Many thanks once again to the Guru for watching my back, rest assured I haven't forgotten you!An excellent summary of FDE via Truecrypt, if I may just pick up on a question PermanentlySpun ask.Heidi's Eraser (http://eraser.heidi.ie/) does allow you to wipe the free space on a magnetic hard drive to DoD standards (I think it's 3 or 7 passes perhaps someone can confirm?) There is also the Gutmann method which overwrites deleted data no less than 35 times.As Guru says however, Truecrypt can encrypt your Operating System in place. Any free space on your hard drive would be filled with random "chaff" data which is indistinguishable from the encrypted data when the drive isn't mounted. As such using data erasure tools is something of a moot point when your whole OS is encrypted.Some posters have also asked if they need to erase the free space on their HDD before encrypting their operating system using Truecrypt. It won't do any harm but there's no need. Whatever fragments of deleted files are left will be written over - I have only dabbled in digital forensics but have yet to hear of deleted files being covered post FDE in this way - perhaps once again our more technically minded users can confirm?If you have one of the newer Solid State Drives (as I do!) you'll find most traditional erasure methods won't work and full disk encryption if not set up properly can reduce the life of the drive, but I have an excellent tutorial on how to lessen this problem, feel free to send me a message.All the best,V.Quote from: Guru on May 16, 2012, 07:39 pmQuote from: PermanentlySpun on May 15, 2012, 04:23 pm@vlad1m1r Could you point to where we could learn how to encypt an entire drive? Everything I"ve read about truecrypt just talks about encrypting specific folders. Also, there doesnt seem to be a reliable way to DoD wipe unused space without wiping entire drives. I see people mention this all the time on the forums, but when actually digging into it every tutorial just explains how to wipe entire drives.See: http://www.truecrypt.org/docs/?s=system-encryptionSystem EncryptionTrueCrypt can on-the-fly encrypt a system partition or entire system drive, i.e. a partition or drive where Windows is installed and from which it boots.System encryption provides the highest level of security and privacy, because all files, including any temporary files that Windows and applications create on the system partition (typically, without your knowledge or consent), hibernation files, swap files, etc., are always permanently encrypted (even when power supply is suddenly interrupted). Windows also records large amounts of potentially sensitive data, such as the names and locations of files you open, applications you run, etc. All such log files and registry entries are always permanently encrypted too.System encryption involves pre-boot authentication, which means that anyone who wants to gain access and use the encrypted system, read and write files stored on the system drive, etc., will need to enter the correct password each time before Windows boots (starts). Pre-boot authentication is handled by the TrueCrypt Boot Loader, which resides in the first track of the boot drive and on the TrueCrypt Rescue Disk.Note that TrueCrypt can encrypt an existing unencrypted system partition/drive in-place while the operating system is running (while the system is being encrypted, you can use your computer as usual without any restrictions). Likewise, a TrueCrypt-encrypted system partition/drive can be decrypted in-place while the operating system is running. You can interrupt the process of encryption or decryption anytime, leave the partition/drive partially unencrypted, restart or shut down the computer, and then resume the process, which will continue from the point it was stopped.To encrypt a system partition or entire system drive, select System > Encrypt System Partition/Drive and then follow the instructions in the wizard. To decrypt a system partition/drive, select System > Permanently Decrypt System Partition/Drive.The mode of operation used for system encryption is XTS (see the section Modes of Operation). For further technical details of system encryption, see the section Encryption Scheme in the chapter Technical Details.Note: By default, Windows 7 and later boot from a special small partition. The partition contains files that are required to boot the system. Windows allows only applications that have administrator privileges to write to the partition (when the system is running). TrueCrypt encrypts the partition only if you choose to encrypt the whole system drive (as opposed to choosing to encrypt only the partition where Windows is installed).Guru