This project has moved. For the latest updates, please go here.

Do we leave traces of the files accessed in encrypted volumes?

Topics: Users Discussion
Jul 18, 2015 at 3:59 PM
I was just wondering about one thing. If someone has his documents and nudes of his girlfriend in a veracrypt encrypted partition, after accessing those files and then eventually dismounting the volume, will someone be able to find traces of it in the system? For example, cached versions of the text files, thumbnails and things like that?

If yes, how do I prevent it? CCleaner drive wiper/Eraser each time I access my files?
Full encryption?

Thank you
Coordinator
Jul 19, 2015 at 8:46 AM
Leaks of usage history and other information depend on the used application and also the operating system. It is up to you to do the necessary checks and actions to avoid any leaks since VeraCrypt only protects the storage not the usage. You can use dedicated software that help remove usage traces but be aware that they only handle known locations of the system so if you use an application that is not recognized by the tool and that is writing information to non-standard location, you ma still have information leak. Also, beware that Windows uses a paging file mechanism where portions of the RAM may be written to disk: this can also be a source of leak.

Indeed, full system encryption is the only solution to guarantee that unauthorized people can't get hold on your information and usage history.

I encourage you to read VeraCrypt documentation parts that deals with these questions:
Jul 22, 2015 at 9:05 PM
Perfect answer from idrassi!
Still, if one wants to avoid full system encryption, at least the following precautions should be made:
  1. Turn OFF hibernation.
  2. Turn on swap(page) file encryption. There is MS utility called FSUTIL, which should do the job. Anyone out there who knows how it encrypts the page file? There is absolutely no official MS information available so FSUTIL is still a mystery to me.
  3. Use third party utilities like CCleaner to periodically clean junk and wipe free space on the unencrypted volumes. Make sure to manually enter some folder destinations which may store temp information from your application. Memory dumps have to be cleared too (you have to set it ON in CCleaner, as i believe by default it is turned off).
Jul 23, 2015 at 4:37 AM
Hey guys, thank you for the answers.
I think I'll go with the full system encryption, it's too much work to be cleaning free space every time I access my files (and I've been told it's not a good thing for the HD to be wiping free space so frequently), full encryption seems like a much simpler solution to my problem.

Again, thank you and feel free to leave more advices :]
Regards,
John G.