Then the person can just browse the data from the victim's drive and copy it to some other desired location. The only way to save yourself against this is by encrypting data on your disk. There are many ways by which you can encrypt your data, but the most hassle free and safe mechanism is by using TPM or Trusted Platform Module. This is essentially a chip which resides on the motherboard and is used for storing the public key generated while encrypting data.

The data can be easily encrypted by tools such as BitLocker, which come with Windows Vista Ultimate and Business Edition and other third party software, but with TPM the benefit you get is that you don't have to store the public key to a USB drive, and connect it every time to access your data.

At the same time it makes sure that no one can read the data in the disk unless and until the disk is accessed from the same machine, through the same OS and even from the same channel of the hardware connector connecting the disk with the motherboard. We actually tried testing the level of security by booting the machine with a Live OS and by taking the disk out and connecting it to another machine.

In the case of a Live OS, the encrypted partition didn't even get mounted and the command gave a file system error. In the second case, again we were not able to read anything from the disk. This clearly states that after encrypting your hard drive you can actually make your data invisible to others. Here, the only weak link could be your password, because once you logon to Windows Vista with your password, then only you can read your data. So while using this encryption tool, please make sure that you use a very strong password else it can be compromised.

Installation

Unlike a standard application in Windows, this installation is pretty complex and asks you to run quite a few commands. The best time to configure your machine to the state where BitLocker can run on it is while doing a fresh install. This is because Windows Vista can only run BitLocker when you have a very specific disk partition structure. And some of those requirements can only be fulfilled while doing a fresh install. There is a tool called BitLocker Drive Preparation Tool from Microsoft which can help you do the partition settings on an installed machine. But it's a bit more complex and even risky as you might experience loss of data. So, we talk about how you can install BitLocker on a fresh machine.

Before we begin, let's first identify what all you shall need. You will of course need TPM in the machine where you try to run BitLocker. You will then need Windows Vista Ultimate or Business Edition or for that matter even Windows 7. Then you will need to start the installation of Windows Vista and create two partitions. One partition will be the system partition which will have the Windows folder and will be used as C drive and shall later be encrypted. The other one will be a small, around 1.5 GB partition. This will work as the boot partition and will not be encrypted, so that the machine can boot with the OS. To do so, first boot your machine with the Windows Vista DVD. And when it gives you the option, 'Install Now,' look at the bottom left corner. You will see another option that says, 'Repair your Computer.' Select this option and you will see a list of utilities. In this list, select and click on 'Command Prompt.' When the command prompt opens up, run the following command:

Note that we are assuming that the machine doesn't have any data and is going to be freshly installed. So if you have any data in the drive please back it up else it will be lost.

X:\ diskpart
Diskpart> select disk 0
Diskpart> clean
Diskpart> create partition primary size=1500
Diskpart>Assign letter=S
Diskpart>active
Diskpart>create partition primary
Diskpart>assign letter=C
Diskpart>exit

Running these commands shall create a partition of 1.5 GB which is active and will be used for booting and another system partition that has the rest of the space on the disk. Now you will need to format these partitions. To do so run:

X:\format c: /q /fs:NTFS
X:\format s: /q /fs:NTFS

Once the partitions have been formatted, exit this wizard and go back to the 'Install Now' window by clicking on the close button. Once you are back, you can just continue the standard Windows installation process. As the first boot partition is only 1.5 GB the installer will never take it as the system partition, so you have to select the other partition for the system drive.

Once the installation is over, boot on to the OS and run the BitLocker wizard from the Control Panel. If your machine has an installed TPM chip and you have done the partitioning correct, it will not give you any warning and you will see an option which says 'Turn On BitLocker.' Click on that link. It should give you a message that it needs to turn on TPM from BIOS and for that it needs to reboot. Follow the instructions and click on the reboot button.

Recovery password

After the system has rebooted, you might see a BIOS message that asks you to press a key to turn on TPM from BIOS. Please follow the step instructions. Once the machine reboots, it will automatically continue the BitLocker wizard. First it will ask you where you want to take a backup of your recovery password or key. Here you can either save it to a USB drive or to a folder or just take a printout.