Note: The issue described below does not affect you if the system partition or system drive is encrypted (for more information, see the chapter System Encryption) and if all paging files are located on one or more of the partitions within the key scope of system encryption, for example, on the partition where Windows is installed (for more information, see the fourth paragraph in this subsection).
Paging files, also called swap files, are used by Windows to hold parts of programs and data files that do not fit in memory. This means that sensitive data, which you believe are only stored in RAM, can actually be written unencrypted to a hard drive by Windows without you knowing.
Note that TrueCrypt cannot prevent the contents of sensitive files that are opened in RAM from being saved unencrypted to a paging file (note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM).
To prevent the issues described above, encrypt the system partition/drive (for information on how to do so, see the chapter System Encryption) and make sure that all paging files are located on one or more of the partitions within the key scope of system encryption (for example, on the partition where Windows is installed). Note that the last condition is typically met on Windows XP by default. However, Windows Vista and later versions of Windows are configured by default to create paging files on any suitable volume. Therefore, before, you start using TrueCrypt, you must follow these steps: Right-click the 'Computer' (or 'My Computer') icon on the desktop or in the Start Menu, and then select Properties > (on Windows Vista or later: > Advanced System Settings >) Advanced tab > section Performance > Settings > Advanced tab > section Virtual memory > Change. On Windows Vista or later, disable 'Automatically manage paging file size for all drives'. Then make sure that the list of volumes available for paging file creation contains only volumes within the intended key scope of system encryption (for example, the volume where Windows is installed). To disable paging file creation on a particular volume, select it, then select 'No paging file' and click Set. When done, click OK and restart the computer.
Note: You may also want to consider creating a hidden operating system (for more information, see the section Hidden Operating System).
Next Section >>