Windows Registry

It is important to note that TrueCrypt provides plausible deniability only in the sense that it is impossible to prove that a file or a partition is a TrueCrypt volume and that a hidden TrueCrypt volume exists. Windows stores various data in the registry file, which TrueCrypt cannot securely and reliably erase. After examining the registry file, the attacker may be able to tell that TrueCrypt was run on the system, that a TrueCrypt volume was mounted (but he cannot tell/determine what the location/filename/size/type* of the volume was) and which drive letters have been used for TrueCrypt volume(s) (but he cannot determine the locations/filenames/sizes/types of the volumes).

Note: You can encrypt the registry file by encrypting the system partition/drive (for information on how to do so, see the chapter System Encryption). You may also want to consider creating a hidden operating system (for more information, see the section Hidden Operating System).