As I publish articles to my blog, I have realized I have a lot on my plate both at work, school, and home. So sorry for the delay in my postings but am going to address an issue and the extreme need for file encryption. This is extremely important for Law Enforcement Officers as we typically deal with sensitive documents, images, videos, classified information, and especially when dealing with Child Pornography cases, when sending and receiving Cyber Tips, via email, or Cloud services.
Some officers might think how does this apply to me? There are numerous incidents where file encryption is need like:
- Sending & receiving emails with classified or sensitive files
- An instructor, detective, police officer, or investigator that has case files located on external media like portable hard drives, thumb drives, CD’s, DVD’s, etc….
- Sharing sensitive information hosted in the cloud using services like OneDrive & DropBox to name a few.
These are just a few examples of where file encryption is necessary and in most if not all law enforcement agencies, is prohibited in sending or sharing these types of files unencrypted. The easiest way for me to share with you on how & why encryption is important is by using examples with the use of file encryption. Over the course of several weeks, I will post to my blog specific examples, each addressing the need, scenario, and the software I use to that specific scenario.
Example: I am an instructor with my agency and the local police academy in my jurisdiction. I carry around a Thumb Drive or what you may know it as portable media. On this thumb drive contains Microsoft PowerPoint Training slides, JPG Images, and MPG/AVI videos of case files to present to my classes, many of my cases which I have worked. You might be asking why is file encryption important? As I teach other police officers and rookies, my case files include protected individuals which whom have been either deceased, juvenile, or other protected content. Even though I take proactive measures to protect detailed information (blurred out images), what happens if my thumb driver or portable media gets lost, stolen, or in the hands of a civilian who is not authorized to view these types of case files?
That is where one of my favorite encryption programs, VeraCrypt, comes into play. I have been using encryption programs for some time now and VeraCrypt, which is derived from “TrueCrypt”, comes into play. VeraCrypt has the ability to encrypt your disks / portable media including external media, thumb drives & portable media. You might be asking “I have heard of TrueCrypt, why not use that”? Simply, TrueCrypt is no longer supported which was an open source project, and when they stopped developing TrueCrypt for unknown reasons, VeraCrypt took on the open source program and continued developing it, making it more secure.
- Download VeraCrypt from the download link.
- With your thumb drive / external media device inserted, install the program and select extract from the options.
- You will get some warnings about the portable mode, just keep on clicking on next, and next. Though make sure just prior to the end, make sure the path of the location of the potable installation is on your external media.
- The installation will look like this. This is at which time now you can use VeraCrypt to mount, create, or dismount your volume. You might notice more files than I have listed which are language files. Since the default is English, I removed / deleted all of the language files, leaving the core files needed after installing the portable mode of VeraCrypt.
- Next, lets create a file container of the size I want. Double click or open the file VeraCrypt.exe. the program will open.
- Next click on “Create Volume”.
- The VeraCrypt Volume Creation Wizard will appear. Just hit “Next” to select the default selection of “Create an encrypted file container”.
- For the Volume Type, I use the “Standard VeraCrypt Volume” as I like to see my encrypted containers. You can select “Hidden VeraCrypt Volume” but you will have to know the file path when opening an encrypted container.
- For the Volume Location, select “Select File”, and choose the file location of your encrypted container (obviously on your thumb drive or portable media). It can been named anything, to include a file extension or not. Some people like to disguise it like selecting the file name “DisneyVacation.jpg”, where people who view it might think it is a JPEG photo. The problem is you will probably be using a large encrypted container and a 1GB JPEG is not reasonable and anyone with a clue will know something is up. Since the encryption algorithm we are going to use it very strong, I like to just name it what the contents are. Be sure to click on “Next” after you select the file name & location. I called my “EncryptedTrainingFiles”.
- For the “Encryption Options”, I use the default “AES” and “SHA-512” Hash Algorithms.
- The next screen is the “Volume Size”. This is dependent of how much data you want to place in your encrypted container, and of course the size of your portable media. Take into consideration the that the larger container you have the longer time it will take to decrypt it, and mount it. For my example, I will use a 1GB container, which only takes about 5 seconds on my PC to mount.
- Then you will have to enter your volume password. The number one weakness with any company or network is the users weak passwords, which can be guessed and brute forced. For my example I am just going to use “password” and when selecting a simple password like this, VeraCrypt will warn you about the use of weak passwords. I currently use passwords involving encryption that are at least 15 characters in length, and contain numbers, capital and lower case letters, and most importantly special characters. Hit next to begin the encryption process.
- For the “Volume Format” screen, very important that you move your mouse around the VeraCrypt window to create strong cryptographic strength of the encryption keys. Once the progress bar gets to the end and fully green, click on “Format” to begin the encryption process. You will be complete once formatting is done and can click on “Exit” or create another container.
So now how to I use VeraCrypt now that I have created the encrypted container. It is easy.
- Navigate to your VeraCrypt.exe file on your portable media to open VeraCrypt. That nice thing is that the program goes with your and you do not have to have VeraCrypt install on the PC your are using.
- In the Drives List, right click on an available drive and select “Select File & Mount”.
- In the file navigator window, navigate to your encrypted file, in my example I used “EncryptedTrainingFiles” on my thumb drive.
- Enter the password your selected for the encrypted container and hit “OK”.
- Give VeraCrypt a little time and once complete, your encrypted volume will be mounted as another hard drive on your system. All you have to do now to add, move, copy, paste, delete the files you want in your encrypted container in the drive you select. Mine wxample was Drive M and as an example, have placed a couple of the photos used for this blog post on the drive.
You can continue to work on the M drive, or what ever drive letter you selected. Once you are done, just open VeraCrypt again, and select “Dismount All”, which will unmount your encrypted container, with all of the modified files contained in it.
- Note that there are definitely other uses for VeraCrypt to include formatting the entire thumb drive or portable media, hiding your archive, and different encryption algorithms.
I constantly am using VeraCrypt on my devices to carry sensitive data with me and you should consider the same. There are also other alternatives out there which I will go over in other blog post, to address encryption in Cloud Storage.