Memory Dump Files

Note: The issue described below does not affect you if the system partition or system drive is encrypted (for more information, see the chapter System Encryption) and if the system is configured to write memory dump files to the system drive (which it typically is, by default).

Most operating systems, including Windows, can be configured to write debugging information and contents of the system memory to so-called memory dump files when an error occurs (system crash, "blue screen," bug check). Therefore, memory dump files may contain sensitive data. TrueCrypt cannot prevent cached passwords, encryption keys, and the contents of sensitive files opened in RAM from being saved unencrypted to memory dump files. Note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the computer is turned off). Also note that when a TrueCrypt volume is mounted, its master key is stored unencrypted in RAM. Therefore, we strongly recommend that you disable memory dump file generation on your computer at least for each session during which you work with any sensitive data and during which you mount a TrueCrypt volume. To do so in Windows XP/Vista, right-click the 'Computer' (or 'My Computer') icon on the desktop or in the Start Menu, and then select Properties > (Windows Vista only: > Advanced System Settings >) Advanced tab > section Startup and Recovery > Settings > section Write debugging information > select (none) > OK.

Note: If the system partition/drive is encrypted by TrueCrypt and if the system is configured to write memory dump files to the system drive, the TrueCrypt driver automatically prevents Windows from writing any data to memory dump files (for information on how to encrypt the system partition/drive, see the chapter System Encryption).