By Tyler W
March 17, 2023
Encrypted Containers & Why We Love Them
My cybersecurity journey has taken me to all sorts of operating systems, however, as a result of my reliance on digital forensic tools I do sometimes find myself using Windows natively, which makes me nervous and uncomfortable (for reasons to be discussed at a later date). My experience with digital forensics has me aware that nothing is ever really secret on a computer, except maybe that information that is stored in an encrypted container. What is an encrypted container I hear you ask? Think of it as a portable USB drive that is permanently available on your computer, but not permanently connected. To be honest it is so much more than that, and definitely can be used in a removable USB drive as an added means of security; but lets stick to basics for the purpose of today.
There are a couple means of encrypting data and containers within any operating system, however, the current universal 'standard' is VeraCrypt, and utilises "...enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks...for standard containers and other partitions... VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool."
Time and time again we see human error as the weakest link in the cybersecurity chain, believing that we either won't be attacked, or that we will 'tidy up and secure' our machine a bit later on. Both are recipes for disaster. Deploying encryption containers assists you in both of these, in that you do not need to 'tidy up' your file directory if everything is hidden behind an encrypted container, and also, if you suffer an attack, they are unable to read your files, or damage the files, as they are behind, in this instance a VeraCrypt container.
There are many uses of these containers, and the FAQ section on VeraCrypt has significant information available for you to review, and consider your own use cases, however, I encourage you to commence deploying these now, and storing your sensitive files, or any files for that matter, behind / in an encrypted container. You can, for instance, easily enough create an encrypted volume for your "Downloads" folder, your "Documents" folder and your "Pictures" folder, or even look at encrypting an entire partition. There is no restriction to the container size, or what can be stored inside a container, and that is why I use the USB comparison. These containers can be stored in any location too, so you can hide these anywhere you like within the file directory to assist in removing your most precious data from plain sight.
As an example, lets say I wanted to create a 2gb container for some sensitive documents I am working on. I would simply follow these steps:
1. Within VeraCrypt select "Create Volume"
2. Select the type of container I want to create, in this instance I will create an encrypted file container.
3. Choose if you want a Standard VeraCrypt volume or a Hidden Veracrypt volume. Hidden volumes are great, and are perhaps more advanced, so for now, we will run with standard volume.
4. Specify the location and the name of the encrypted volume. As to my earlier point, you can make these look completely inconspicuous and save in an unexpected location. In this example, to "hide" the container, I have written is to C:\Windows\System32\ and the container is called "not_a_hidden_container" - what you call the container, and where you store it is entirely up to you.
5. Choose an encryption standard. If you are not sure what sort of encryption to use, continue with the default options (they are satisfactory).
6. Specify the size of the desired container. Remember it can be as big as your storage allows. In this example my container could not exceed 158.63GB. It is recommended to also use non-exact sizes so the containers do not look like an area of interest. For instance in this example I could have uses 2.12GB, which would provide a container size that may not arouse curiosity.
7. Choose a password...remember it needs to long, unique and complex (standard password protocols), and you can store this in your password manager.
8. Create the volume, and increase strength by moving your mouse, as encouraged, and then select format.
9. All going well you will have created a new container.
10. In order to access the container we need to mount the container. Back at the main menu to VeraCrypt, select a drive letter / location, then "Select File" and navigate to your encrypted container location, and select the container to mount.
11. Select mount and enter your password.
12. It should mount and be visible (with the letter you selected as the mount point) like an external drive in your file directory. Now you can navigate to this location, and save files, drag and drop, paste files create files, of any sort, up to the size of your container volume.
When you have finished simply unmount the container / drive, and it will cease being visible, and will not be able to read or written to.
From a data protection perspective it makes it extremely difficult to extract the data from within these containers. During a digital forensics investigation, if data is stored within an encrypted container (assuming it is using at least industry standard encryption protocols) extracting, and even identifying what is in the container is very difficult, and depending where your containers are stored, the containers may not even be located and investigated.
The tools are available to help us improve our own digital hygiene, and we should use these and stop storing our information in plain sight, just asking to be stolen or frozen away from us.
Encrypted containers are an incredibly useful and powerful tool, one I use everyday, and I encourage you to consider using them as well!