I'm trying to secure my laptop, so that if it gets stolen it would be difficult to access any data on it. I have installed Truecrypt and encrypted entire hard drive.
The problem is that to save time I very rarely shut down OS. Usually I just close the lid and laptop goes to sleep and OS is locked. If the laptop is stolen in such state when you open it you are prompted to provide the Windows user password to unlock it.
Are there ways to access windows or data on HD when it is in locked state and without restarting the laptop? Normally the password recovery/reset CDs require you to restart laptop and this is when disk encryption would provide protection. If there are ways to access data on HD without restarting the laptop, how could I prevent it?
I am aware that it is possible to decrypt the disk, but I'm not too paranoid about it and the level of protection it provides is ok for me.
As far as I'm aware, I don't think a program exists for what you want. The disk encryption utilities that I know of at the moment rely on you shutting down because they change the MBR code to allow you to decrypt the disk before Windows needs it - hence saving you from many problems. What you're after is entirely different, because Windows will already be loaded it cannot do it through the conventional MBR method, I don't think it's even possible without ripping the Windows OS apart and injecting your code everywhere. This is because when your laptop is in "Sleep" mode, the Windows files and services are already loaded, so if the disk gets encrypted then you won't be able to use your computer because there is no access to the disk.
That was horrible to explain, but I hope you understand? Please let me know if you don't and I'll give it another go
Tom, thanks for taking time to answer. I hope I understand correctly that essentially it will not be possible to access any data on my laptop without knowing user's password or decrypting the disk in a situation:
1. The entire HD is encrypted.
and
2. Windows is running, but is locked.
In other words, if there is out there some fancy software that you could for example plug into USB of a locked computer and it will allow you access without restarting computer.
Almost, it's impossible to encrypt and decrypt the partition that Windows is installed on whilst the computer is running Windows. It just doesn't work, the Windows files will be encrypted and unusable and you can't put a password in there because Windows wont allow it - it probably is possible but it would take a heck of a lot of modifying the core Windows files and I wouldn't even know where to start if I was asked to do that.
The only thing I can think of is to make sure your computer shuts down when the lid is closed, combined with you making sure that you have shut it down correctly (or you might be susceptible to Cold Boot Attacks).
If this is too much of an inconvenience for you, then I would suggest you store all of your important files in a TrueCrypt file container. Or partition your hard drive and put your documents on that partition and then encrypt the whole of that partition.
I really can't see a way that you could accomplish what you're after, sorry!
