6

I would like to encrypt a single user profile but have been told EFS isn't the solution.

I have a laptop that I leave in my bag and use for work and private purposes. I want to secure data in case my laptop is stolen or lost, and also I would like a way to trace my laptop in such case in order to get it back. I have installed Prey (device tracking) for that.

Below are ideas I have so far with Pro's and Cons

  1. use Bitlocker/ full disk encryption

    • Pro: all data is secure in case laptop is stolen

    • Con: computer can't boot without password therefore unable to track laptop

  2. create encrypted container and move all documents, google drive, desktop shortcuts. have container mount on logon

    • Pro: data is secure, computer can boot/ be tracked, guest account can be made

    • Con: google drive will complain as it may startup before container is mounted, Risk of data leakage (such as web browsing data)

  3. create hidden OS using Veracrypt and create a decoy OS (with prey) with the decoy os decryption key stuck under the screen

    • Pro: data is secure, laptop can be tracked, no one would suspect there's a hidden OS as I'm obviously not very bright leaving the os decrypt key on a sticker

    • Con: quite a bit of administrative overhead

  4. buy a flush USB drive and install windows 10 (decoy) with Prey set as 1st boot device. Bitlocker main OS drive

    • Pro: data secure, device can be tracked, no google drive hackyness

    • Con: have to select correct boot device every time computer boots

What is the best way to go?

Azeezah M
  • 53
  • 4
Braxton Fland
  • 61
  • 2
  • 1
    since most criminals wipe the HDD of stolen hardware, why depend on that for tracing. if you really want to know where your laptop is. use a Track and trace module. (like this dutch one http://www.tracktrace.net/ ) As to what I would recommend for encryption, use a Full disc encryption with a separated (usb-)smartcard that holds the decryption key. This smartcard can be kept on your person and is much harder to steal than said laptop. and is temper and brute-force resistant. just like the SIM card in your phone. – LvB Jun 24 '16 at 08:27
  • 2
    On Linux, the first thing that runs after the kernel is the initrd, an archive containing required utilities (filesystem driver, crypto driver, etc) to decrypt and mount the root file system. You could make it so that it also has required networking drivers in there so that it connects to the Internet and reports its location without even needing to decrypt the root partition. – André Borie Jun 24 '16 at 11:21
  • 1
    i've found that most Criminals i've experienced will happily use a laptop without wiping it as long as they can use it. if it wants a decryption key they will then wipe it. – Braxton Fland Jun 25 '16 at 10:27

0 Answers0