Truecrypt - Unencrypted Decoy OS/Encrypted Hidden OS

Hello, I've read many threads on Wilders before joining. Some of which I did gain knowledge from. I did see a thread similar to this but it was from over a year ago.

I would like to have a Decoy/Main use Win 7 OS where I can have photos, videos, games, etc for general use.

I would also like to use an Encrypted Hidden Win 7 OS where I can have everything else.

Currently I have 120gb SSD and 1TB HD. As of now, Win 7 is on SSD, nothing more.

1. I would like for the Hidden OS to have no trace of it existing. I read that I can set in BIOS for Win to boot automatically to Decoy/Main.

2. Similar to question 1, can the bootmgr for my Hidden OS be on a Flash Drive so I'm only prompted for my password when I insert it? And if I attempted to boot Hidden OS nothing would happen because Flash wasn't inserted?

3. Can I have my Unencrypted Decoy/Main OS on my SSD and my Encrypted Hidden on the 1TB HD?

----------

Once I have my. Unencrypted and Encrypted Win 7 OS configured.

4. While on my Hidden OS (assuming its on my 1TB HD) can I save files to the HD that will not be accessible on the Decoy/Main OS?

5. Can I have an Encrypted Volume on my 1TB HD that's only accessible via the Encrypted OS?

6. What's the advantage/disadvantage of Encrypted Partition vs Encrypted Volume?

I attempted to sign up on the TC Forums but I only have free email service. None that are paid for.

 

I have time to answer a few of your questions but not all of them. ALL your questions are easy (once you understand the process).

It would be very easy to have a regular unencrypted system disk and then utilize a hidden OS. If you wanted the existence to be completely and absolutely hidden you can use a bootable flash as you mentioned in your post. One thing to think about though; discovery of that flash would be detrimental to your deniability of the hidden OS. Further; your configuration wouldn't be logical unless you installed TrueCrypt in the unencrypted system disk. This would allow you to have access to the outer volume and would provide a reasonable explanation for why the second volume is encrypted. i.e. it would make no sense to have a volume on a computer that you cannot reasonably access. Understand?

By way of clarification. TrueCrypt's hidden OS is accomplished by creating a device based encrypted partition, which utilizes an outer volume. That outer volume contains data that would be acceptable to reveal to an adversary if compelled to do so. There is NO proof that a hidden volume (in this case a hidden OS) exists within the structure of the device based partition. Its flawlessly designed as long as you don't introduce operator errors.

Utilizing this configuration you would receive zero prompting to mount the hidden OS unless the bootable flash was inserted prior to booting the machine. You can also remove the bootable flash immediately after the PBA password is accepted (and long prior to OS boot) so the boot files can never be "screwed with" by an adversary. Very secure way to conduct business as long as the physical security of the flash is preserved by YOU!!

Again, the rest of your questions are easy too.

Perhaps someone else here has some more time. Sorry I don't right now.

 

This is awesome and very exciting news. My only knowledge of encryption is getting an understanding of the Documentation from Truecrypt's website and reading threads on TC how-to, basically. I don't have any experience with TC.

I would really like to go this route and I know it might be asking much but when you get some time would you be willing to give me a tutorial for this method? I don't want to mess anything up my first time doing this.

Thanks for the info on this.

 

There are pages of threads, which are in fact great "How-To's" over at the TC forums. I will have to consider whether or not its appropriate to bring my guides over here. This isn't really an encryption problem task.

You are foregoing an amazing amount of discovery by not figuring out how to connect an account on the TC forums. Just saying!!

 

Okay. I'll go check it out. Upon singing up it said email services like hotmail, yahoo, gmail, etc are allowed to sign up but not allowed to post because of spam..

Do you have guides on the TC forums?