Is data still encrypted to a mounted TrueCrypt virtual drive if truecrypt process is not running?

1

I ask this because I found nothing on the manual and no one has asked this yet, it seems.

The context is the following: We know that TrueCrypt virtual drives remain mounted even when TrueCrypt is not running anymore. Also, I read that TrueCrypt never saves unencrypted data. I was testing/analyzing the program and accidentally terminated its process in task manager on Windows 7.

Even when TrueCrypt is (apparently) not running anymore, you can still save data to the drives (which in my case are mounted file containers).

There is no error message when running TrueCrypt afterwards, so is unencrypted data being saved to the volume or "TrueCrypt.exe *32" is just the GUI and the real thing (what performs the encryption and decryption) is running somewhere else safe from user mistakes?

Omen

Posted 2017-04-26T04:56:35.300

Reputation: 11

1Are there any other background TrueCrypt processes running? And I have absolutely no idea how TrueCrypt works behind-the-scenes so this is just an idea, but maybe the volume which is mounted as a disk uses a special driver that does the encryption. This would be separate from the main TrueCrypt GUI process. – Steve – 2017-04-26T05:03:27.490

1If such a thing exists, it doesn't have a very intuitive name. A background process is sensible in this context, however I seek a confirmation. Since I lack the knowledge and tools to look for it, I hope someone can point me some clue. Someone who knows more obscure parts of Win7, perhaps. – Omen – 2017-04-26T05:17:17.153

Answers

1

From the Truecrypt .pdf manual, in "Using TrueCrypt Without Administrator Privileges" section (there are more references in the manual, just an example):

In Windows, a user who does not have administrator privileges can use TrueCrypt, but only after a system administrator installs TrueCrypt on the system. The reason for that is that TrueCrypt needs a device driver to provide transparent on-the-fly encryption/decryption, and users without administrator privileges cannot install/start device drivers in Windows.

The main program is the element that let's you handle mount/dismount of the volumes, configuration, ... It's the device driver who handles data read/write.

note: At least in my portable Truecrypt copy the truecrypt.sys and truecrypt-x64.sys files are the indicated 32/64 bit device driver.

MC ND

Posted 2017-04-26T04:56:35.300

Reputation: 1 286

I see. I also use the portable TrueCrypt, so that paragraph may have slipped by me since it cites installation. Then, once TrueCrypt is run, the device driver is always running as well and cannot be easily stopped or terminated by a user? – Omen – 2017-04-26T19:27:48.643

@Omen, It can be stopped, but it is necessary to intentionaly request it to stop (if you have the rights to do it). – MC ND – 2017-04-26T20:01:14.283

Asked: 2017-04-26T04:56:35.300

Viewed: 70 times

Active: 2017-04-26T06:33:05.170