Paging File

Note: The issue described below does not affect you if the system partition or system drive is encrypted (for more information, see the chapter System Encryption) and if all paging files are located on one or more of the partitions within the key scope of system encryption (which they typically are, by default), for example, on the partition where Windows is installed.

Also called 'swap file'; Windows uses this file (usually stored on a hard drive) to hold parts of programs and data files that do not fit in memory. This means that sensitive data, which you believe are only stored in RAM, can actually be written unencrypted to a hard drive by Windows without you knowing.

TrueCrypt always attempts to lock the memory areas in which cached passwords, encryption keys, and other sensitive data are stored, in order to prevent such data from being leaked to paging files. However, note that Windows may reject or fail to lock memory for various (documented and undocumented) reasons. Furthermore, TrueCrypt cannot prevent the contents of sensitive files that are opened in RAM from being saved unencrypted to a paging file (note that when you open a file stored on a TrueCrypt volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM).
Therefore, the TrueCrypt installer disables paging files by default when TrueCrypt is installed or updated. However, note that this is not performed if the user configures the installer to not disable paging files, or if the installer is running under Windows 2000 (see below), or if he/she runs TrueCrypt in traveler mode. We strongly recommend that Windows XP/Vista users disable the paging file feature, at least for each session during which they work with sensitive data and during which they mount TrueCrypt volumes. To do so, right-click the 'Computer' (or 'My Computer') icon on the desktop or in the Start Menu, and then select Properties > (Windows Vista only: > Advanced System Settings >) Advanced tab > section Performance > Settings > Advanced tab > section Virtual memory > Change > No paging file > Set > OK.

To our best knowledge, Windows 2000 users cannot disable the paging file feature completely. We recommend that Windows 2000 users configure their Windows security settings to clear the paging files every time the system shuts down (refer to your Windows manual or www.microsoft.com for more information).

Solution: Encrypt the system partition/drive (for information on how to do so, see the chapter System Encryption) and make sure that all paging files are located on one or more of the partitions within the key scope of system encryption (which they typically are, by default), for example, on the partition where Windows is installed

Note: You may also want to consider creating a hidden operating system (for more information, see the section Hidden Operating System).