Jan 092016

This week, I gotan interestingquestion from a customer: What do you recommend to safely store files in a directoryon my laptop?. They are plenty of ways to achievethis, the right choice depending on the encryption reliability, the ease of use and maybe some technical requirements. Sometimes, a simple encrypted zip file will do the job, sometimes something stronger is mandatory. In Microsoft environments, Bitlocker isa nice solution since Windows 7. But itwas not the right choice for my customer, he did not want to use Bitlocker in its FDE (Full Disk Encryption) way. For years, Im a big fan of TrueCrypt which is able to work with partitions but also with containers. When not used, those areseen just asbig binaryfiles for the operating system. Since the bad story that happened to TrueCrypt, I switched to GostCrypt, a 100% compatible alternative developed by a group of universities.

If your environment is fully running on top of Windows OS, why not use Bitlocker after all? If its not possible to encrypt a single directory (as requested by my customer), why not create a container in theTrueCrypt way? Do you know thatWindows is able to create virtual disk and mount them like a mount -o loop on Linux?This operation is achievedwithdiskpart, a command line tool available inC:WindowsSystem32.

Start a command prompt,launch diskpartand a new command line window will open: (Note: you will be playing with the filesystem, so administrator” />

Lets go! First we must create a virtual disk of the size you need, the size being in MB:”>
DISKPART create vdisk file=c:container.vhd maximum=120 type=fixed 100 percent completedDiskPart successfully created the virtual disk file.

DISKPART select vdisk file=c:container.vhdDiskPart successfully selected the virtual disk file.DISKPART attach vdisk 100 percent completedDiskPart successfully attached the virtual disk file.DISKPART list vdisk VDisk ### Disk ### State Type File ——— ——– ——————– ——— —-* VDisk 0 Disk 1 Attached not open Fixed c:container.vhdDISKPART list partitionThere are no partitions on this disk to show.DISKPART create partition primaryDiskPart succeeded in creating the specified partition.DISKPART list partition Partition ### Type Size Offset ————- —————- ——- ——-* Partition 1 Primary 18 MB 64 KBDISKPART select partition 1Partition 1 is now the selected partition.DISKPART format fs=ntfs label=Secret Container 100 percent completedDiskPart successfully formatted the volume.DISKPART activeDiskPart marked the current partition as active.DISKPART assign letter=qDiskPart successfully assigned the drive letter or mount point.DISKPART” />

To unmount the container, use the detach vdisk”>
select vdisk file=c:container.vhdselect partition 1attach vdisk

You can execute this script via the following command. Once mounted, the classic”>
C: diskpart /s bitlocker.txt

With this method, you can easily exchange Bitlocker containers with peers, you can create multiple containers for multiple projects and you can createcontainers on USB disks without having to reserve the entire space for this purpose!

Xavier Mertens
ISC Handler – Freelance Security Consultant

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Sorry, the comment form is closed at this time.

%d bloggers like this: