This question is for examining privacy concerns: I am looking for some good reading links OR some insight from other members. Scenario: a user (me) has removable media (external drive or flash) that is almost full and contains ONLY one large Truecrypt volume. The external drive/flash is formatted in the NTFS filesystem so that the TC volume can be very large. The user does NOT want to device encrypt but to keep the file based volume scenario. Assuming the drive is used only via TrueCrypt and to access the encrypted volume: what traces or changes do you think are made to the NTFS system volume record on the "outside" of the volume when the OS accesses the encrypted volume? I am NOT concerned in this thread with traces on the computer - ONLY - what would physically be present on the removable media outside of the volume and stored in the NTFS "journals".