Imagine to be a contractor, and you want a secure blackbox to keep your customer data on your PC.
This will come very useful, for example, in case of loss or theft of your notebook.
A common approach is to encrypt the whole hard disk, but it has two main drawbacks:
- the whole system is slowed down by the disk encryption.
- usually it’s almost impossible to repair Windows on these encrypted units.
A good approach is to reserve a specific disk for each customer data.
This will allow us to concentrate them in a single secure place, but we might need to split our hard disks into many different partitions.
To avoid different disk partitions and billions of external disks or usb drives, we can use virtual hard disks.
Essentially they are similar to .ISO files, but they can be mounted as a logical disk and used to read and write data.
Using these files has terrific advantages on our logistic and maintenance processes.
We can store them in a single physical disk, we can easily backup them, and delete them when needed.
Solution A – Using BitLocker
BitLocker became a Windows 10 component to encrypt disks.
It has the huge advantage to be updated by MS, but a couples of disadvantages:
- it is available only starting from Professional windows version. From what I have seen, you can use BitLocked units in Home editions, but you cannot create them.
- mounting encrypted units is not-so-immediate process.
Creating a virtual disk
To create a virtual disk you need to:
- open Disk Management console (from <windows_key>+X menu for example).
- unselect any disk/partion
- open Action menu, and select Create VHD
- follow the wizard steps to create the .VHD file according to your needs.
Once done, you have to select the new disk unit and you have to:
- right click it, and select Initialize.
- then create a new partition.
At this point:
- open an Explorer window
- select This PC
- right-click our new disk
- and select Turn on BitLocker
- follow the wizard steps.
At the end of this process, we will have an encrypted virtual disk ready to be used.
Using the disk
To use this disk, we have only to mount it.
- open Disk Management console
- open Action menu
- select Attach VHD
- follow the instructions.
At the first access, BitLocker will ask for the password.
From this point, we can using it like a normal disk.
When we don’t need it anymore, we have to unmount by:
- opening an Explorer window
- selecting This PC
- right-click the mounted .VHD disk
- select Eject
Soluton B – using Veracrypt
Veracrypt is a stable open-source project ‘forked’ from abandoned Truecrypt project.
Mainly it has the 3 huge advantages over the previous solution:
- it is multiplatform. You can use it into any windows versions and editions, Linux, and Mac OS.
- it has its own wizards to easily create virtual encrypted disks.
- it is integrated with windows Explorer to mount them quickly.
Very easy to setup and use.