49
Process of Creation of Hidden Operating System
To start the process of creation of
a hidden operating system, select
System
>
Create Hidden
Operating System
and then follow the instructions in the wizard.
Initially, the wizard verifies that there is a suitable partition for a hidden operating system on the
system drive. Note that before you can create a hidden operating system, you need to create a
partition for it on the system drive. It must be the first partition behind the system partition and it
must be at least 5% larger than the system partition (the system partition is the one where the
currently running operating system is installed). However, if the outer volume (not to be confused
with the system partition) is formatted as NTFS, the partition for the hidden operating system must
be at least 110% (2.1 times) larger than the system partition (the reason is that the NTFS file
system always stores internal data exactly in
the middle of the volume and, therefore, the hidden
volume, which is to contain a clone of the system partition, can reside only in the second half of the
partition).
In the next steps, the wizard will create two TrueCrypt volumes (outer and hidden) within the first
partition behind the system partition. The hidden volume will contain the hidden operating system.
The size of the hidden volume is always the same as the size of the system partition.
The reason is
that the hidden volume will need to contain a clone of the content of the system partition (see
below). Note that the clone will be encrypted using a different encryption key than the original.
Before you start copying some sensitive-looking files to the outer volume, the wizard tells you the
maximum recommended size of space that the files should occupy, so that there is enough free
space on the outer volume for the hidden volume.
Remark: After you copy some sensitive-looking files to the outer volume, the cluster bitmap of the
volume will be scanned in order to determine the size of uninterrupted
area of free space whose
end is aligned with the end of the outer volume. This area will accommodate the hidden volume, so
it limits its maximum possible size. The maximum possible size of the hidden volume will be
determined and it will be verified that it is greater than the size of the system partition (which is
required, because the entire content of the system partition will need to be copied to the hidden
volume — see below). This ensures that no data stored on the outer volume will be overwritten by
data written to the area of the hidden volume (e.g., when the system is being copied to it). The size
of the hidden volume is always the same as the size of the system partition.
Then, TrueCrypt will create the hidden operating system by copying the content of the system
partition to the hidden volume. Data being copied will be encrypted on
the fly with an encryption
key different from the one that will be used for the decoy operating system. The process of copying
the system is performed in the pre-boot environment (before Windows starts) and it may take a
long time to complete; several hours or even several days (depending on the size of the system
partition and on the performance of the computer). You will be able to interrupt the process, shut
down your computer, start the operating system and then resume the process. However, if you
interrupt it, the entire process of copying the system will have to start from the beginning (because
the content of the system partition must not change during cloning).
The hidden operating system
will initially be a clone of the operating system under which you started the wizard.
Windows creates (typically, without your knowledge or consent) various log files, temporary files,
etc., on the system partition. It also saves the content of RAM to hibernation and paging files
located on the system partition. Therefore, if an adversary analyzed files stored on the partition
where the original system (of which the hidden system is a clone) resides, he might find out, for
example, that you used the TrueCrypt wizard in the hidden-system-creation mode (which might
indicate the existence of a hidden operating system on your computer). To prevent such issues,
TrueCrypt will securely erase the entire content of the partition where
the original system resides
50
after the hidden system has been created. Afterwards, in order to achieve plausible deniability,
TrueCrypt will prompt you to install a new system on the partition and encrypt it using TrueCrypt.
Thus, you will create the decoy system and the whole process of creation of the hidden operating
system will be completed.
Dostları ilə paylaş: