and even Raspbian (OS for Raspberry Pi microcomputers).

After installation does not require additional settings to get started. To encrypt a flash drive, in the "Volumes" menu, select "Create a new volume." Next, sequentially indicate "Encrypt non-system partition / disk" - "Regular VeraCrypt volume", specify the path to what corresponds to the flash drive. Then select "Create encrypted volume and format".

All files on the flash drive will be deleted, so encrypt the drive before you start storing data on it. Once the password is created, the encryption process will begin.

To access an encrypted flash drive, you need to select a free drive letter in the main window of VeraCrypt, specify the path to the so (something like Device\Harddisk3\Partition1) and click the "Mount" button. The process will last from a few seconds to a minute. Then the disk with the selected letter will appear in the system, and you can work with it. Before disconnecting the flash drive, the encrypted volume must be unmounted.

Disadvantages of the method: VeraCrypt must be installed on all computers where it is necessary to have access to encrypted data. In the system, the flash drive is displayed as unformatted.

And finally: if there is a need to restrict access to files, and encryption is not available, use the archiver. The most common archivers allow you to protect archives with a password. If you do not hide state secrets, then, as practice shows, this is usually enough to restrict access to important files.

I had a little trouble here: my 8 gigabyte flash drive was lost somewhere in the expanses of the Moscow region. I didn’t feel sorry for the flash drive itself - it was an office one, written off a long time ago, and it was time to change it, 8 gigabytes was no longer enough for me. It was a pity for the programs that I kept there - the software was for all occasions and helped a lot on hacks. And besides, on that flash drive there was a file with a bunch of passwords: personal, office and others. Here's an ambush! After all, it is not known who will find my flash drive? If a simple lamer - that will format and will use itself. But if someone is smarter - expect trouble. I had to quickly change all the passwords. Hemorrhoids are still...

They gave me a new flash drive, for as much as 32 gigabytes. But I decided not to repeat such mistakes, and protect my flash drive from prying eyes, and at the same time from viruses, which have recently divorced immeasurably. And at the same time tell others how to do it quickly and painlessly. So let's get started.

The best program for such purposes is TrueCrypt. The program is designed to create encrypted container files, as well as to encrypt entire hard disk partitions (including the system one). There are many programs of this kind, but TrueCrypt has some great advantages. It is multifunctional, simple, supports several encryption algorithms, can create nested hidden encrypted containers, and most importantly, unlike similar programs, it is absolutely free and its source codes are open!

You can download the program along with the Russian language.

It makes no sense to describe in detail the installation of the program - it is no different from installing other programs. The only point - during installation, the program offers the options "install" or "Extract". For our case, select Install. Extract simply extracts the files from the installation package but does not install them. So, after installation, it is necessary to Russify the program. To do this, copy the Language.ru file to the folder with the installed program (by default, C: Program FilesTrueCrypt).

1. Format the flash drive.

All. Now let's start preparing our secure flash drive. If there is any information on the flash drive, we save it on the hard drive. Then, to be sure, we format the flash drive. The type of file system does not matter when formatting, but I recommend NTFS. Why NTFS? Yes, because later, with the help of security settings, it will be possible to protect the drive from viruses that are constantly trying to register in autoload and create a bunch of their files on it.

So, we format the flash drive. Open "my computer", right-click on the flash drive and select "Format ..." from the context menu. In the formatting window that opens, select NTFS in the "File system" list. Do not touch anything else and click "Start". We wait until the system writes "Formatting completed" and proceed to the next step.

If there is only FAT32 in the "File system" drop-down list, then this means that the flash drive is optimized for quick deletion. You need to switch the policy. This is done as follows: close the formatting window, go to "my computer", right-click on the flash drive and select "Properties" in the drop-down menu. In the properties window that opens, go to the "Hardware" tab, find your flash drive there, select it and click the "Properties" button. The properties window of the flash drive will open. Go to the "Policy" tab and switch the policy to the "Optimize for execution" mode.

After that, click "OK" in all the properties windows and return again to formatting. NTFS should now appear in the File System list.

2. Preparing the encrypted container.

So, the flash drive is ready. Now it's time to create an encrypted container, in which all our important and unimportant data will be located. Launch TrueCrypt. The main window of the program is shown below:

Go to the "Volumes" menu and select "Create a new volume". The Create Volume Wizard opens. I will not describe in detail all the options of the wizard, this may be a topic for other articles. I will describe only what concerns our current topic. Let's go in order:

"Create Encrypted File Container", "Next >"

In the "Volume Location" window, click the "File" button, select the location where to create the container file, and its name. The name can be anything. The extension is not required. For example, I will create a myflash file on drive C. Why on drive C, if it was possible directly to a flash drive? It is possible, but I recommend creating the container file first on the hard drive, because. the process of creating it directly on a flash drive, due to its low write / read speed, will be very long.

Encryption algorithms and hash algorithms, if you do not know what is at stake, it is better to leave them unchanged. To learn more about them, you can click on the links offered by the program. I left everything unchanged.

Volume size. Here you need to specify the maximum size of the future container file. Let's make the size of the container according to the volume of our flash drive minus a small margin for TrueCrypt files, which will also be on the flash drive. TrueCrypt files will take about 4 MB. I experimented on a 4 GB flash drive, so my container file size will be 3800 megabytes. In reality, if you then look at the properties of the file, its volume will be 3,984,457,728 bytes, i.e. occupies almost the entire volume of the flash drive. There will be a small amount of free space, well, let it be a penny. In general, the size is selected experimentally-individually, depending on the flash drive.

Set the volume password. This is the password that only you will know, and only by entering it will a person be able to access the data on your flash drive. Without it, the container file cannot be opened. Do not forget the entered password. There is no other way to access encrypted information, it is impossible to hack the container!

Tick ​​"Key. files" do not install. You can check the "Show password" checkbox to see with your eyes what you entered. After that, click "Next >".

In the "Format Volume" window, do not touch the settings. The file system inside the container does not play a special role. The only thing you need is to move the mouse in this window several times in order to increase the probability of random key generation. However, everything is written there. After that, click the "Mark" button and wait for the program to prepare the container. The waiting time depends on the power of the computer and the speed of the hard disk exchange. At the end, TrueCrypt will report that "The TrueCrypt volume has been successfully created.", And that's what we need. Click "Exit".

So the volume is created. We transfer it to a flash drive. I recommend creating a folder on it, where to place our encrypted container. Why - it will be clear in the section "Drive safety". I created a “MyFlash” folder on my flash drive where I moved my “MyFlash” file, here I am the original

3. Setting up TrueCrypt to run from a flash drive.

Everything is even simpler here: in the main window of TrueCrypt, go to the "Tools" menu and select the "Configure portable disk" item. In the "TrueCrypt Portable Drive Settings" window, in the "File Options" section, click the "Browse" button and select our flash drive (not the folder with the container, but the root of the flash drive).

In the "Autorun settings (autorun.inf file)" block, set the switch to the "Automount TrueCrypt volume (specified)" position, click the "Browse" button, and select the same encrypted container that we did on our flash drive. Next, check the box "Open mounted volume in an Explorer window". In general, taxiing with switches is your choice, I just offer the best option.

Click "Create".

After the inscription “TrueCrypt portable disk successfully created…”, you can relax and enjoy your handiwork. If everything is done the way I have, then the following contents will be on the flash drive: the “MyFlash” and “TrueCrypt” folders and the autorun.inf file

4. Working with an encrypted flash drive.

Now, if you remove the flash drive and insert it again (provided that autorun from flash drives is not disabled), the system itself will prompt "Mount TrueCrypt Volume". Moreover, the presence of TrueCrypt installed on the computer is not necessary - the flash drive already contains TrueCrypt, so the flash drive can be opened on absolutely any computer.

If you agree to mount the volume, a window will appear asking for a password:

If you click the "Options ..." button, additional options will become available:

"Mount as a read-only volume" is a very useful option if you insert a flash drive into a computer that you are not sure is clean. In this case, the volume will be mounted read-only, and no virus will be able to get into your encrypted container.

The remaining parameters in this case do not concern us.

So, after entering the correct password, TrueCrypt will connect the encrypted container to the system as a removable drive using the first free drive letter. Now, you can work with this disk as with a regular flash drive: copy from / to it, open and work, well, in general, everything is as usual. Encryption and decryption are carried out by TrueCrypt "on the fly", absolutely transparent to the user. The TrueCrypt icon will appear in the system tray (taskbar area near the clock, lower right corner of the screen)

After you have finished working with the drive, just right-click on the TrueCrypt tray icon and select "Unmount [drive letter]". After that, the container will be disconnected from the system. By the way, this is not necessary if the flash drive has not been written to. That is, if you only copied data from a flash drive and did not write anything to it, then you can simply pull it out without any additional manipulations.

5. Driving safety.

Now let's talk about how to prevent viruses from writing anything to a flash drive. This chapter only applies to flash drives that were originally formatted in NTFS. For FAT, the measures indicated here will not work!

So, if everything was done the way I did, then the following contents will be on the flash drive: the “MyFlash” and “TrueCrypt” folders and the autorun.inf file

We go to "My Computer", right-click on our flash drive (not on an open container file connected as a disk, but on the flash drive itself!). Select the "Properties" item and in the properties window that opens, go to the "Security" tab.

If there is no “Security” tab in the properties of the flash drive, then either it is formatted in FAT32, or you have a checkmark “Use simple file sharing (recommended)”. Go to "Start" -> "Control Panel" -> "Folder Options" -> "View" tab. And uncheck the box above.

Delete everything from the "Groups or users" field except the "Everyone" group. For the "All" group below, in the "allow" column, put 3 checkboxes: "Read and execute", "List folder contents" and "Read".

Click "OK". Now let's try to copy some small file to the flash drive, to its root. The system should swear that "Access Denied". Let's try to delete the "autorun.inf" file from the flash drive. The result should be the same. The "TrueCrypt" folder should not be deleted either. But for the folder where our encrypted file is located, you need to change the permissions, because. the file will be modified in any way, otherwise TrueCrypt will mount it read-only. To do this, go to the folder where our encrypted container file is located, and right-click on its menu. Further "Properties", tab "Security". Three checkboxes "Read and execute", "List the contents of the folder" and "Read" will be gray and not available for change. That's right, permissions are inherited from the root of the flash drive. We put a tick in the “allow” column next to the “Record” item and click “OK”.

That's all. Now viruses will not be able to replace autorun.inf with their own, and will not be able to write their files to the root of the flash drive. In most cases, this protection is sufficient. Of course, it's only a matter of time before virus writers learn how to manage access rights, but it's still not hackable. In any case, I have not yet encountered such viruses.

6. Total

So… we got a flash drive, the information on which is available only to us. Of course, no one has canceled the universal password (soldering iron in the anus), but without it, no one will be able to access your data. Yes, if the flash drive is lost, they can use it. But only as a flash drive. The data will remain unavailable.

I think it is not worth reminding once again that the simpler the password, the easier it is to pick it up with a blunt enumeration or a dictionary. No encryption will save you from this. Therefore, avoid simple passwords. Many people make the same mistake - they use one password (even if it is complex) wherever it is required. This is a gross mistake, because. once having learned the password (and there are a great many ways to find it out), the attacker gets access to all password-protected user data. But this is already on the conscience of the user himself.

Take care of your information, because, as you know, it is she who rules the world.

An article about ways to protect data on flash drives, as well as programs for encrypting flash drives and individual files on them.

Even some 10 years ago, in the absence of the Internet, we transmitted various data to each other on floppy disks and disks. A floppy disk was more convenient in this regard, because it was possible to "throw off" information directly on it without overwriting all the contents, as, for example, on RW disks. The only drawback of floppy disks was their small size (just over a megabyte).

However, this problem was solved when USB flash drives began to take their place en masse. Today, portable drives can hold up to a couple of hundred gigabytes of any type of file, have a write speed much higher than that of disks and floppy disks, so they have deservedly become the No. 1 storage media.

Any flash drive, among other file "trash", sometimes stores quite important data, which it is undesirable for anyone to see. Therefore, today I suggest you encrypt your flash drive and personal information on it.

A bit of theory

Before considering specific examples of flash drive encryption, it is worth a little understanding of the types of encryption itself, as well as its principles. Applicable to flash drives today, there are two types of data protection on them: hardware and software.

Hardware encryption is implemented by introducing additional devices into the design of the drive that block the ability to connect it to a computer. At the same time, such devices can have a different principle of operation: from physically blocking access to a flash drive in general, to using modern fingerprint scanners!

Naturally, such flash drives cost a lot, so it makes sense to buy them only if you plan to transfer something very secret to them. For other purposes, it is enough to use special software.

There are three main types of software encryption. The first type involves encrypting the entire media and accessing it with a password. The second is the creation of an additional encrypted partition on the media (something like a hidden folder) with password protection. The third option is "point" encryption of individual important files.

Each of the methods has both its advantages and disadvantages, however, I want to say right away that, alas, there is no ideal one ... Plus, you risk forgetting your password and losing your data forever!

Therefore, before deciding whether you need to encrypt a flash drive, think about it, maybe not so advanced users will see its contents? It is quite possible that it will be enough for them to make an important folder hidden or just change the extension of the secret file;).

Encryption with BitLocker

Users of professional editions of Windows (starting with 7) have access to one very useful and convenient tool called BitLocker. This is a built-in solution for on-the-fly encryption of local and removable storage media without the need to change the file system to an encrypted one (for example, EFS), and with a simple unlocking of access to them with a password.

To set a password on a flash drive using BitLocker, we just need to connect it to a PC, open the "Computer" window and select "Enable BitLocker" in the context menu of our removable drive. After a short initialization, we will see the following window:

In this window, we will be offered two encryption options: using a password and by connecting a smart card. I think there is not much point in messing around with additional cards, so we leave the choice on the first point and enter our password twice in the special fields. The latter must be at least 8 characters long and contain both letters and numbers.

After clicking the "Next" button, we will proceed to the window for creating a recovery key, which will be able to unlock if we suddenly forget the password. This key can be stored in your online user account, in a separate text file on your local computer, or printed out on a printer. The most convenient option, I think, is local saving. We select it and save the text file with the desired name and in the desired folder.

After saving the file with the key, you will be prompted to select the type of encryption for the flash drive. The first option offers faster encryption of only the occupied space on the flash drive, the second one is longer, but complete. The first option is recommended only for new disks that do not yet contain information, however, it has been experimentally found that it is quite suitable for non-blank media, so you can safely choose it and wait for the encryption to finish.

After the flash drive is encrypted, safely remove it, and then reconnect it to the port. If everything was done correctly, then in the "Computer" window your flash drive will have an additional icon with a lock, and when you try to open it, the system will ask you to enter a password :)

Surprisingly, you will not get a more elegant and simple password setting on a USB flash drive from any third-party program. Here the Windows developers have tried. However, it is worth remembering that BitLocker only works on systems no older than Seven, and you may need administrator rights to set a password.

An alternative software solution could be the DiskCryptor application. It also allows you to encrypt the entire flash drive, however, it requires installation on all computers to which the encrypted flash drive will connect. Otherwise, the system will simply offer to format it!!!

Create an encrypted partition

Given that BitLocker may not work on older systems and Home editions without administrator rights, some may need an alternative solution to encrypt data on a flash drive. It would be ideal to create an encrypted folder next to the usual data, however, due to the peculiarities of Windows and removable drives in general, this method does not exist!

But you can imitate it by creating an encrypted partition on the flash drive, disguised as any file! Previously, it was ideal to use a program called . However, since the end of last year (2014), the developers have stopped supporting it (they say it could not have done without the NSA ...) and declared its algorithms insecure.

In principle, if you do not think that your flash drive will fall into the hands of cool hackers who will brute-force your password, you can use the latest working version of TrueCrypt 7.1a (available on our website at the link in the previous paragraph). If there is no desire to compromise, you can use the popular TrueCrypt alternative called VeraCrypt.

This program almost completely repeats the TrueCrypt interface and uses the same source codes, but it has a different encryption algorithm that no one has yet been able to crack! At the same time, it can work directly from a flash drive, which is what we need. Download VeraCrypt, run the installer and see a window with a choice of installation options (exactly the same as for TrueCrypt):

We need to select the second option "Extract" and unpack the program into a folder directly on the flash drive. She will probably "swear" at us in English, warning that some functions may not work in the portable version, but we will ignore the "swearing" and continue to the end.

When the program is already on the flash drive, run it. If you have worked with TrueCrypt before, you will be greeted by a familiar interface (though in English). To Russify it, just go to the "Settings" menu and call the "Language" item. In the window that opens, select "Russian" and click "Ok":

Now we need to create an encrypted partition on our flash drive. As a section, we should have any file under which this section will be disguised. For large storages, the video file format (AVI or MP4) is ideal, since a text file or a picture of a couple of gigabytes in size will look suspicious :). We throw any video file on the flash drive (it will be destroyed!) And press the "Create Volume" button:

The Encrypted Partition Creation Wizard will start. In principle, everything is painted in Russian there and there should not be any special problems. Moreover, all stages of preparation coincide with the stages of work in TrueCrypt, which are described in . In short, I will say what we will need to do:

  1. Choose to create an encrypted file container as a regular volume.
  2. Specify the file for the container (the video file that we uploaded to the USB flash drive).
  3. Select encryption algorithms (you can leave the default).
  4. Specify the size of the encrypted storage in kilobytes, megabytes or gigabytes (optional, but not more than the amount of free space).
  5. Set a password for accessing the storage (preferably longer).
  6. Start the storage creation process.
  7. Close the Wizard window after the creation of the encrypted volume is completed :)

The result of successful work will be a "video file" visible on the flash drive, which cannot be played by any player ... Now how to open it. We return to the main interface of VeraCrypt again, select any free letter in the list of disks (for example, O), click the "File" button and specify the path to the "video file", then click "Mount" and wait for the process to complete.

When the mounting is completed, in the "Computer" window you will find a new "Local disk (O:) (the letter will be the one you have chosen), on which you can write any information you need. When you have finished working with the encrypted partition, return to the main interface of the program and click the "Unmount" button:

The virtual disk will disappear from the system and no one (except you) will know where it came from and how to enter it :)

Finally, I will say that of all analogues, VeraCrypt is practically the only encryption tool that is completely free and at the same time allows you to create hidden partitions of unlimited size.

An alternative for partial encryption and the creation of hidden partitions can be the program and its forks. However, in portable mode in new Windows, you will encounter the problem of having to manually install drivers, so this solution is only suitable for Windows XP and younger, where everything is somewhat simpler with the driver policy...

File encryption

The final encryption option is to set a password to access only one important file. Indeed, sometimes there is no need to create a whole hidden section if we need to close access to only a couple of files. For this purpose, I recommend the portable AxCrypt2Go program:

It is in English, but I think that the standard view of Windows Explorer is familiar to everyone, so there will be no particular problems with understanding the interface. On the left side in the folder tree, we need to select our flash drive, and on the right side, call the context menu of the file to be encrypted, and click the first item "Encrypt":

In the window that appears, enter the desired password twice and click "Ok". Optionally, you can also check against the key file, but this is not necessary. The result of the manipulations will be the appearance in the folder of a new file of the same name as the encrypted one, but with the extension AXX. The original is deleted, and the encrypted file can be decrypted at any time using the "Decrypt" command and entering the specified password.

The AxCrypt2Go program does its job well, but it is not very convenient if we need to password-protect several files in a certain folder at the same time. If you want to do just that, then a free utility from the popular flash drive manufacturer Silicon Power SP Widget will help you:

There are two versions of it on the manufacturer's website: for old systems (XP / Vista) and new ones (7/8). Make sure you download the version that suits you! After downloading and unpacking the archive to a USB flash drive, run the program and Russify it by selecting "Russian" in the "Language Choose" section.

The principle of working with this program is similar to the principle of working with AxCrypt2Go, however, it has a number of advantages. First, files can be encrypted in bulk. And secondly, there is the "Delete original files" option, which allows us to quickly delete unencrypted data, leaving only their password-protected versions!

In general, programs for encrypting individual files, as a class, are quite widely represented. They are found both as modules in comprehensive PC maintenance utilities (eg Glary Utilities) and as stand-alone (often portable) solutions. An interesting example of the latter type is the bmpCoder program, which allows you to encrypt small text fragments directly into images in BMP format without breaking the picture!

conclusions

Summing up, I would like to say that only the BitLocker system tool can really put a password on a USB flash drive. There is no other way to block removable media so that, like in a movie, it gives out a beautiful inscription "Access Denied" in nature!

However, as we could see, there are many ways to encrypt data on a flash drive for free. This includes the creation of hidden sections disguised as ordinary files, and the encryption of individual files, and even hiding information in ordinary images!

In a word, over the many years of the existence of PCs and flash drives, many ways have been invented to hide their confidential data from strangers. We just have to decide on the one that we need and successfully use the experience of our predecessors-conspiracy theorists :)

P.S. It is allowed to freely copy and quote this article, provided that an open active link to the source is indicated and the authorship of Ruslan Tertyshny is preserved.

Nowadays, more and more people are using portable storage devices such as Flash drives. And if the work of a person is associated with constant movement, then most likely this drive contains a lot of confidential information. And in case of loss or theft, there is a risk that an attacker can use this information, for example, logins and passwords for electronic money are indicated in a text file, and so on. Therefore, in this lesson, let's try to fix this problem, and the standard Windows 7 tool, called BitLocker, will help in this.

BitLocker is a partition encryption tool. There are various software for encrypting individual files and directories, but this tool allows you to completely encrypt a USB drive, and when you connect the USB flash drive to another computer, you must enter a password to access the data.

Let's take a quick look at what this video will be about:

Let's decide for which file system this FAT32 or NTFS protection method will be used, because this is very important in this matter

Encrypt USB flash drive

Decrypt USB flash drive

Let's compare the reading speed from an encrypted and decrypted flash drive

Consider group policy settings for encryption of removable media

Let's compare all the pros and cons of this system

Let's sum up some results based on the information received.

Well, let's get started and the first thing to clarify is what file system is on the USB drive, this is a very important point and here's why. The fact is that for different file systems and different versions of Windows, access to an encrypted drive will be different, this can be seen from this table. In Windows 7 with an encrypted drive, you can perform both read and write operations, regardless of the file system, however, for earlier versions of Windows (XP, 2008 Server, Vista), there is no way for NTFS to work with this drive at all, and in the case of FAT32 can only be read, which is of course not convenient, but there is no other choice. Most likely, this was done to ensure that everyone switched to Windows 7 as quickly as possible, so to speak, a marketing ploy.

And so, we decided on the file systems, I personally choose FAT32, since Windows XP is often installed on client machines, as for our case, the inconvenience will be that FAT32 does not support files larger than 4 GB, i.e. 5GB file, it will not be possible to write to this drive. But, again, it makes no sense to protect the flash drive on which images are stored and so on, in general, large files, as a rule, you need to protect small flash drives that store documents!

The flash drive I'm going to encrypt currently has the NTFS file system, so I'll have to format it to convert it to FAT32. If programs that convert without formatting, but this video is not about that.

Before performing encryption, to clarify something, let's check the read speed from this flash drive without encryption. According to the idea, the speed of reading with encryption should fall, since the system will have to decrypt the data in addition to giving it to the user. Let's check with the help of the HD_Speed ​​program, my speed was 164 mego bits per second

To start encryption, right-click on the removable drive and enable Bitlocker. Again, it’s worth considering that this menu item appears only in Windows 7 under the Ultimate and Corporate editions, sort of like in Vista under the same editions, but I personally didn’t check it, and I didn’t use Vista at all, there were enough rumors to discourage desire.

You can protect the drive either with a password or with a smart card, I didn’t protect it with a smart card, but I suspect that this is a smart key in the form of a USB device similar to a flash drive, currently most office programs are protected by a similar key.

We set a password, save or print the recovery key, and the encryption process starts. Encryption takes quite a long time, it took me 32 GB to encrypt 2-30 hours, but again, the encryption process can be paused and the disk can be used. Personally, I had a situation when I started to encrypt a disk, it was encrypted for a long time, but I had to leave work already. So, I took the flash drive home, and at home I clicked on continue and already at home the encryption was completed, as I understand it, something like a script is written to the flash drive, which indicates at what stage the encryption was suspended. And then, on another computer, the system reads this information and continues from where the process stopped, but this will not work on XP.

By the way, let's just experiment, pause, pull out the flash drive, insert it and we are asked for a password, enter the password and the encryption program continues to encrypt the drive.

And so the encryption process is over, and now, when we try to enter the USB flash drive, we are asked for a password, and after the drive is unlocked, the BitLocker Management item appears in its context menu ...

Which has the following items:

Changing the password to unlock the disk - speaks for itself, enter a new password

Delete password for this drive - removes the protection password, but does not remove protection, as it might seem at first glance, but removes password protection. If protection is only by password, then it will not be possible to remove it.

Add a smart card to unlock the disk, this is a key in the form of a flash drive to unlock the flash drive J

Automatically unlock the disk of this computer - if you activate this function, this drive will be automatically unlocked on this computer when connected, but not on others. Those. a binding to the equipment is obtained. Let's say this can be used if you trust the computer on which you are sitting, let's say a home computer. Or you can register this checkbox in the office for all office PCs, and if the flash drive leaves the office, then it will not be possible to read information from it (to ensure security and ease of use for users)

Now let's check the reading speed again, it seems to have fallen, in fact, as expected.

Now let's check how everything will work on Windows XP, start the virtual machine and connect a USB flash drive to it.

Now the next question appears, how to decrypt a flash drive? After all, the menu does not have a function to remove protection or something like that! And this is done not in such an obvious way as encryption, for this we need to go to the BitLocker setting Start \ Control Panel \ BitLocker Drive Encryption \ Click to disable encryption for this drive. Decryption is faster than encryption, it took me about 30 minutes on the same 32 GB

Now let's look at the BitLocker settings, and it is configured through the group policy Start \ Run \ gpedit.msc \ Computer Configuration \ Administrative Templates \ Windows Components \ Bitlocker Drive Encryption \ Removable data drives.

Protection against unauthorized access

Reading in older OS, only in FAT32 file system

The possibility of stealing confidential information in earlier versions of Windows - after all, to read the file, you need to copy it to the local computer, and even after deleting it, it can be restored by various means of recovering deleted files

Lower read and write speed, since in addition the system has to spend time on decryption

It cannot be used as a multiboot flash drive, since the flash drive is encrypted, it will not be possible to start from it.

1) use only to store important information

2) a small flash drive, the larger the flash drive, the longer its encryption lasts.

3) the flash drive must be formatted in the FAT32 system

Probably, many users thought that it would not be superfluous to protect their files (photos, documents, etc.) located on a portable medium (flash drive) from access by unauthorized persons, because a flash drive can be lost or simply forgotten somewhere , and this in turn can have the most unpleasant consequences.

But if the storage medium is securely encrypted, and access to its contents requires a password, then it will become almost impossible for anyone other than the owner to gain access to the data. Further in the article, we will just consider how to encrypt the contents on a flash drive and set a password to access it.

For these purposes, you can also use the standard tools of Windows 7/8/10, in this context we are talking about BitLocker, but today we will talk about another, absolutely free VeraCrypt program, which in many ways surpasses the standard Windows tool.

VeraCrypt is a fork of the once popular TrueCrypt on-the-fly encryption software. VeraCrypt not only "inherited" all the best from the discontinued TrueCrypt (on May 28, 2014, the termination of support for the TrueCrypt program was announced), but also has a number of advantages compared to its predecessor, and the program continues to improve at present.

And so, let's consider the easiest and fastest way to securely encrypt a flash drive using this wonderful program.

Installation should not cause you any difficulties, everything is standard here:

  • Download the program or from the developer's website;
  • Run the resulting VeraCrypt Setup.exe file;
  • Next, the installation wizard will offer two installation options: standard ( Install) and portable, in our example we will choose the portable version of VeraCrypt ( Extract) and click "Next";

This completes the installation, go to the folder that was indicated in the previous step, in our example D:\VeraCrypt\, you may have a different one, and run the program (file VeraCrypt-x64.exe).

First of all, we will switch the interface from English to Russian, to do this, in the program window that opens, click: "Settings" → "Language ..." → in the list we find Russian (there are other localizations).


As a result, the main window of VeraCrypt will look like this.

Next, let's prepare our media itself - for the "purity of the experiment" we will format the flash drive (be sure to first make sure that there is nothing important for you on it). Right-click in the explorer on the flash drive and select "Format ..." in the context menu that opens.

When formatting the media, it is better to immediately select the NTFS file system format, because. when choosing FAT32, large files over 4 GB cannot be stored on a USB flash drive. Click "Start", and after the completion of the formatting process, we return to VeraCrypt.

In the main window of the program, select: "Tools" → "Volume Creation Wizard".

Select "Create an encrypted file container" and click "Next".

Volume placement → using the "File" button, select our flash drive → come up with any name and create a file (for example, 12345), where our encrypted virtual disk will be located → "Save" → "Next".

Volume size → at your discretion (it all depends on the size of your drive and on which part of the data you want to encrypt and which to leave open) → "Next".

Volume password - here you need to come up with a strong password, in the window of the volume creation wizard, detailed instructions are given in this regard → "Next".

Volume formatting → click "Mark" (before that, be sure to read the comment marked IMPORTANT in the Volume Creation Wizard).



The VeraCrypt volume has been successfully created. We press "Exit".


This completes the process of creating an encrypted volume.

It remains only to download the VeraCrypt files to a USB flash drive so that you can use the encrypted partition on other computers.

VeraCrypt portable drive setup → using the "Browse" button (file options), select our USB flash drive in Windows Explorer → configure autorun settings, here we select volume automount (in this case, you do not have to run the program and mount the encrypted volume manually) → in the VeraCrypt volume mount options using the second button "Browse" we find and specify the volume to mount (the file that we created earlier, in our example it is file 12345) → "Create".

That's all. A flash drive with an encrypted partition and a password is ready.

To check the result, simply remove the USB flash drive, and reconnect it to the computer. If you have autoload enabled, then all that remains is to wait for the media to be mounted, get a password, and use the encrypted partition for your own pleasure.

In Windows Explorer, a flash drive with an encrypted volume will be displayed as follows (as two media, while you will have your own partition letters): 1) VeraCrypt Portable Disk (E:) (data is not encrypted), 2) Local Disk (J:) ( encrypted section).

Those. now any files that you place on the encrypted partition (in our example, this is the Local Disk (J :))) will be securely protected, and access to them will require the password you created during the creation of the encrypted volume.

If autoload is not enabled for you, then you need to start VeraCrypt from a flash drive yourself (there is a folder of the same name on the flash drive, it appeared there during the setup of the VeraCrypt portable drive). In the VeraCrypt folder on the flash drive, find and run the VeraCrypt-x64.exe file. Next, in the main window of the program, press any letter you like from the list, using the “File” button, find and select the volume file we created on the flash drive (12345), click “Mount” → enter the password → “OK”.


That's all. Now we have a securely encrypted USB flash drive, access to the contents of which, without knowing the password, is very, very difficult to get.