1
00:00:00,560 --> 00:00:03,920
Welcome to part three of this module.

2
00:00:03,920 --> 00:00:10,340
This video will be covering how to create a hidden operating system as well as a decoy operating system

3
00:00:10,430 --> 00:00:11,720
using their script.

4
00:00:11,720 --> 00:00:16,280
This is not an especially easy process and it does entail some risk.

5
00:00:16,280 --> 00:00:23,660
It is required not recommended but required that you have installation media already created for whatever

6
00:00:23,660 --> 00:00:27,940
version of Windows you're currently running a rescue disk is not adequate.

7
00:00:27,950 --> 00:00:32,270
You will be called upon to reinstall windows as part of this procedure.

8
00:00:32,330 --> 00:00:35,680
And the two installation versions must match.

9
00:00:35,720 --> 00:00:41,360
In other words if you're currently running Windows 10 professional you're going to need a Windows 10

10
00:00:41,360 --> 00:00:48,980
professional ISO either in the form of an installation C.D. or USP stick these ISO files can actually

11
00:00:48,980 --> 00:00:52,550
be downloaded directly from the Microsoft Web page.

12
00:00:52,550 --> 00:00:58,760
If you don't have your original disk it is also very important to make sure that you have your original

13
00:00:58,760 --> 00:01:03,980
Windows product key so that you can activate your second Windows installation.

14
00:01:03,980 --> 00:01:09,800
Both versions of windows need to be authenticated before you begin encrypting them or else you can run

15
00:01:09,800 --> 00:01:11,000
into problems.

16
00:01:11,000 --> 00:01:19,100
Keep in mind that this procedure is the same for True Crypt except that True Crypt has no use EFI GP

17
00:01:19,280 --> 00:01:28,130
support you may wish to use True Crypt on older computers with MDR partitions especially 32 bit machines

18
00:01:28,130 --> 00:01:30,710
like old laptops or what have you.

19
00:01:30,770 --> 00:01:35,810
Because the performance is likely to be a lot better before we dive in.

20
00:01:35,840 --> 00:01:41,070
I need to reiterate that this process is complicated and it can mess up your computer.

21
00:01:41,090 --> 00:01:47,390
The best time to set up a hidden operating system is when you are first setting up your machine such

22
00:01:47,390 --> 00:01:48,460
as a new machine.

23
00:01:48,470 --> 00:01:53,840
There is a danger that if something goes wrong you could end up losing data.

24
00:01:53,840 --> 00:02:01,400
So with that in mind please take all appropriate steps to safeguard your files backup anything important

25
00:02:01,430 --> 00:02:07,940
to external media because if you end up needing to start over from scratch that may mean wiping your

26
00:02:07,940 --> 00:02:11,540
computer completely and having to reinstall windows.

27
00:02:11,540 --> 00:02:18,470
This tutorial assumes that you only want to create a hidden Windows operating system and a decoy a Windows

28
00:02:18,500 --> 00:02:19,720
operating system.

29
00:02:19,730 --> 00:02:27,560
If you also want a third encrypted system such as for example Cally Linux please see the next video

30
00:02:27,560 --> 00:02:28,600
on dual booting.

31
00:02:28,730 --> 00:02:35,210
Although do keep in mind that when you start getting into dual boot situations with hidden operating

32
00:02:35,210 --> 00:02:41,810
systems things get very very complicated and the risk of making a mistake that will require you to reformat

33
00:02:41,810 --> 00:02:43,940
your hard drive doesn't crease.

34
00:02:43,970 --> 00:02:50,830
One more thing if your BIOS has secure boot enabled it will be necessary to disable it.

35
00:02:50,930 --> 00:02:53,530
You do so at your own risk.

36
00:02:53,630 --> 00:02:58,340
It may not be possible in all versions of bios to disable secure boot.

37
00:02:58,370 --> 00:03:03,110
So please read the documentation for whatever version of bios you happen to be running.

38
00:03:03,230 --> 00:03:10,670
In most cases it is simply necessary to toggle enabled to disabled and then save the changes.

39
00:03:10,700 --> 00:03:17,540
It is likewise possible in some versions of bios to change from you CFI to legacy.

40
00:03:17,540 --> 00:03:20,000
Again simply by toggling a switch.

41
00:03:20,000 --> 00:03:26,450
This is also done entirely at your own risk and will most certainly require you to do a complete Ring

42
00:03:26,450 --> 00:03:30,980
installation of your Windows operating system before you begin.

43
00:03:30,980 --> 00:03:36,980
I can't stress enough how important it is to have all of your data backed up externally and that you'd

44
00:03:36,980 --> 00:03:42,260
be 100 percent comfortable reformatting your hard drive if anything goes wrong.

45
00:03:42,260 --> 00:03:49,880
Another thing to point out is that this tutorial is assuming you have a rather generic partition arrangement

46
00:03:49,910 --> 00:03:53,030
which is to say you have your system partition.

47
00:03:53,030 --> 00:04:00,500
If your computer has an odd partition arrangement it may be necessary for you to restructure it before

48
00:04:00,500 --> 00:04:03,020
you're able to follow the steps in this tutorial.

49
00:04:03,020 --> 00:04:10,760
Unfortunately this will be different for everybody who has a different setup so I can't really demonstrate

50
00:04:10,760 --> 00:04:16,640
how that would work but hopefully from what you see of making changes to the partition table in this

51
00:04:16,640 --> 00:04:20,450
video you'll have enough information that you'll feel confident doing that.

52
00:04:20,480 --> 00:04:26,000
Please be sure to fully update your Windows installation before you proceed.

53
00:04:26,090 --> 00:04:32,450
You can of course still download updates after encryption but nothing is worse than being in the middle

54
00:04:32,450 --> 00:04:40,100
of a critical reboot and having an update totally reconfigure everything and again both Windows installations

55
00:04:40,160 --> 00:04:46,310
the hidden and the decoy absolutely must be authenticated before you encrypt them.

56
00:04:46,340 --> 00:04:47,630
It's very important.

57
00:04:47,810 --> 00:04:48,280
OK.

58
00:04:48,350 --> 00:04:49,800
Let's dive in.

59
00:04:49,820 --> 00:04:51,950
You have your Windows product key.

60
00:04:51,950 --> 00:04:58,850
Your installation disk your boot repair disk and maybe also a way to wipe your hard drive such as Derek's

61
00:04:58,850 --> 00:05:01,830
boot nuke from more information on that last one.

62
00:05:01,850 --> 00:05:03,640
Please see the appropriate video.

63
00:05:03,650 --> 00:05:09,260
This demonstration will be using Windows 10 although the procedure is the same for older versions of

64
00:05:09,260 --> 00:05:09,940
Windows.

65
00:05:09,950 --> 00:05:17,700
The first thing we need to do is press the Windows plus X key and then select disk management.

66
00:05:17,720 --> 00:05:24,380
What we're doing here is creating a second partition that is going to exist behind our current system

67
00:05:24,380 --> 00:05:25,210
partition.

68
00:05:25,220 --> 00:05:32,240
The idea is that we're going to turn the second partition into an encrypted container very script is

69
00:05:32,240 --> 00:05:38,450
then going to migrate the Windows installation that we're running right now into the encrypted volume.

70
00:05:38,450 --> 00:05:44,270
Essentially it's going to copy it over this installation is going to become our hidden operating system.

71
00:05:44,270 --> 00:05:51,200
In this demonstration the current windows that we're running right now on C drive is going to be moved

72
00:05:51,800 --> 00:05:56,260
over to D Drive which we're about to create.

73
00:05:56,270 --> 00:06:03,020
This is going to leave the C drive completely empty or to put it another way the first partition will

74
00:06:03,020 --> 00:06:08,120
be completely empty when we're done and the second partition that we're about to create will contain

75
00:06:08,120 --> 00:06:10,180
our hidden operating system.

76
00:06:10,190 --> 00:06:18,110
We're then going to install a fresh installation of Windows on our now empty first partition or C drive

77
00:06:18,260 --> 00:06:21,710
and that is going to be our decoy operating system.

78
00:06:21,710 --> 00:06:26,420
The end goal is to have two windows installations at once.

79
00:06:26,420 --> 00:06:33,620
One Password will cause the decoy system to boot and unencrypted and another password will boot.

80
00:06:33,620 --> 00:06:40,730
The hidden operating system if set up properly it is theoretically impossible to tell through any form

81
00:06:40,730 --> 00:06:42,710
of analysis of the hard drive.

82
00:06:42,710 --> 00:06:45,250
There are two operating systems present.

83
00:06:45,290 --> 00:06:51,560
Please read through the very crypto documentation very carefully if you wish to understand how this

84
00:06:51,590 --> 00:06:56,300
so-called plausible deniability works within the decoy system.

85
00:06:56,330 --> 00:07:05,420
The D Drive is going to appear to be just a normal encrypted partition that is to say the second partition

86
00:07:05,420 --> 00:07:06,430
that we're creating.

87
00:07:06,440 --> 00:07:12,170
You can even mount that partition using a password to make the deception appear genuine.

88
00:07:12,170 --> 00:07:16,310
We will be placing some sensitive looking files into this partition.

89
00:07:16,310 --> 00:07:17,920
At the time of its creation.

90
00:07:17,930 --> 00:07:25,520
That way if we're ever called upon to mounted we can do so and it will appear to simply be an encrypted

91
00:07:25,520 --> 00:07:27,470
non system partition.

92
00:07:27,500 --> 00:07:31,490
In reality this partition will contain our hidden operating system.

93
00:07:31,520 --> 00:07:37,920
With that in mind it is a requirement that we allocate more than half of the available space to the

94
00:07:37,920 --> 00:07:39,130
second partition.

95
00:07:39,140 --> 00:07:46,180
In fact you need to allocate 5 percent more than half of the maximum amount of space.

96
00:07:46,190 --> 00:07:53,740
In other words if you have a 200 gigabyte hard drive your second partition needs to be at least 105

97
00:07:53,900 --> 00:07:58,070
gigabytes in size half as big plus 5 percent.

98
00:07:58,070 --> 00:08:04,010
If your second partition is not large enough when you try to initiate the process very script will throw

99
00:08:04,010 --> 00:08:08,080
up an error telling you to allocate more space before proceeding.

100
00:08:08,100 --> 00:08:14,930
So what we're going to do is run to right click on our system volume and we're going to select shrink

101
00:08:14,990 --> 00:08:23,710
volume for this demonstration I'm going to leave the minimum amount on the first partition so we can

102
00:08:23,710 --> 00:08:30,520
see that our second partition which we're about to create is unallocated space and it is significantly

103
00:08:30,520 --> 00:08:32,920
larger than our system partition.

104
00:08:32,920 --> 00:08:34,960
You can allocate this however you like.

105
00:08:34,990 --> 00:08:43,140
We will right click on our unallocated space and select new simple volume click Next we're going to

106
00:08:43,140 --> 00:08:46,280
allocate all of this space click next.

107
00:08:46,380 --> 00:08:56,360
You can assign a particular drive letter if you wish click Next we'll go ahead and format to NTFS click

108
00:08:56,370 --> 00:09:05,630
next and finish with this done we can close out of disk management and go ahead and launch Vera script.

109
00:09:05,640 --> 00:09:11,400
Please keep in mind that Vera crypt must be installed to your hard drive for this procedure to work.

110
00:09:11,430 --> 00:09:15,750
It will not allow you to create a hidden system in the portable mode to start with.

111
00:09:15,750 --> 00:09:20,810
We need to click on system encrypt system partition drive.

112
00:09:20,820 --> 00:09:25,890
This will seem familiar if you've watched the prior videos only this time we're going to click the second

113
00:09:25,890 --> 00:09:30,090
radial button to create a hidden operating system.

114
00:09:30,090 --> 00:09:38,210
Click next and next again provided that you allocated enough disk space to your second partition you

115
00:09:38,210 --> 00:09:44,150
should see this message otherwise you will be prevented from proceeding until you've made the necessary

116
00:09:44,150 --> 00:09:48,970
adjustment read this warning carefully.

117
00:09:49,160 --> 00:09:55,790
It is telling you what I've essentially already said you must be ready to install a fresh copy of Windows

118
00:09:55,790 --> 00:09:57,410
to the decoy partition.

119
00:09:57,410 --> 00:09:59,560
Once the hidden system is created.

120
00:09:59,810 --> 00:10:06,290
Make sure you have all of the disks you need and all of your important files backed up before proceeding

121
00:10:06,950 --> 00:10:09,400
when you're ready click OK.

122
00:10:09,440 --> 00:10:13,310
And yes we are going to grant authorization now.

123
00:10:13,340 --> 00:10:16,550
You may or may not receive this message.

124
00:10:16,550 --> 00:10:22,560
Depending on how your windows is configured if you don't see this then you can skip to the next step.

125
00:10:22,580 --> 00:10:28,850
If you do what this is telling you is that there are paging files on non system partitions.

126
00:10:28,850 --> 00:10:34,300
This can adversely affect plausible deniability of the hidden operating system.

127
00:10:34,310 --> 00:10:40,910
It is therefore very strongly recommended that you click yes here which will configure windows to create

128
00:10:40,940 --> 00:10:45,890
paging files only on the windows partition from now on.

129
00:10:45,890 --> 00:10:49,170
Doing this will require a system reboot.

130
00:10:49,370 --> 00:10:55,750
So I'm going to go ahead and click yes here and we will reboot the system and we're back from our reboot.

131
00:10:55,760 --> 00:10:57,710
Windows has been reconfigured.

132
00:10:57,710 --> 00:11:05,670
Let me just get back to where we were so we are going to open up very crypt system in crypt system partition

133
00:11:05,670 --> 00:11:11,150
drive hidden.

134
00:11:11,170 --> 00:11:14,800
Now we find ourselves on the screen of doom.

135
00:11:14,950 --> 00:11:22,870
I call it the screen of doom because it is fiendishly deceptive where a lot of people go wrong is the

136
00:11:23,770 --> 00:11:30,190
select multi boot thinking that because you're dealing with two windows operating systems such as as

137
00:11:30,190 --> 00:11:36,940
shown in the example that this is the correct option hits really not in fact even when setting up multiple

138
00:11:36,940 --> 00:11:38,070
operating systems.

139
00:11:38,080 --> 00:11:40,410
This is still really not the right way to go.

140
00:11:40,450 --> 00:11:45,790
So we're going to select the single boot radial button and we're going to click next this pop up is

141
00:11:45,790 --> 00:11:50,200
basically telling you about two important salient points.

142
00:11:50,200 --> 00:11:57,280
First your hidden operating system won't be allowed to hibernate your decoy system can hibernate normally

143
00:11:58,150 --> 00:12:00,940
you can select no at this point.

144
00:12:00,940 --> 00:12:08,840
However removing the extra boot partition is outside of the scope of this tutorial the next pop up is

145
00:12:08,840 --> 00:12:15,350
advising us that for security reasons we must make sure that the current operating system is activated

146
00:12:15,680 --> 00:12:17,870
and authenticated before proceeding.

147
00:12:17,870 --> 00:12:21,770
This is your last chance to do so before we begin.

148
00:12:21,800 --> 00:12:26,240
So if you haven't exit Vera crypt and do so you have click.

149
00:12:26,240 --> 00:12:34,340
Yes with all of that preamble out of the way it is now time to create our hidden volume.

150
00:12:34,340 --> 00:12:38,930
This should seem very familiar if you watched the prior videos in this module.

151
00:12:38,930 --> 00:12:43,830
This so-called outer volume is going to be our decoy partition.

152
00:12:43,850 --> 00:12:51,530
In other words when we are in our decoy operating system the hidden system is going to appear to be

153
00:12:51,530 --> 00:12:56,910
a regular encrypted partition to make sure that the deception is convincing.

154
00:12:56,930 --> 00:13:03,380
We need to create this outer volume and put some sensitive looking files into it in case wherever called

155
00:13:03,380 --> 00:13:12,080
upon to mount that partition inside the decoy operating system we are now presented with our encryption

156
00:13:12,140 --> 00:13:13,570
options.

157
00:13:13,610 --> 00:13:20,120
These will be the encryption and hash algorithms that very crypto will be using as before we have the

158
00:13:20,150 --> 00:13:24,530
option of using a single algorithm or a cascade of algorithms.

159
00:13:24,530 --> 00:13:25,920
The choice is yours.

160
00:13:26,060 --> 00:13:32,780
However I strongly recommend you to select a single algorithm for system encryption.

161
00:13:32,780 --> 00:13:39,140
The reason is that using multiple algorithms is going to be slow and it will drag your system performance

162
00:13:39,140 --> 00:13:40,340
down considerably.

163
00:13:40,370 --> 00:13:47,270
If system performance is not a concern and you want maximum security well by all means do as you like

164
00:13:47,390 --> 00:13:51,020
but realize that all of these are solid choices.

165
00:13:51,020 --> 00:13:58,670
The United States military itself uses advanced encryption standard to encrypt top secret data and that

166
00:13:58,670 --> 00:14:00,800
will be good enough for this demonstration.

167
00:14:00,800 --> 00:14:07,910
Also keep in mind you aren't likely to ever use the decoy partition for anything and in fact you really

168
00:14:07,910 --> 00:14:08,540
shouldn't.

169
00:14:08,570 --> 00:14:11,840
As you run the risk of corrupting your hidden operating system.

170
00:14:11,840 --> 00:14:16,480
As for the hash algorithm there really isn't a wrong choice here.

171
00:14:16,490 --> 00:14:23,080
You can read up on the different algorithms if you desire but they are all rock solid for this demonstration.

172
00:14:23,090 --> 00:14:28,850
I'll be using SHA 256 when you've made your selections click next.

173
00:14:28,850 --> 00:14:35,180
Notice that on this next screen the option to change volume size is great out.

174
00:14:35,240 --> 00:14:37,160
Just click next.

175
00:14:37,160 --> 00:14:39,170
Now we need to set our password.

176
00:14:39,170 --> 00:14:41,920
This is actually more tricky than it sounds.

177
00:14:41,930 --> 00:14:48,770
You probably won't ever use this password since in the normal scheme of things you won't ever be accessing

178
00:14:48,770 --> 00:14:55,130
the decoy partition so you need to remember this password so that you can access the partition if you're

179
00:14:55,130 --> 00:14:56,990
ever called upon to do so.

180
00:14:57,050 --> 00:15:04,020
Yet if you make the password simple enough to be easily brute forced it won't be convincing.

181
00:15:04,100 --> 00:15:11,510
After all if you use a password less than 20 characters long why did you even bother to encrypt at all.

182
00:15:11,510 --> 00:15:14,470
I really can't give you any specific advice here.

183
00:15:14,510 --> 00:15:17,330
You just have to use your best judgment.

184
00:15:17,450 --> 00:15:24,020
Pick a password that can't be brute forced easily and you'll remember despite the fact that you'll probably

185
00:15:24,020 --> 00:15:27,220
never have any occasion to use it.

186
00:15:27,260 --> 00:15:34,790
I explained about key files and P.M. in the last video so I won't go into length about them here except

187
00:15:34,790 --> 00:15:42,650
to say that key files add an extra layer of security by requiring certain files to be present when the

188
00:15:42,650 --> 00:15:44,330
password is entered.

189
00:15:44,330 --> 00:15:51,290
If these files are lost or become corrupted by even a few killer bytes they will no longer function.

190
00:15:51,350 --> 00:15:54,310
So do this at your own risk.

191
00:15:54,320 --> 00:16:01,550
Also keep in mind that if you are ever ordered by a legal authority to grant access to this volume and

192
00:16:01,550 --> 00:16:08,060
you find that you can't because the key files have become lost or corrupted you may be in seriously

193
00:16:08,060 --> 00:16:10,230
hot water legally speaking.

194
00:16:10,370 --> 00:16:16,970
Even if there is nothing important stored on the decoy drive for this reason I recommend against using

195
00:16:16,970 --> 00:16:22,010
key files and I further recommend that you avoid the P.M. option.

196
00:16:22,010 --> 00:16:28,780
The choice is of course yours when you're ready click next.

197
00:16:28,820 --> 00:16:36,020
This looks really simple and it is but it's also complicated very crypto is asking you if you wish to

198
00:16:36,020 --> 00:16:43,040
store files larger than 4 gigabytes on the decoy drive in the prior video covering how to encrypt a

199
00:16:43,040 --> 00:16:44,240
USP device.

200
00:16:44,240 --> 00:16:51,980
I rather mischaracterized the selection of NTSC f format for the outer volume by saying that it cuts

201
00:16:51,980 --> 00:16:54,030
the available space in half.

202
00:16:54,080 --> 00:16:58,510
It does but only relative to how much data you have on the drive.

203
00:16:58,520 --> 00:17:05,060
In other words what I should have said is if you save a 4 gigabyte file and format the outer volume

204
00:17:05,090 --> 00:17:12,260
to enter CSF around a little more than 8 gigabytes worth of space is going to end up being used up or

205
00:17:12,290 --> 00:17:15,590
double the total amount of space used in the container.

206
00:17:15,590 --> 00:17:19,880
This is because NTFS likes to put stuff in the middle of the partition.

207
00:17:19,880 --> 00:17:27,200
This may be a bit confusing so to cut right to the point you really want to click no here.

208
00:17:27,200 --> 00:17:35,020
If you decide to click yes and go with NTFS you'll be wasting some space.

209
00:17:35,020 --> 00:17:41,470
This is our Random pool and as we move the mouse around within the very crypt or True Crypt window the

210
00:17:41,470 --> 00:17:44,020
complexity of the pool will grow.

211
00:17:44,020 --> 00:17:50,140
This is one of the safety precautions that these pieces of software use so that you're not 100 percent

212
00:17:50,140 --> 00:17:53,220
dependent upon windows cryptographic functions.

213
00:17:53,260 --> 00:17:59,710
These functions can fail and they can also be potentially compromised by nation state actors to produce

214
00:17:59,710 --> 00:18:02,730
weak or predictable random pools.

215
00:18:02,740 --> 00:18:08,170
This would make it trivially easy to obtain the master key and access the file.

216
00:18:08,170 --> 00:18:13,870
For that reason it is recommended that you waive your mouse cursor around inside this window like a

217
00:18:13,870 --> 00:18:20,230
crazy person for as long as you can stand it in order to increase the cryptographic strength and randomness

218
00:18:20,290 --> 00:18:23,760
of your encrypted container file or partition.

219
00:18:23,770 --> 00:18:25,700
Do this for as long as you can.

220
00:18:25,720 --> 00:18:30,590
The little bar down here at the bottom of the screen is really just a suggestion.

221
00:18:30,640 --> 00:18:36,160
If we click the display pool button in the obscuring symbols will be changed to hexadecimal.

222
00:18:36,160 --> 00:18:41,050
When you're satisfied with the cryptographic strength of your pool click format.

223
00:18:41,290 --> 00:18:47,500
You of course don't have any files on your newly created partition but very crypt is being nice here

224
00:18:47,500 --> 00:18:50,170
and warning you all the same if you do.

225
00:18:50,170 --> 00:18:53,640
These files will be overwritten So with that in mind click.

226
00:18:53,650 --> 00:18:54,910
Yes if you're ready.

227
00:18:55,610 --> 00:19:01,330
Very crypt is now going to format the outer volume depending on the size the partition.

228
00:19:01,340 --> 00:19:06,390
This can take hours days or even weeks.

229
00:19:06,410 --> 00:19:13,370
Please make sure that your system is kept somewhere cool and then nothing flammable as nearby as it

230
00:19:13,370 --> 00:19:16,700
may heat up somewhat during this process.

231
00:19:16,760 --> 00:19:21,980
I find this is especially true with old laptops with poorly functioning cooling systems.

232
00:19:21,980 --> 00:19:27,620
Please also make sure that at no point during this process your system loses power.

233
00:19:27,620 --> 00:19:31,460
This is not the sort of thing that you can stop and then resume later.

234
00:19:31,460 --> 00:19:36,160
I will of course be making a cut to this recording to speed this process along.

235
00:19:36,380 --> 00:19:40,460
But when you do this yourself you will need to be patient

236
00:19:44,600 --> 00:19:49,880
okay with that step out of the way it is now time to fill up the outer volume.

237
00:19:49,880 --> 00:19:56,030
I need to stress that this is going to be your one and only chance to do so.

238
00:19:56,060 --> 00:20:01,460
You cannot add files to the outer volume later without running the risk of corrupting your hidden operating

239
00:20:01,460 --> 00:20:02,700
system.

240
00:20:02,780 --> 00:20:04,930
Click the open volume button.

241
00:20:07,050 --> 00:20:15,060
And then drag sensitive looking files that you have chosen into this seeming partition remember.

242
00:20:15,300 --> 00:20:19,590
The idea here is that this is a decoy drive.

243
00:20:19,620 --> 00:20:25,890
If someone literally forces you to give up your password you give the password to the to this outer

244
00:20:25,890 --> 00:20:29,540
volume instead of your hidden operating system.

245
00:20:29,580 --> 00:20:35,980
If they can't tell the difference but this really only works if you have something within the outer

246
00:20:35,980 --> 00:20:40,550
volume that looks like something that you'd want to hide.

247
00:20:40,590 --> 00:20:46,960
Just remember not to put anything you truly wish to hide or make use of inside.

248
00:20:46,960 --> 00:20:54,620
So I've gone ahead and I've created this text file that says secret looking information and I'm just

249
00:20:54,620 --> 00:21:00,840
going to drag it right into the partition once you're done.

250
00:21:00,850 --> 00:21:07,790
You can close out of this and click the next button.

251
00:21:07,840 --> 00:21:11,590
It is now time to create the real hidden volume.

252
00:21:11,590 --> 00:21:15,130
This is going to be your hidden Windows operating system.

253
00:21:16,770 --> 00:21:19,340
This pop up is very very important.

254
00:21:19,350 --> 00:21:26,490
You need to remember which algorithms you select in the next step and make sure that the exact same

255
00:21:26,490 --> 00:21:30,400
choices are used when you set up your decoy system.

256
00:21:30,420 --> 00:21:33,920
I suggest you write down your choices on a piece of paper.

257
00:21:33,960 --> 00:21:42,870
Remember that using a cascade of encryption methods like ATX to fish serpent is going to substantially

258
00:21:42,870 --> 00:21:45,340
reduce your system performance.

259
00:21:45,360 --> 00:21:52,890
It's fine for a USP drive but it will drive you absolutely crazy if you do it on a laptop.

260
00:21:52,920 --> 00:21:54,720
It is of course up to you.

261
00:21:54,720 --> 00:22:03,060
As I said in prior videos there is no wrong choice here advanced encryption standard by itself or a

262
00:22:03,060 --> 00:22:06,280
yes is used by the United States military.

263
00:22:06,300 --> 00:22:12,940
As I said to secure secret data and Serpent and to fish are also very popular choices.

264
00:22:12,960 --> 00:22:16,140
Read up on these different algorithms if you like.

265
00:22:16,140 --> 00:22:22,020
Just remember that using multiple algorithms will reduce your loading speeds for this demonstration.

266
00:22:22,020 --> 00:22:25,650
I'm going to select a s for the hash algorithm.

267
00:22:25,650 --> 00:22:33,360
You have a choice between SHA 256 and or IP BMD 160.

268
00:22:33,360 --> 00:22:42,730
I will select SHA 256 when you've made your selections click Next notice that we're being told to select

269
00:22:42,790 --> 00:22:45,100
a distinctive password.

270
00:22:45,100 --> 00:22:46,660
This is important.

271
00:22:46,660 --> 00:22:52,600
Whatever password we select for the hidden operating system needs to be substantially different than

272
00:22:52,600 --> 00:22:58,240
the one that we use for the outer volume and the decoy operating system.

273
00:22:58,450 --> 00:23:04,780
Even though I'll be using a simple password in this demonstration you really don't want to use less

274
00:23:04,780 --> 00:23:06,790
than 20 characters.

275
00:23:06,790 --> 00:23:11,390
He files are an option and you can set your P I am.

276
00:23:11,410 --> 00:23:15,240
However PJM is really a bit advanced if you don't set it.

277
00:23:15,300 --> 00:23:19,420
It uses the default which really is just fine.

278
00:23:19,420 --> 00:23:20,980
It is your option.

279
00:23:20,980 --> 00:23:27,100
While I do not recommend using key files for the reasons I have already stated you have that choice

280
00:23:27,100 --> 00:23:28,530
as well.

281
00:23:28,600 --> 00:23:30,040
Remember one thing.

282
00:23:30,040 --> 00:23:38,320
If you lose your password or if you lose your key files or they become corrupted or if you set pin and

283
00:23:38,320 --> 00:23:45,280
then forget the value that you set there is absolutely no way to recover this information and access

284
00:23:45,280 --> 00:23:47,110
your hidden operating system.

285
00:23:47,110 --> 00:23:48,510
You will be out of luck.

286
00:23:51,870 --> 00:23:53,970
When you've set up your credentials click Next

287
00:23:57,050 --> 00:23:57,530
I trust.

288
00:23:57,530 --> 00:24:05,370
By now this screen needs no further explanation wave your mouse cursor around for as long as you can

289
00:24:05,370 --> 00:24:06,440
stand it.

290
00:24:06,630 --> 00:24:11,510
Remember that the little bar at the bottom of the screen is only a suggestion.

291
00:24:11,670 --> 00:24:13,970
The longer you do this the better.

292
00:24:13,980 --> 00:24:20,010
Notice that the file system and cluster options are great out at this stage.

293
00:24:20,010 --> 00:24:25,190
These will be automatically determined by Vera crypt based on the options you've already selected.

294
00:24:25,410 --> 00:24:31,750
And I do want to throw in a little footnote here about the difference between true crypt and Vera crypt.

295
00:24:32,040 --> 00:24:41,310
True Crypt was found in the audit to contain a slight bug that was fixed in Vera crypt in the unlikely

296
00:24:41,310 --> 00:24:46,650
event that Windows cryptographic were to fail.

297
00:24:46,770 --> 00:24:58,960
Then this header and master key would be very easy to deconstruct if it were only relying upon windows

298
00:24:58,960 --> 00:25:00,160
cryptographic.

299
00:25:00,310 --> 00:25:06,220
Now as I said waving the mouse cursor around and gathering entropy increases the cryptographic strength

300
00:25:06,670 --> 00:25:09,110
and means you're not completely dependent on us.

301
00:25:09,220 --> 00:25:16,600
Now the reason I'm pointing this out is that the bug is that true crypt will allow you to proceed even

302
00:25:16,600 --> 00:25:25,630
if Windows cryptographic were to fail when what it should do is barf catch fire and explode a very crypt

303
00:25:25,630 --> 00:25:31,710
will not so very crypt will prompt you if there's some problem with your cryptographic set.

304
00:25:31,720 --> 00:25:37,320
I have never seen this happen but I wanted to point it out and now seemed like a good time.

305
00:25:37,330 --> 00:25:39,610
So when you're ready click format.

306
00:25:41,550 --> 00:25:43,240
Done and done.

307
00:25:43,500 --> 00:25:49,620
Just like with the creation of a hidden volume on USP the creation of a hidden volume happens almost

308
00:25:49,620 --> 00:25:51,910
instantly click next.

309
00:25:51,930 --> 00:25:57,300
Now get ready for the pain you thought creating outer volume took a long time.

310
00:25:57,300 --> 00:25:59,160
You ain't seen nothing yet.

311
00:25:59,340 --> 00:26:05,970
As soon as we click the Start button bear crypt will begin to copy this current version of Windows that

312
00:26:05,970 --> 00:26:10,700
we are in right now into the hidden volume that we just created.

313
00:26:10,740 --> 00:26:19,530
It is then going to wipe out all traces of the existence of the current windows installation in a secure

314
00:26:19,530 --> 00:26:25,540
manner that we that we will be prompted to specify when you're ready click Start.

315
00:26:25,590 --> 00:26:29,470
We are now going to be required to restart our computer once again.

316
00:26:29,700 --> 00:26:32,650
So we will click yes.

317
00:26:32,860 --> 00:26:35,620
Welcome to the very crypt bootloader.

318
00:26:35,620 --> 00:26:39,490
If you watch the prior videos this should seem familiar to you.

319
00:26:39,490 --> 00:26:47,560
It is possible to abort at this stage by pressing the escape key which will let you boot into windows.

320
00:26:47,560 --> 00:26:50,300
We haven't as of yet done anything.

321
00:26:50,470 --> 00:26:56,230
As soon as we put in our password to our hidden operating system however everything is going to be set

322
00:26:56,230 --> 00:26:57,090
in motion.

323
00:26:57,100 --> 00:26:58,420
Enter your hidden password.

324
00:26:58,420 --> 00:26:58,790
Now

325
00:27:03,880 --> 00:27:08,030
if you selected a specific value for Pym you would enter it now.

326
00:27:08,290 --> 00:27:17,030
Otherwise just press the Enter key the password will now verify I've noticed that this verification

327
00:27:17,030 --> 00:27:21,620
process takes substantially longer with Vera crypt than it does with true crypt.

328
00:27:21,620 --> 00:27:27,530
Presumably this is a result of updated security although the true crypt audit which you can read about

329
00:27:27,530 --> 00:27:30,720
online if you're interested and I do encourage you to do so.

330
00:27:30,770 --> 00:27:34,040
Found no flaws with the bootloader implementation.

331
00:27:34,160 --> 00:27:37,580
In any case you are in for a bit of a wait here.

332
00:27:37,580 --> 00:27:44,020
But once the password does verify the process of copying the hidden operating system will begin.

333
00:27:44,030 --> 00:27:45,170
There we go.

334
00:27:45,170 --> 00:27:51,860
The version of Windows we were just using on the C partition or first partition is now being copied

335
00:27:51,860 --> 00:27:56,630
into the hidden container or volume that we have created on the D partition.

336
00:27:56,630 --> 00:27:58,400
That's the second partition.

337
00:27:58,400 --> 00:28:05,240
Once this is done we'll boot into the hidden operating system on our newly created second partition

338
00:28:05,930 --> 00:28:13,320
and be prompted to securely delete and wipe all data located on that first partition.

339
00:28:13,400 --> 00:28:20,540
Once that is done we are going to install the exact same version of Windows as the one that we're using

340
00:28:20,540 --> 00:28:26,240
on the hidden operating system onto the newly wiped C drive or first partition.

341
00:28:26,240 --> 00:28:33,290
Then we're going to activate it download all of the updates which you won't actually see me do but you

342
00:28:33,290 --> 00:28:41,060
should do it and then we're going to encrypt it as if it were a single operating system.

343
00:28:41,060 --> 00:28:48,140
Once both systems are encrypted the very script bootloader will direct you to the correct system based

344
00:28:48,140 --> 00:28:50,370
on which password you enter.

345
00:28:50,390 --> 00:28:56,870
In other words if you wish to boot into the decoy system you would supply the decoy password.

346
00:28:56,870 --> 00:29:02,390
If you want to boot into hidden operating system which is currently being created for us at this moment

347
00:29:02,870 --> 00:29:06,540
then you'll need to supply the hidden password.

348
00:29:06,600 --> 00:29:12,510
It is strongly recommended that you read through all of the very crypto documentation on hidden operating

349
00:29:12,510 --> 00:29:16,680
systems so that you can maintain plausible deniability.

350
00:29:16,680 --> 00:29:23,610
It is also recommended that you use your decoy operating system from time to time so that it shows signs

351
00:29:23,610 --> 00:29:27,450
of being used a decoy system that is never used.

352
00:29:27,450 --> 00:29:29,550
Makes a very poor decoy.

353
00:29:29,550 --> 00:29:35,460
I would also like to note in case you are a little worried at this point that the decoy system works

354
00:29:35,490 --> 00:29:42,210
exactly like a normal windows installation since there are actually two separate partitions you can

355
00:29:42,210 --> 00:29:49,170
save files on the decoy operating system normally without any fear of corrupting the hidden system as

356
00:29:49,170 --> 00:29:55,360
would be the case if you saved files to the outer volume without first placing it into protected mode.

357
00:29:55,380 --> 00:30:00,090
This will be demonstrated a little later in this video for right now.

358
00:30:00,090 --> 00:30:06,720
I'm going to make a cut to the recording so that we can skip to the end of this process and we can rejoin

359
00:30:06,720 --> 00:30:09,390
it as soon as we're back in Windows.

360
00:30:09,420 --> 00:30:11,250
Copying is now complete.

361
00:30:11,400 --> 00:30:15,110
So enter the password to your hidden operating system.

362
00:30:18,130 --> 00:30:24,100
Remember to just press enter for the PEM unless you set a specific value.

363
00:30:24,100 --> 00:30:25,180
Then you'd enter that value.

364
00:30:25,180 --> 00:30:29,460
Now windows should boot and I'll see you in a moment.

365
00:30:29,470 --> 00:30:30,720
Fantastic.

366
00:30:30,760 --> 00:30:33,120
Our hidden system has now started.

367
00:30:33,220 --> 00:30:37,030
You can read through this if you want to.

368
00:30:37,030 --> 00:30:42,970
It is just telling you that even though we appear to be on the C drive or the first partition we are

369
00:30:42,970 --> 00:30:45,640
in fact on the second partition.

370
00:30:45,640 --> 00:30:53,290
Of course your partition designations may vary but the point is that applications will not be able to

371
00:30:53,290 --> 00:31:00,280
tell the difference between hidden and decoy systems because both systems will appear to be the primary

372
00:31:00,280 --> 00:31:04,840
system partition or the C drive while you're using them.

373
00:31:04,900 --> 00:31:13,370
If we click the defer button we can postpone the next step until our next reboot.

374
00:31:13,450 --> 00:31:19,070
If you're ready to proceed click Next time to wait again.

375
00:31:19,150 --> 00:31:23,570
The original system needs to be securely deleted as you know.

376
00:31:23,590 --> 00:31:28,570
Simply deleting something off a hard drive won't actually make the information go away.

377
00:31:29,590 --> 00:31:36,970
It can still be recovered with certain tools and forensic techniques to truly secure data.

378
00:31:36,970 --> 00:31:43,840
We're going to need to overwrite the data we delete with random nonsense.

379
00:31:43,840 --> 00:31:50,230
The more we do this the harder it will be to recover the original operating system or to detect that

380
00:31:50,230 --> 00:31:51,850
one existed.

381
00:31:51,850 --> 00:31:56,890
So we're going to click next as I explained in the prior video.

382
00:31:56,970 --> 00:32:04,170
The number of passes indicates how securely your data is going to be wiped but also adds time to this

383
00:32:04,260 --> 00:32:06,370
already lengthy process.

384
00:32:06,660 --> 00:32:11,250
One pass will simply overwrite the operating system and that's that.

385
00:32:11,250 --> 00:32:17,760
Three passes is a better level of security and is used by the Department of Defense of the United States

386
00:32:17,760 --> 00:32:26,550
to wipe secret data seven passes is used by the DOJ to wipe data classified top secret and above 35

387
00:32:26,550 --> 00:32:35,250
passes a.k.a. the Gutman wipe is generally used only when you plan to ultimately discard the drive.

388
00:32:35,250 --> 00:32:39,800
It is extremely taxing on even conventional hard drives.

389
00:32:39,870 --> 00:32:47,910
And remember also that solid state drives have a limited number of rewrites before they begin to fail.

390
00:32:47,910 --> 00:32:53,630
The choice is yours but three passes should be very sufficient for most users.

391
00:32:54,480 --> 00:33:01,740
If you have the time to devote and if you are paranoid 7 passage should be enough to defeat even the

392
00:33:01,740 --> 00:33:09,180
most determined adversary however if your life hangs in the balance and absolutely positively must do

393
00:33:09,180 --> 00:33:12,230
so then you can select Guttman.

394
00:33:12,300 --> 00:33:17,020
I've never heard of anyone selecting 256 passes.

395
00:33:17,100 --> 00:33:22,740
It was I wasn't even aware very crypt added this option and frankly it's beyond insane.

396
00:33:22,890 --> 00:33:28,080
If you ever have a hard drive that requires that level of time and effort to wipe.

397
00:33:28,230 --> 00:33:33,280
Honestly you're better off just smashing it to bits and burying the pieces.

398
00:33:33,690 --> 00:33:41,100
250 passes will not be a good choice for hard drive longevity and I strongly recommend that you not

399
00:33:41,100 --> 00:33:43,330
choose it anyway.

400
00:33:43,350 --> 00:33:45,300
Make your selection and click next

401
00:33:52,210 --> 00:33:53,380
click wipe.

402
00:33:53,410 --> 00:33:59,140
Once again you'll be prompted with a warning that the entire contents of the original operating system

403
00:33:59,140 --> 00:34:00,630
will be erased.

404
00:34:00,760 --> 00:34:08,620
Once again we're going to be asked to generate entropy through mouse movements for a random pool.

405
00:34:08,630 --> 00:34:13,680
This is because Windows cryptographic functions can potentially fail or be compromised.

406
00:34:13,850 --> 00:34:15,830
As I've spoken about at some length

407
00:34:19,060 --> 00:34:26,680
doing this may seem silly or burdensome but it adds an extra layer of security that is not easily sabotaged

408
00:34:27,220 --> 00:34:32,540
when you're done click continue and yes to authorize.

409
00:34:32,540 --> 00:34:39,220
As always we have to authorize and once done very crypto will proceed to wipe the original drive.

410
00:34:39,260 --> 00:34:44,660
Keep in mind as you watch this that the amount of space that we're dealing with in this demonstration

411
00:34:44,960 --> 00:34:49,310
is quite small and I'm only doing a single pass.

412
00:34:49,440 --> 00:34:53,590
That's to say a single wipe for a modern hard drive.

413
00:34:53,600 --> 00:35:00,170
Be prepared to devote many hours to the stage of the process and if you selected something like Gutmann

414
00:35:00,190 --> 00:35:06,350
or 256 passes you're gonna be here a while.

415
00:35:06,400 --> 00:35:07,190
All right.

416
00:35:07,200 --> 00:35:11,270
The contents of the original system have now been securely erased.

417
00:35:11,370 --> 00:35:15,690
Our first partition that we started out on is now totally blank.

418
00:35:15,720 --> 00:35:23,270
You should read through this information carefully and maybe even printed the first thing it is telling

419
00:35:23,270 --> 00:35:29,020
you to do is power off your computer and leave it powered off for at least several minutes.

420
00:35:29,090 --> 00:35:33,080
Although ideally you should do so for up to an hour.

421
00:35:33,080 --> 00:35:38,470
This is because memory still remains active in the RAM chips until they have had time to cool.

422
00:35:38,630 --> 00:35:42,320
And this might include evidence of your hidden system's existence.

423
00:35:42,320 --> 00:35:50,000
Once that is done the next step will be to install windows onto the now empty first partition.

424
00:35:50,000 --> 00:35:55,790
Remember this has to be the same version of windows as the hidden system.

425
00:35:55,790 --> 00:35:59,900
If you're running Windows 10 professional for your hidden system.

426
00:35:59,900 --> 00:36:03,640
You need to install Windows 10 professional as your decoy.

427
00:36:03,830 --> 00:36:08,590
If your hidden system was Windows XP you'll need to install Windows XP.

428
00:36:08,600 --> 00:36:15,560
The third point to be aware of is that once you install windows the very crypt bootloader is going to

429
00:36:15,560 --> 00:36:20,480
be erased and hidden operating system will not be mutable.

430
00:36:20,480 --> 00:36:21,550
That is normal.

431
00:36:21,560 --> 00:36:22,560
Don't panic.

432
00:36:22,700 --> 00:36:24,820
It's part of the process.

433
00:36:24,890 --> 00:36:30,110
You can read the rest of this if you want to but you'll be seeing me do it in a moment.

434
00:36:30,110 --> 00:36:36,890
Do notice number 8 that you need to select the same algorithms for the decoy system as you did for the

435
00:36:36,890 --> 00:36:39,280
hidden operating system.

436
00:36:39,290 --> 00:36:45,080
That is why I said to write them down and here again we're being warned of the same thing.

437
00:36:45,900 --> 00:36:52,920
I find that the hourglass continues to spin pretty much forever but we are done with this step so we

438
00:36:52,920 --> 00:36:56,200
can actually exit the very crypt window.

439
00:36:56,310 --> 00:37:02,750
Now we're going to shut down our computer and we're going to leave it off for a good long while.

440
00:37:02,880 --> 00:37:07,320
Which of course you won't see represented in this video again.

441
00:37:07,370 --> 00:37:10,790
I recommend you do this for about an hour.

442
00:37:10,790 --> 00:37:12,130
It is up to you.

443
00:37:12,200 --> 00:37:16,130
The documentation says a few minutes do as you wish.

444
00:37:17,340 --> 00:37:25,080
After that we're going to need to insert our windows installation media whether it's a C.D. or a USB

445
00:37:25,140 --> 00:37:30,920
stick and we're gonna boot our computer from it and then install Windows normally.

446
00:37:31,200 --> 00:37:35,790
The key that you press when your computer reboots.

447
00:37:35,790 --> 00:37:45,400
That allows you to boot from either CDE or USP will vary from computer to computer.

448
00:37:45,490 --> 00:37:49,870
You can also make changes in your BIOS boot order if you wish.

449
00:37:49,990 --> 00:37:59,260
That will cause your CV drive or USP stick to be checked first before your hard drive and will boot

450
00:37:59,350 --> 00:38:00,710
from those devices.

451
00:38:00,820 --> 00:38:08,660
If media is present so this is going to be a very straightforward process of reinstalling windows all

452
00:38:08,660 --> 00:38:15,430
of which you'll see me do though I will make recording edits here and there to speed things along.

453
00:38:15,620 --> 00:38:21,840
So when you're ready go ahead and shut down and will begin when you power backup.

454
00:38:21,890 --> 00:38:22,240
All right.

455
00:38:22,250 --> 00:38:23,370
So here we are.

456
00:38:23,420 --> 00:38:29,300
Our computer has been off for a while and now we've rebooted using our Windows Media.

457
00:38:29,300 --> 00:38:35,870
In this case Windows 10 and we're going to walk through the process of installing windows.

458
00:38:35,870 --> 00:38:38,060
This is all very straightforward.

459
00:38:38,060 --> 00:38:39,320
There shouldn't be any hiccups.

460
00:38:39,320 --> 00:38:40,040
We're going to click.

461
00:38:40,030 --> 00:38:42,720
Next we're going to click install now.

462
00:38:42,950 --> 00:38:48,420
This is a very straightforward process of following prompts all of which you'll see me do.

463
00:38:48,500 --> 00:38:52,930
So this is where we would enter our product key.

464
00:38:52,960 --> 00:38:54,530
You should do so now.

465
00:38:54,670 --> 00:38:56,750
You can't skip this step if you don't have it.

466
00:38:56,770 --> 00:39:02,430
But remember you need to activate your Windows installation before you encrypted.

467
00:39:02,430 --> 00:39:04,340
And this is very important.

468
00:39:04,430 --> 00:39:09,550
Now obviously it doesn't matter if you're doing it in virtual box for practice but you will run into

469
00:39:09,550 --> 00:39:13,330
problems later on if you're doing this on a real system.

470
00:39:13,330 --> 00:39:17,620
And it could compromise your deniability and your anonymity.

471
00:39:17,620 --> 00:39:19,840
So I'm going to click I don't have a product key.

472
00:39:19,840 --> 00:39:22,020
Select your operating system.

473
00:39:22,030 --> 00:39:25,680
You may not receive this prompt if you only have one on your disk.

474
00:39:25,720 --> 00:39:27,940
I'm using Windows 10 professional.

475
00:39:28,210 --> 00:39:38,830
Click Next agree to the Foulston contract with Microsoft and click next click custom.

476
00:39:38,830 --> 00:39:44,840
Now remember the first partition after the system reserved is the one that we wiped.

477
00:39:45,010 --> 00:39:49,630
The second partition contains our hidden operating system.

478
00:39:49,630 --> 00:39:57,050
If you get confused remember that the hidden partition is always the larger of the two make your selection

479
00:39:57,050 --> 00:39:58,600
and click next.

480
00:39:58,640 --> 00:40:03,110
If you were to select your hidden system by mistake you will erase it.

481
00:40:03,110 --> 00:40:07,610
So be careful.

482
00:40:07,660 --> 00:40:12,070
Now we just wait and wait and wait some more.

483
00:40:12,190 --> 00:40:18,580
Windows will carry itself through the installation process once all of the files are copied you'll be

484
00:40:18,580 --> 00:40:22,820
asked to toggle a few preference switches.

485
00:40:22,930 --> 00:40:28,510
You can flip these switches in any way that suits you or you can use the Express settings.

486
00:40:28,510 --> 00:40:33,460
And with that done you will eventually find yourself back in windows.

487
00:40:33,490 --> 00:40:40,120
I will make a recording edit to skip all of that unnecessary dross and get right to the point.

488
00:40:40,420 --> 00:40:46,360
You shouldn't run into any problems just follow the procedure and you will boot into windows normally.

489
00:40:46,360 --> 00:40:50,930
Keep in mind that your true crypt bootloader is going to be deleted.

490
00:40:50,980 --> 00:40:57,250
So until we complete the next steps you will not be able to access the hidden operating system at all.

491
00:40:57,250 --> 00:41:01,140
Here we are in our freshly installed Windows 10.

492
00:41:01,240 --> 00:41:09,750
Now we're just going to go to the very crypt Web site and we're going to download it normally.

493
00:41:09,750 --> 00:41:15,150
Remember that we'll need to download the installer and not the portable version once downloaded.

494
00:41:15,150 --> 00:41:16,920
We're going to run the installer normally

495
00:41:20,540 --> 00:41:21,000
OK.

496
00:41:21,100 --> 00:41:23,560
We're gonna run through the installation real quick.

497
00:41:23,590 --> 00:41:30,380
Select your language agree to the terms click next and install

498
00:41:34,710 --> 00:41:36,680
with the installation complete.

499
00:41:36,980 --> 00:41:43,650
We're gonna go ahead and we're going to run very script normally from here.

500
00:41:43,690 --> 00:41:51,760
We're going to go to system and we're going to choose encrypt system partition slash drive.

501
00:41:51,820 --> 00:41:56,290
Now remember we've already created our hidden operating system.

502
00:41:56,290 --> 00:42:04,380
So we're going to select normal and click Next we're going to select the first option encrypt the Windows

503
00:42:04,410 --> 00:42:12,670
system partition click Next now comes the ultra deceptive screen of confusing.

504
00:42:12,690 --> 00:42:18,400
Once again you might think that selecting multi boot would be the way to go here.

505
00:42:18,600 --> 00:42:23,310
But in reality that is pretty much never the correct selection.

506
00:42:23,310 --> 00:42:27,910
Select single boot and then click next.

507
00:42:28,090 --> 00:42:32,260
It is super important that we get this next selection right.

508
00:42:32,260 --> 00:42:36,590
Remember I said to write down your selections when you made the hidden system.

509
00:42:36,730 --> 00:42:42,340
You must make the same choices on this screen as you did for the hidden system.

510
00:42:42,460 --> 00:42:50,650
If you selected advanced encryption standard and SHA 256 for the hidden operating system you must make

511
00:42:50,710 --> 00:42:53,000
that same selection here.

512
00:42:53,080 --> 00:42:59,170
If either the encryption algorithm or the hash algorithm are different the hidden operating system is

513
00:42:59,170 --> 00:43:00,870
not going to boot.

514
00:43:00,970 --> 00:43:04,920
Once you're done click next.

515
00:43:04,940 --> 00:43:09,180
Now we need to choose our password for the decoy operating system.

516
00:43:09,380 --> 00:43:14,960
Again it is important that you pick a good password to make the deception credible.

517
00:43:14,960 --> 00:43:16,750
You also need to remember it.

518
00:43:16,940 --> 00:43:19,430
If you're ever forced to give up your password.

519
00:43:19,640 --> 00:43:22,400
This is the password that you'd want to give up.

520
00:43:22,730 --> 00:43:23,510
Again.

521
00:43:23,510 --> 00:43:25,700
Key files are an option.

522
00:43:25,700 --> 00:43:31,760
Do not select the use of Pim option unless you did so with the hidden system.

523
00:43:31,760 --> 00:43:37,370
And if you did set Pym with the hidden system be sure to use the same setting here

524
00:43:43,770 --> 00:43:53,030
when you've entered all of your credentials and made your selections click next.

525
00:43:53,050 --> 00:43:56,420
This is the random pool collection.

526
00:43:56,420 --> 00:44:00,580
By now I trust that it's pretty clear what's actually happening here.

527
00:44:00,700 --> 00:44:05,930
Wave your mouse cursor around fill up the bar or longer if you wish.

528
00:44:06,530 --> 00:44:10,760
And when you're ready you'll just click next.

529
00:44:10,760 --> 00:44:11,470
There we go.

530
00:44:15,190 --> 00:44:19,890
Go ahead and authorize her keys have now been generated.

531
00:44:20,060 --> 00:44:21,530
Click next.

532
00:44:21,560 --> 00:44:29,160
Now comes the tricky bit both true crypt and Vera crypt require you to create a rescue disk.

533
00:44:29,510 --> 00:44:36,470
If you encounter a situation where windows will not start or if the very crypt bootloader itself gets

534
00:44:36,470 --> 00:44:44,270
messed up or otherwise corrupted the disk will allow you to repair the damage and keep one very important

535
00:44:44,270 --> 00:44:45,260
detail in mind.

536
00:44:45,260 --> 00:44:56,460
However the rescue disk is not a substitution for the password and or key files and or Pim if you forget

537
00:44:56,760 --> 00:45:05,540
your password or lose your keys or if you specify APM and you forget it you are simply out of luck.

538
00:45:05,610 --> 00:45:13,280
We can use the Browse button to select where we want the iso file to be saved.

539
00:45:13,340 --> 00:45:22,130
This file will then be placed on some form of external media such as a USP or burned to a C.D. before

540
00:45:22,130 --> 00:45:23,190
proceeding.

541
00:45:23,360 --> 00:45:31,370
Very cryptic gives you the option to skip the rescue disk verification which is handy if your system

542
00:45:31,400 --> 00:45:33,560
doesn't have any way to mount it.

543
00:45:33,560 --> 00:45:35,860
True Crypt does not give you this option.

544
00:45:36,680 --> 00:45:42,830
If you're using True Crypt you will need to mount the iso image somehow either by right clicking it

545
00:45:42,860 --> 00:45:49,280
and selecting the mount option in certain versions of Windows or by using third party software in Windows

546
00:45:49,280 --> 00:45:53,600
7 to mount the ISO as if it were a drive for this tutorial.

547
00:45:53,600 --> 00:45:57,770
I'm going to go ahead and click skip rescue just verification.

548
00:45:57,770 --> 00:46:04,900
Once you've made your selection click Next the rescue disk has been created.

549
00:46:04,930 --> 00:46:14,180
This is the time when you would burn it onto a city or place it onto a USP click next.

550
00:46:14,210 --> 00:46:18,570
Now this warning is interesting and I'd like you to please take note of it.

551
00:46:18,620 --> 00:46:22,660
This is telling us that each rescue disk is unique.

552
00:46:22,850 --> 00:46:29,870
So if you've done this in the past or if you get a rescue disk from a friend it will not work.

553
00:46:29,900 --> 00:46:35,530
You will need to use this rescue disc for this system click OK.

554
00:46:35,690 --> 00:46:43,610
OK last but not least we need to once again select our WIP mode since we already covered this with the

555
00:46:43,610 --> 00:46:44,870
hidden system creation.

556
00:46:44,870 --> 00:46:49,760
I won't go over it again for this demonstration I am selecting none.

557
00:46:49,760 --> 00:46:55,250
Keep in mind that the more passes you select the longer this process is going to take and the harder

558
00:46:55,250 --> 00:46:57,510
it's going to be on your drive.

559
00:46:57,590 --> 00:47:02,100
Please do not select Guttman unless you feel you absolutely have to.

560
00:47:02,270 --> 00:47:04,960
When you're ready click next.

561
00:47:04,970 --> 00:47:11,960
The last step is going to be the system encryption pretest when we click the test button.

562
00:47:11,990 --> 00:47:18,680
Windows is going to reboot and we will be presented with the very script password screen.

563
00:47:18,680 --> 00:47:25,550
If we fail to enter our password or if something broke along the way the test will fail and no harm

564
00:47:25,550 --> 00:47:26,820
will be done.

565
00:47:26,990 --> 00:47:32,780
If the password works and everything else functions correctly we'll be prompted to proceed with the

566
00:47:32,780 --> 00:47:34,660
encryption process.

567
00:47:34,670 --> 00:47:39,850
Please note however that you must not boot into the hidden system at this time.

568
00:47:40,070 --> 00:47:45,140
It will seriously goof things up when you're ready click test.

569
00:47:45,140 --> 00:47:49,580
You may wish to print this information read through it if you wish.

570
00:47:49,580 --> 00:47:56,240
The important takeaway here is that if Windows does not start during the pre-test simply press the escape

571
00:47:56,240 --> 00:48:03,980
key at the bootloader screen to end the test and boot the system normally will now be prompted asking

572
00:48:03,980 --> 00:48:05,600
us if we're ready to restart.

573
00:48:05,600 --> 00:48:14,190
We will say yes here we are once again on the bootloader screen cosmetically This is almost identical

574
00:48:14,190 --> 00:48:19,590
to the true script bootloader screen except that we have the option to show our password in Pym and

575
00:48:19,590 --> 00:48:22,550
also to skip authentication with the escape key.

576
00:48:22,590 --> 00:48:25,260
Remember this is only the pre-test.

577
00:48:25,260 --> 00:48:27,740
Our system is not yet being encrypted.

578
00:48:27,990 --> 00:48:33,250
Enter the password you selected for the decoy operating system again.

579
00:48:33,300 --> 00:48:37,530
Do not enter the password for the hidden system or the outer volume

580
00:48:40,210 --> 00:48:41,180
under Pim.

581
00:48:41,190 --> 00:48:45,530
Just press enter unless you specified a value remember.

582
00:48:45,530 --> 00:48:50,550
True Crypt has no Pym prompt.

583
00:48:50,780 --> 00:48:54,490
It will now verify our password and this may take a minute or two.

584
00:48:54,530 --> 00:48:59,620
Once done windows should boot normally Great.

585
00:48:59,750 --> 00:49:01,800
Our pretest was successful.

586
00:49:01,850 --> 00:49:04,580
Now we could click the defer button.

587
00:49:04,580 --> 00:49:11,950
If we don't wish to begin encrypting right now or if already will click and encrypt read through this

588
00:49:11,950 --> 00:49:14,200
pop up and printed if you wish.

589
00:49:14,200 --> 00:49:17,820
It is simply telling you how to use the rescue desk if you need to.

590
00:49:18,010 --> 00:49:19,420
When you're ready click OK.

591
00:49:20,680 --> 00:49:25,860
Click yes to grant authorization now we can see the encryption process.

592
00:49:26,020 --> 00:49:28,720
It would begin with the wiping of free space.

593
00:49:28,780 --> 00:49:31,820
If we had selected a white mode other than none.

594
00:49:31,960 --> 00:49:34,690
I said all of this in the last video.

595
00:49:34,690 --> 00:49:38,210
But you may have skipped it and it does bear repeating.

596
00:49:38,410 --> 00:49:40,560
So I'll say it again now.

597
00:49:40,780 --> 00:49:45,290
I really can't stress just how long this takes.

598
00:49:45,310 --> 00:49:48,630
You're seeing this performed on a very small amount of space.

599
00:49:48,640 --> 00:49:52,960
But for a real system this process can take days.

600
00:49:52,960 --> 00:49:57,280
A four terabyte hard drive might take up to a week or more.

601
00:49:57,310 --> 00:50:00,390
Of course it depends on many factors.

602
00:50:00,400 --> 00:50:06,760
I therefore suggest that you place your system somewhere cool and keep all potentially flammable objects

603
00:50:06,760 --> 00:50:12,280
away from it as you mean to leave it on for an extended period of time unattended.

604
00:50:12,400 --> 00:50:16,240
And the hard drive usage may cause it to heat up considerably.

605
00:50:16,240 --> 00:50:22,930
I found this to be quite a problem with older laptops that have poor cooling systems.

606
00:50:22,960 --> 00:50:28,280
Please also keep in mind the laws of your region of the world concerning encryption.

607
00:50:28,510 --> 00:50:32,490
As I mentioned in the last video I am not an international lawyer.

608
00:50:32,680 --> 00:50:40,540
Depending on where you are in the world encryption may not be legal or you may be under a legal obligation

609
00:50:40,540 --> 00:50:47,620
to surrender your password and keys upon request by certain authorities even if they do not have a warrant

610
00:50:47,680 --> 00:50:49,110
as such.

611
00:50:49,240 --> 00:50:53,440
If you fail to comply with these laws you may end up in hot water.

612
00:50:53,440 --> 00:50:57,220
This is very important to remember when you're traveling abroad.

613
00:50:57,370 --> 00:51:04,630
It might be 100 percent legal to encrypt your laptop in the United States but you might be in for a

614
00:51:04,630 --> 00:51:10,720
nasty shock when you travel to certain parts of the world and airport authorities demand that you decrypt

615
00:51:10,720 --> 00:51:16,930
your laptop or worse you must therefore do your due diligence and make certain that you are employing

616
00:51:16,930 --> 00:51:22,810
these techniques in a way that is consistent with the laws of wherever you are to avoid getting into

617
00:51:22,810 --> 00:51:24,210
any legal trouble.

618
00:51:24,250 --> 00:51:31,300
The hidden operating system and plausible deniability exists so that in the event that some criminal

619
00:51:31,300 --> 00:51:37,870
attempts to compel you to give up your password you have a way of protecting your real data withholding

620
00:51:37,870 --> 00:51:44,170
the hidden password from lawful authorities when you are expressly required by law to give up all of

621
00:51:44,170 --> 00:51:47,220
your encryption keys may be illegal.

622
00:51:47,230 --> 00:51:53,200
Please have all of this sorted out in your head before you ever find yourself in a situation where you

623
00:51:53,200 --> 00:51:54,790
need to think about it.

624
00:51:54,790 --> 00:51:57,700
Encryption is a very good technology.

625
00:51:57,700 --> 00:52:00,970
It protects innocent people from oppressive powers.

626
00:52:00,970 --> 00:52:07,680
Helps to ensure honest journalism and protect important information from criminal theft.

627
00:52:07,690 --> 00:52:11,520
There are many good and lawful reasons to employ encryption.

628
00:52:11,650 --> 00:52:14,240
Even at the level that we're seeing in this video.

629
00:52:14,320 --> 00:52:21,070
Well it wasn't absolutely necessary to download all updates for your operating system before encrypting

630
00:52:21,070 --> 00:52:21,640
it.

631
00:52:21,640 --> 00:52:29,260
The reason I suggested that you do this is because particularly with Windows 10 when rebooting your

632
00:52:29,260 --> 00:52:35,650
operating system you may find that it has downloaded things behind your back and it goes through a massive

633
00:52:35,650 --> 00:52:37,770
long reconfiguration process.

634
00:52:37,810 --> 00:52:43,550
For example right in the middle of your encryption pretest and that's really a pain to deal with.

635
00:52:43,660 --> 00:52:45,440
So it's something to keep in mind.

636
00:52:45,580 --> 00:52:46,320
All right.

637
00:52:46,360 --> 00:52:48,820
Encryption process is finished.

638
00:52:49,030 --> 00:52:59,710
Now all we need to do is reboot or reboot normally I'm sure this screen needs no further introduction

639
00:53:00,460 --> 00:53:02,320
should be familiar by now.

640
00:53:02,500 --> 00:53:09,880
If we enter our decoy password our decoy operating system will boot if we enter our hidden password

641
00:53:10,060 --> 00:53:12,670
our hidden operating system will boot.

642
00:53:12,670 --> 00:53:19,790
We're going to be booting into our hidden system first to verify that everything did in fact work.

643
00:53:19,840 --> 00:53:27,130
Remember just a press enter for the Pym unless you specified a value fantastic or hidden operating system

644
00:53:27,130 --> 00:53:29,210
booted and is working normally.

645
00:53:29,530 --> 00:53:35,980
And this pop up will continue to appear unless you click the do not show this again button and it is

646
00:53:35,980 --> 00:53:43,420
simply reminding us about local unencrypted file systems and Non hidden very corrupt volumes are mounted

647
00:53:43,420 --> 00:53:49,090
as being read only and this will include any USP devices that you plug into your system.

648
00:53:49,120 --> 00:53:54,780
So we don't need this reminder forever I'm going to click do not show this again and now we're going

649
00:53:54,780 --> 00:53:57,300
to reboot one more time in this time.

650
00:53:57,300 --> 00:54:03,990
We're going to boot into the decoy operating system so here we are at the bootloader screen once again

651
00:54:04,350 --> 00:54:09,020
we're going to enter our decoy password great.

652
00:54:09,190 --> 00:54:11,510
The decoy has also booted normally.

653
00:54:11,560 --> 00:54:12,130
All right.

654
00:54:12,220 --> 00:54:18,820
We could end right here but there is one more detail to go over before we call it a job well done and

655
00:54:18,820 --> 00:54:21,040
give ourselves a pat on the back.

656
00:54:21,040 --> 00:54:25,750
Notice that we have two drives here CND.

657
00:54:25,780 --> 00:54:32,110
Fun fact C is always going to be the operating system that you're currently in regardless of whether

658
00:54:32,110 --> 00:54:39,760
you're running it in decoy or the hidden OS but the important takeaway here is that you have this second

659
00:54:39,760 --> 00:54:47,150
partition and if you were to examine it closely it appears to be filled with random data.

660
00:54:47,170 --> 00:54:50,830
If we try to open it we'll be prompted to format it.

661
00:54:50,950 --> 00:54:52,170
Do not do this.

662
00:54:53,080 --> 00:54:56,880
If you click format you will your race your hidden operating system.

663
00:54:56,890 --> 00:55:00,420
How then can we explain this encrypted partition.

664
00:55:00,430 --> 00:55:06,120
If someone were to ask this is where the outer volume password comes into play.

665
00:55:06,250 --> 00:55:11,590
So we're going to open very crypt and we're going to go ahead and select a drive that is not currently

666
00:55:11,590 --> 00:55:16,520
in use for simplicity's sake I'm going to highlight the Z drive.

667
00:55:16,630 --> 00:55:23,100
Then we're going to click select device and we're going to choose this D partition click OK.

668
00:55:23,200 --> 00:55:30,220
Now we're going to mount the volume by clicking mount and we're going to enter our outer volume password

669
00:55:32,110 --> 00:55:42,430
click OK the partition is now mounted and registers as being a normal type.

670
00:55:42,490 --> 00:55:44,410
It is actually anything but normal.

671
00:55:44,410 --> 00:55:47,010
However this is all part of the deception.

672
00:55:47,050 --> 00:55:50,170
Once the drive is mounted we can access it.

673
00:55:50,170 --> 00:55:54,000
Normally under the newly mounted Z drive

674
00:55:56,780 --> 00:56:05,450
inside this Z drive will be the sensitive looking files that look like something we would want to encrypt.

675
00:56:05,480 --> 00:56:11,870
Someone very knowledgeable about how Barbara crypt works might suspect the deception but will be unable

676
00:56:11,870 --> 00:56:14,980
to prove the existence of a hidden operating system.

677
00:56:14,990 --> 00:56:19,940
This gives you the plausible deniability spoken about in the very cryptic documentation.

678
00:56:19,940 --> 00:56:21,280
One last thing.

679
00:56:21,290 --> 00:56:27,060
Do not under any circumstances add or modify files on this drive.

680
00:56:27,110 --> 00:56:30,850
You run the risk of damaging your hidden operating system.

681
00:56:31,070 --> 00:56:38,000
If you need to interact with this file space at a time when you're not under any sort of threat such

682
00:56:38,000 --> 00:56:43,880
as when you're alone then you need to mount the drive in what is called protected mode.

683
00:56:43,880 --> 00:56:51,560
However doing this will reveal to anyone who's watching that it is in protected mode and will reveal

684
00:56:51,560 --> 00:56:53,530
the presence of a hidden operating system.

685
00:56:54,110 --> 00:56:59,690
So to do this we're going to close this file and we're going to dismount the drive so we're going to

686
00:56:59,690 --> 00:57:02,470
mount the file again just like we did before.

687
00:57:02,660 --> 00:57:06,050
Only this time we're going to go into Mount options.

688
00:57:06,050 --> 00:57:12,110
We're going to click protect hidden volume against damage caused by writing to the outer volume and

689
00:57:12,110 --> 00:57:16,820
we're going to supply the password to our hidden operating system.

690
00:57:19,400 --> 00:57:24,710
As well as any Pym or key files that we use then we're going to click OK

691
00:57:27,530 --> 00:57:33,310
and then we're going to sort we're going to enter the outer volume password as a normal click.

692
00:57:33,320 --> 00:57:42,020
OK this message is telling us that the hidden volume is now protected against damage until it is dismounted.

693
00:57:42,020 --> 00:57:47,940
Notice that now the character of the volume is revealed as outer under type.

694
00:57:48,230 --> 00:57:53,810
So only mount the volume in this way again when you're alone and then only when you absolutely have

695
00:57:53,810 --> 00:57:54,470
to.

696
00:57:54,560 --> 00:57:56,440
And that's really about it.

697
00:57:56,630 --> 00:58:02,530
How you use your decoy and hidden operating systems is entirely up to you.

698
00:58:02,540 --> 00:58:10,850
However I would suggest making frequent use of your decoy making your daily driver for most of the things

699
00:58:10,850 --> 00:58:18,170
that you do only use the hidden system for activities or when dealing with data that needs to stay hidden.

700
00:58:18,230 --> 00:58:26,180
That way if anyone ever has any cause to examine your decoy system it will appear lived in a decoy system

701
00:58:26,210 --> 00:58:29,800
that is never used is going to look extremely suspicious.

702
00:58:30,760 --> 00:58:37,420
Also remember that the hidden operating system right protects things like external media to prevent

703
00:58:37,420 --> 00:58:38,560
data leaks.

704
00:58:38,710 --> 00:58:45,400
So you may find that certain activities like transferring files by a USP is a pain when using the hidden

705
00:58:45,400 --> 00:58:47,400
OS in the last video.

706
00:58:47,410 --> 00:58:53,600
I gave a demonstration of how to remove the encryption for an operating system if you so desire.

707
00:58:53,800 --> 00:58:57,150
Please see that video for more information about doing that.

708
00:58:57,220 --> 00:58:58,540
If you wish.

709
00:58:58,540 --> 00:59:05,650
However this will leave you with two windows systems installed side by side and a potentially broken

710
00:59:05,650 --> 00:59:06,520
bootloader.

711
00:59:06,610 --> 00:59:11,110
So please make sure you have a boot repaired disc handy.

712
00:59:11,320 --> 00:59:18,070
If you decide to do that if at any point you wish to start over from scratch and I do mean from square

713
00:59:18,070 --> 00:59:24,820
one or if you just wish to securely delete all encrypted data once you're done using all of your encrypted

714
00:59:24,820 --> 00:59:32,230
systems please see the video later in this module covering Derek's boot and nuke boot and nuke will

715
00:59:32,230 --> 00:59:38,950
completely wipe a hard drive including its partition table and allow you to start fresh with the obvious

716
00:59:38,950 --> 00:59:44,890
catch being that all of your data will be totally erased securely but erased.

717
00:59:44,890 --> 00:59:51,730
Finally it's worth repeating that for any of this to work you will need to disable protected boot settings

718
00:59:51,790 --> 00:59:54,380
in your BIOS if they exist.

719
00:59:54,400 --> 00:59:59,590
This is done at your own risk and may require you to reinstall your operating system.

720
00:59:59,620 --> 01:00:06,550
It may also be possible to switch from GP t partitioning to MPR and put the boot loader into legacy

721
01:00:06,550 --> 01:00:07,240
mode.

722
01:00:07,300 --> 01:00:13,810
Again this is done at your own risk although it may make things much smoother because every version

723
01:00:13,810 --> 01:00:15,400
of bios is a little different.

724
01:00:15,400 --> 01:00:21,090
There isn't really any way to showcase this so you may need to research the subject a bit.

725
01:00:21,220 --> 01:00:28,840
If you are considering doing it and to make sure it's right for you and your system I do recommend practicing

726
01:00:28,870 --> 01:00:37,570
using a virtual machines until you get the hang of this before you try to do it on your actual system.

727
01:00:37,570 --> 01:00:38,890
Thank you for your attention.

728
01:00:38,890 --> 01:00:40,180
I'll see you in the next video.