I'm evaluating full drive encryption using Truecrypt on my Crucial M4 SSD on Windows 7 32bit Pro on my Toshiba NB100 Atom N270 Netbook.
I've encrypted this and noticed an increase in the boot time but once booted the performance doesn't seem to be affected and Windows Experience Index is unchanged (compared with unencrypted). Related question: How to encrypt dual boot windows 7 and xp (bitlocker, truecrypt combo?) on sdd (recommended?)
However, I wondered if encryption was really necessary for me as I value the extra performance that might be lost if I encrypt.
The netbook is personal and sometimes occasionally used for work for remote on-call working or emergencies. I don't really have anything any more sensitive than the next person: career documents, household docs, contacts, ideas/original material — though these are personal enough not to want to let them fall into the wrong hands if the netbook got lost or was stolen.
So I just thought if there might be alternative regimes/measures that could be used to protect such data. I could encrypt a partition for example and not the system drive, but traces are left on the system drive e.g. temp files, swap file etc.
Thoughts?
Best Answer
OK, I'll answer it myself after thinking about it - perhaps this might also spark some interest and comments...
Possible alternatives to full disk encryption to avoid the potential performance hit might be:
Create a separate partition just for the Windows swap file pagefile.sys - change Windows system settings so that the file always goes in that partition. This ensures that the swapfile is always written to the same part of the disk, which means that personal or sensitive data is not strewn all over the disk. And it may be possible to have a automated job to do a quick multi-pass erase of it on shut down. It may even be possible with some drive encryption tools to encrypt the partition and mount the drive before Windows attempts to access the pagefile.sys file.
Create a partition for C:\temp and other temporary folders, caches etc for the same reasons above
Create an encrypted partition using Truecrypt to hold My Documents.
Use a BIOS password, this will deter some people from trying to access the machine's contents, though determined folks will simply disassemble the machine to get at the hard drive.
Periodically run CCleaner, this will clean up residual data that may be sensitive but it won't remove anything since the last run - usually the most recent stuff which is probably the most valuable stuff - older stuff is stale and perhaps not of so much interest
Install secure erase add-on for the recycling bin
Use incognito browsing mode in Chrome or equivalent in Firefox and other browsers to minimise browsing history
Use cloud services to store files rather than locally
What are your thoughts?