Users who use laptop computers must have such doubts, that is, when your laptop computer is lost or acquired due to force majeure, how can you prevent personal data files from being acquired by others?
To protect computer data and prevent others from seeing your data files (including directories and file names), the easiest and most reliable way is to use Windows BitLocker, the encryption tool that comes with Windows.
BitLocker Drive Encryption is a Windows data protection feature that protects data by encrypting the entire drive. Its goal is to free Windows users from the threat of data theft or leakage due to lost or stolen computer hardware.
BitLocker encryption technology can support both FAT and NTFS formats, can encrypt the entire system partition of the computer, and can also encrypt removable portable storage devices, such as U disks and mobile hard disks. BitLocker uses AES (Advanced Encryption Standard) 128-bit or 256-bit encryption algorithm for encryption, and the security and reliability of its encryption is guaranteed. Usually, as long as the user's password has sufficient strength, this encryption is very effective. Hard to crack.
encrypted drive
The method to encrypt a disk with BitLocker is very simple, open the resource manager, right-click on the disk you want to encrypt, and select "Enable BitLocker". Encryption can also be enabled and managed in Control Panel - System and Security - BitLocker Drive Encryption.
After the user clicks the "Enable BitLocker" button, you will be asked to set the encrypted drive password in the new pop-up window, click "Next" after entering it and choose where to save the recovery key.
Generally speaking, it is better to store the recovery key on a USB flash drive or print it out, because in that case, the encrypted drive is kept separate from the recovery key, which is more secure. If the recovery key is stored on the hard disk, it is possible It will be scanned and acquired by third-party tool software.
After that, BitLocker starts to encrypt the entire drive. BitLocker takes a long time to encrypt and decrypt the drive, and users need to wait for a long time.
After the encryption is completed, you can see that there is a lock on the original disk icon, which means that the drive has been encrypted.
Encrypted U disk and mobile hard disk
In addition, BitLocker also provides BitLocker To Go function, which is specially used to encrypt mobile storage devices such as U disk, mobile hard disk, etc. Its encryption and decryption are as simple and easy to use as local drives.
After inserting a USB flash drive into the computer, you can "Enable BitLocker" in "Control Panel" - "System and Security" - "BitLocker Drive Encryption". After entering the encryption interface, you will find that it is completely the same as the previous local drive encryption process. same.
At this time, because the USB flash drive is to be encrypted, you will see BitLocker prompting the user to save the recovery key to a local file or print on the computer. Generally, you can choose to save it in a local location. After the encryption is completed, when you check all the drives in the computer, you will see that there is an extra key on the U disk just now, which means that the drive has been encrypted.
After the encryption is completed, there is a lock on the disk icon of the U disk, which means that the U disk has been encrypted. After that, if you take out the U disk and insert it again, a prompt to enter the password will appear, and the U disk can only be opened by entering the correct password.
encrypted directory
Many users don't want to encrypt the entire disk, but want to encrypt only one folder or file. Although BitLocker does not support encryption of folders, a workaround can be used to encrypt folders or files.
The idea of encryption is very simple. Use the VHD function to create a virtual hard disk in the system, and then encrypt it with BitLocker, and then save our private files in this "encrypted disk".
VHD is a virtual disk file of Microsoft Virtual PC. VHD can be created and mounted separately in Windows system. The usage method is as follows:
Right-click "Computer" and select "Manage", in "Computer Management", we click "Disk Management", right-click and select "Create VHD". Click "Browse" here or enter the path of the VHD we want to create, and fill in the size of the virtual hard disk after confirmation. The size can be determined according to the available space of the hard disk and your own needs. Once confirmed, the system will start to create a new disk.
Refresh the disk management page, you can see a disk whose property is displayed as "unknown". Right-click the unknown disk, select "Initialize Disk", use the default format, and click OK. At this time we see that the unknown disk has become basic and online.
Right-click on the unallocated area, select "New Simple Volume", a dialog box appears, click Next until it is completed, and a new volume is displayed. At this point, our steps to create a VHD are completed.
At this point, the VHD virtual disk has been created, and we can use the method of encrypting the drive above to encrypt it with BitLocker.