Jane_G wrote:
> What is a good filespec to hold an encrypted volume on WinXP?
>
> Based on extensive googling, I installed the TrueCrypt freeware disk
> encryption to safeguard my private files on a rather public computer.
>
> TrueCrypt requires a file name to contain the rather large encrypted volume
> file even if a hidden volume is used inside the regular encrypted volume.
> For example, the file name containing the encrypted volume could be
> C:\Documents and Settings\Administrator\My TrueCrypt Encrypted Volume.bin
>
> To contain the TrueCrypt encrypted volume, I can choose any file name and
> location that doesn't already exist. But, my question is what file name and
> location would arouse the least suspicion were a coworker to be snooping
> around looking for my personal data on my WinXP computer?
>
> Specifically what binary file could reasonable be expected to be a few
> megabytes in size, yet have a normal sounding name in a normal sounding
> location containing "gibberish" (ie encrypted data) that would not arouse
> suspicions that it is actually a TrueCrypt encrypted volume?

Look at the _hidden_ uninstall service pack directories in a typical
Windows XP installation. They are in the \Windows directory, usually,
with folder names like '$NTUninstallKB999999_0$' and they typically
contain dll files. Create one that does not exist in real
life--probably a directory name starting with $NTUninstallKB0 since all
the current KB numbers are larger than that. Create the file as a
hidden .dll file there. Since the folder will not be listed as a
service pack in the registry, the system unistaller ought to ignore it,
AFAIK. And those directories are a hidden forest that almost nobody
but M$ understands :).