Veracrypt: A note for those doing full disk encryption:
I've said it here before many times but people just don't get it. I read the forums daily and constantly
see people who either can't login to their OS anymore or they just lost everything.
After seeing this guy yesterday who said his life was on an encrypted disk and now he can't open it,
I decided to post again here. DON'T DO DISK ENCRYPTION. USE A CONTAINER. This poor guy explains what happened
and it looks like Windows decided to initialize the drive because it had no standard signature.
This isn't a Veracrypt issue, it's a Windows issue and Microsoft has been denying it for more than 10 years.
It happened to me twice. There is no way to recover this by restoring a header or anything. There are people
here who will say "blah blah you don't know what you are talking about, I don't have a problem." Sure, so go ahead
and learn the hard way and ignore the pages of similar complaints in the Veracrypt forum. Of course the people
who lost everything didn't have a backup either. It's a terrible thing to lose everything you have and I hate having
to see it almost daily. Use containers.
The software approach offers several alternatives and gets a bit confusing;
hardware encryption may be the wave of the future (faster, OS-independent).
Or keep your most critical data in an encrypted container / virtual disk (an encrypted file that looks like a disk drive to the OS),
perhaps by using VeraCrypt or something similar.
A more limited solution: keep your most critical data in an encrypted text file
(perhaps by using
or something similar).
Bitlocker, 7-Zip, AxCrypt also can encrypt individual files or sets of files.
Best solution: full-disk encryption (FDE) plus encrypted containers for specific data.
Have each container open (decrypted, mounted) only when you are actually using that data.
Password-lock your device, unless you're using a theft-recovery product that prevents this.
Most of the theft-recovery products listed on this web page give you a "delete" or "shred"
capability: when the thief connects to the internet, a command comes from the
central site and all data on the hard disk is deleted. This prevents the thief
from reading your data. But it works only if the thief connects to internet before
trying to read your data, and if they haven't disabled the theft-recovery software somehow.
If your device contains account and password info, identity info, info about your family and friends,
then after a theft you'd have to take steps to avoid further damage. You'd have to change passwords, put out monitoring or alerts to prevent
identity theft, contact other people at risk, etc. What else is on the stolen device ?
Apps with registration codes or passwords stored in them,
email in-box with account and password data, bookmarks ditto, cookies, any data files you use to record accounts and passwords,
any BAT or CMD files with account/password in them.
Perhaps now, before any theft, you should evaluate your device. Does it
contain sensitive data that really doesn't need to be on there ? Or should
that data be encrypted ? Does the browser contain cookies that will give instant access to your email and Facebook accounts ?
After a phone or smart-phone is stolen, if you don't want to try theft-recovery, immediately report the theft to
your carrier, to avoid huge call charges. Do it immediately; you are liable for calls made until the time you report the theft,
and some gangs will make thousands of dollars of calls as quickly as they can after stealing the phone.
Double-check with your carrier to make sure they received and recorded the report of the theft; probably
a good idea to call them again and confirm it
Maybe report it online, and then call to confirm ?
Ask them to send an email confirmation to you.
A handset PIN doesn't protect you if the thief moves the SIM to another device.
Get your device back.
Solutions: etch your contact info onto the case of the device, inside
Use the theft-recovery software listed on this web page.
Keep a record of make, model, color, and serial numbers.
Probably a good idea to have digital pictures of the device, front and back,
to give to police.
Display your contact info on the lock screen or login screen or physical label, so if a Good Samaritan finds
your device, they can return it to you.
After a theft, report the theft to police, and
report the theft to the manufacturer or carrier (they'll probably require a copy of the police report).
Maybe report it to online databases, such as
Put up fliers in the area where it was stolen, offering a reward for return ?
Look for it on Craigslist or EBay, maybe in the section for your local area.
Also: the "devices" you need to protect include your computers, tablets, phones and any
backup media (external disks, tapes, flash drives, hard copies).
If your data is stored in phone's internal memory, having a passcode/PIN set will prevent thief from accessing your data.
[Except there are tools that can unlock a phone and extract data via USB cable ?
But some OS versions allow full encryption of data, which would prevent this ?]
Having a passcode/PIN set prevents thief from using your phone, even with another SIM inserted.
[But is there a hardware reset that wipes everything and sets back to defaults ?]
If phone has a SIM card, disabling service after the theft
is your only protection on access to the service.
Having a passcode/PIN set on the device doesn't stop thief from popping out the SIM card and using it in another phone.
But: some SIM cards do have a separate PIN for the card itself.
If phone has no SIM card, having a passcode/PIN set will prevent thief from using the service.
Maybe adapt some practices from the business world:
Inventory your physical assets: What devices do you have ? Record their model numbers and serial numbers.
Take pictures of them.
Inventory and classify your data: What data do you have ? How important is each type ? Your security info (usernames and passwords),
your financial data, personal data about other people, family memento data, job-related data, legal data, etc.
Inventory your software and configuration. If your computer is stolen and you have to load a new computer,
do you have a list of all the software you use ? Do you have any license keys ?
Inventory your network, in that you should know every device on it, and be able to notice any new devices that appear.
Have disaster plans: Suppose all of your devices were stolen ? Suppose a fire destroyed everything in your home ?
Evaluate vendors or services that are critical to you: Suppose your Facebook or Google or Apple account was deleted ?
Do your backups have Confidentiality, Integrity, and Availability ? Have you tested that you actually can restore from them ?
Will not survive a reformat-and-OS-reinstall by a thief.
LoJack / Absolute / Computrace:
$15 to $60 per year. Will survive a reformat-and-OS-reinstall by a thief, if they re-install the same kind
of OS you were using. If you're using Windows and the thief installs Linux, LoJack won't work.
$20 per year.
Will not survive a reformat-and-OS-reinstall by a thief. [Have to confirm this.]
Free if just using location-display feature;
$33/year or $3/month if using data-delete, multiple laptops, recovery assistance service.
Will not survive a reformat-and-OS-reinstall by a thief.
Can't find the price on their web site.
All of these products work by your computer sending "here I am" messages over the internet
to a central site. But if the thief breaks up your computer to sell for parts, or uses it
but never connects to the internet, the product won't work.
One note: if someone (a hacker or ex-spouse) finds out your theft-recovery password, they
might be able to tell the software to delete all of your data, even though your
device hasn't been stolen !
Password / login issues:
All of these theft-recovery products work by your computer sending "here I am" messages over the internet
to a central site. But a computer running Windows 7 Home can't access the internet until the user has logged in to Windows.
So the thief has to be able to get past the BIOS/firmware password prompt and the Windows password prompt.
There are three ways this could happen:
1- you always use your laptop with no passwords set, or
2- you have passwords set, but the thief resets the BIOS password and OS password (it can be done),
and then logs in, or
3- you have passwords set, but the thief resets the BIOS password (it can be done),
reformats the hard disk, installs a new OS, and then logs in.
In case (1) or (2), obviously a thief or casual snoop can log in right away, and read all of your files. Unacceptable.
Under Windows 7 Home Premium, there is no way to have a Guest account that can log in but then
be unable to read files.
In case (3), a few of these theft-recovery products can survive the reformat/re-install and
be capable of reporting their location when the thief eventually logs in and connects to the internet.
Case (2) or (3) represents a sophisticated thief; they could just pull out the hard disk and attach it to
another PC, so they could read your files that way. Unless you're using some special full-disk-encryption product.
And case (2) or (3), the sophisticated thief, probably would be aware of the existence of theft-recovery products.
So it seems to me that this is a Catch-22 situation: these theft-recovery products work best in case (1),
but that's the case where you've left your data most vulnerable to a naive thief or casual snoop.
And in case (2) or (3), nothing protects you very much from a sophisticated thief.
I believe Linux and Mac systems are slightly better than Windows in that: once the OS password prompt is displayed,
the machine can connect to the internet, even though the thief hasn't logged in to the OS.
The thief would still have to get past the BIOS password to get to this point.
So for Linux and Mac, if you set no BIOS password but do have an OS password,
the laptop might report its location while the thief is sitting there trying to guess your
What "location" information do you get once the thief has logged in and connected to the internet ?
You'd get the IP address. Maybe also the Wi-Fi or Ethernet network name ?
If your stolen device had a GPS in it, you could get latitude/longitude.
If your stolen device connects via cellular data-modem, you could get approximate latitude/longitude.
Software could use the list of visible Wi-Fi networks to calculate approximate latitude/longitude.
From the IP address, you could find the ISP's info, and contact them.
If the IP address is specific to a person or house, the identity of the thief is fairly clear.
But if the IP address maps to a public Wi-Fi spot (such as provided by a school or library or McDonald's or Starbucks),
or a private house that's running an open Wi-Fi signal, the identity of the thief is unclear.
Most products can use the laptop's webcam to take a picture of the thief, which helps.
The companies selling the commercial theft-recovery products may assist in the tracking and recovery process,
helping you follow the IP address, contact law-enforcement, etc.
Some users who had devices stolen report great cooperation from law-enforcement in recovering their property;
others report that police were uninterested in
helping them. Probably varies from town to town and country to country, and also depends on how much
info you can give to the police.