Beginner's Tutorial

System Encryption

 Supported Systems

 Hidden Operating System

 Rescue Disk

Plausible Deniability

 Hidden Volume

  Protection of Hidden Vol.

  Security Requirements

 Hidden Operating System



Hardware Acceleration

Encryption Algorithms





Hash Algorithms




Technical Details


 Encryption Scheme

 Modes of Operation

 Header Key Derivation

 Random Number Gen.


 Volume Format Spec.

 Standards Compliance

 Source Code

TrueCrypt Volume

 Creating New Volumes

 Favorite Volumes

 System Favorite Volumes

Main Program Window

 Program Menu

 Mounting Volumes

Supported Systems

Portable Mode


Tokens & Smart Cards

Language Packs

Hot Keys

Security Model

Security Requirements

 Data Leaks

  Paging File

  Hibernation File

  Memory Dump Files

 Unencrypted Data in RAM

 Physical Security


 Multi-User Environment

 Authenticity and Integrity

 New Passwords & Keyfiles

 Password/Keyfile Change

 Trim Operation


 Reallocated Sectors


 Journaling File Systems

 Volume Clones

 Additional Requirements

Command Line Usage

Backing Up Securely


 Use Without Admin Rights

 Sharing over Network

 Background Task

 Removable Medium Vol.

 TrueCrypt System Files

 Removing Encryption

 Uninstalling TrueCrypt

 Digital Signatures



Issues and Limitations


Future Development


Version History



Security Requirements and Precautions >  Data Leaks >  Memory Dump Files Search


Please consider making a donation.

   Donate Now >> Donate   

Memory Dump Files

Note: The issue described below does not affect you if the system partition or system drive is encrypted (for more information, see the chapter System Encryption) and if the system is configured to write memory dump files to the system drive (which it typically is, by default).

Most operating systems, including Windows, can be configured to write debugging information and contents of the system memory to so-called memory dump files (also called crash dump files) when an error occurs (system crash, "blue screen," bug check). Therefore, memory dump files may contain sensitive data. TrueCrypt cannot prevent cached passwords, encryption keys, and the contents of sensitive files opened in RAM from being saved unencrypted to memory dump files. Note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off). Also note that when a TrueCrypt volume is mounted, its master key is stored unencrypted in RAM. Therefore, you must disable memory dump file generation on your computer at least for each session during which you work with any sensitive data and during which you mount a TrueCrypt volume. To do so in Windows XP or later, right-click the 'Computer' (or 'My Computer') icon on the desktop or in the Start Menu, and then select Properties > (on Windows Vista or later: > Advanced System Settings >) Advanced tab > section Startup and Recovery > Settings > section Write debugging information > select (none) > OK.

Note for users of Windows XP/2003: As Windows XP and Windows 2003 do not provide any API for encryption of memory dump files, if the system partition/drive is encrypted by TrueCrypt and your Windows XP system is configured to write memory dump files to the system drive, the TrueCrypt driver automatically prevents Windows from writing any data to memory dump files.

  Next Section >>

Legal Notices