When you (or the operating system) defragment the file system in which a file-hosted TrueCrypt container is stored, a copy of the TrueCrypt container (or of its fragment) may remain in the free space on the host volume (in the defragmented file system). This may have various security implications. For example, if you change the volume password/keyfile(s) afterwards, and an adversary finds the old copy or fragment (the old header) of the TrueCrypt volume, he might use it to mount the volume
using an old compromised password (and/or using compromised keyfiles
that were necessary to mount the volume before the volume header was re-encrypted). To prevent this and other possible security issues (such as those mentioned in the section Volume Clones), do one of the following:
- Use a partition/device-hosted TrueCrypt volume instead of file-hosted.
- Securely erase free space on the host volume (in the defragmented file system) after defragmenting.
- Do not defragment file systems in which you store TrueCrypt volumes.
Next Section >>