HOWTO add encrypted disks to your PC

Imagine being a contractor, and you want a secure black box to keep your customer data on your PC.
This will come very useful, for example, in case of loss or theft of your notebook.

A common approach is to encrypt the whole hard disk, but it has two main drawbacks:

  1. the whole system is slowed down by disk encryption.
  2. usually, it’s almost impossible to repair Windows on these encrypted units.

A good approach is to reserve a specific disk for each customer’s data.

This will allow us to concentrate them in a single secure place, but we might need to split our hard disks into many different partitions.

To avoid different disk partitions and billions of external disks or USB drives, we can use virtual hard disks.
Essentially they are similar to .ISO files, but they can be mounted as a logical disk and used to read and write data.

Using these files has terrific advantages in our logistic and maintenance processes.
We can store them in a single physical disk, we can easily backup them, and delete them when needed.

Solution A – Using BitLocker

BitLocker became a Windows 10 component to encrypt disks.

It has a huge advantage to be updated by MS, but a couple of disadvantages:

  • it is available only starting from the Windows Professional version. From what I have seen, you can use BitLocker units in Home editions, but you cannot create them.
  • mounting encrypted units is a not-so-immediate process.

Creating a virtual disk

To create a virtual disk you need to:

  • open Disk Management console (from <windows_key>+X menu for example).
  • unselect any disk/partition
  • open Action menu, and select Create VHD
  • follow the wizard steps to create the .VHD file according to your needs.

Once done, you have to select the new disk unit and you have to:

  • right-click it, and select Initialize.
  • then create a new partition.

At this point:

  • open an Explorer window
  • select This PC
  • right-click our new disk
  • and select Turn on BitLocker
  • follow the wizard steps.

At the end of this process, we will have an encrypted virtual disk ready to be used.

Using the disk

To use this disk, we have only to mount it.

  • open Disk Management console
  • open Action menu
  • select Attach VHD
  • follow the instructions.

At the first access, BitLocker will ask for the password.

From this point, we can use it like a normal disk.

When we don’t need it anymore, we have to unmount by:

  • opening an Explorer window
  • selecting This PC
  • right-click the mounted .VHD disk
  • select Eject

Solution B – using Veracrypt

Veracrypt is a stable open-source project ‘forked’ from the abandoned Truecrypt project.

Mainly it has 4 huge advantages over the previous solution:

  • it is multiplatform. You can use it in any Windows version and edition, Linux, and Mac OS.
  • it has its own wizards to easily create virtual encrypted disks.
  • it is integrated with Windows Explorer to mount them quickly.
  • you can easily backup these units by copying the related file.

Very easy to set up and use.