Create and use TrueCrypt volumes
First, it might be necessary to set some preferences to ensure your encrypted data will not be accidentally accessible to others. Open TrueCrypt from Start menu/Start screen or by right-clicking the program's icon in Taskbar Notification Area (aka System Tray) and clicking the Show TrueCrypt command.
In TrueCrypt window, open Settings menu and click Preferences.
In the TrueCrypt - Preferences window, activate the Start TrueCrypt Background Task option. This ensures that TrueCrypt icon is available in Notification Area/System Tray.
In the Auto-Dismount section, always enable the User logs off and Force auto-dismount even if volume contains open files or directories options to prevent others from accessing your encrypted files. Those who have more at stake, should also enable the Screen saver is launched and Auto-dismount volume after no data has been read/written to it for 60 minutes check boxes for maximum security. The Entering power saving mode option is not that useful, as TrueCrypt has some difficulties with auto-dismounting volumes in such cases.
Please note that Auto-Dismount settings do not affect encrypted system drives or partitions.
Other settings are fine by default. Click OK.
TrueCrypt volumes are special encrypted containers that you can be mounted as virtual disks/drives. If you want to move your sensitive documents into a TrueCrypt volume, it must be large enough to contain these and preferably have some spare space for future expansion, too. A volume itself is actually a normal file and can be copied, moved or deleted as usual: you can even carry the volume with you on USB thumb drives or sync it using some cloud backup service.
Open Volumes menu in TrueCrypt main window and click Create New Volume.
TrueCrypt Volume Creation Wizard appears. Leave the default option, Create an encrypted file container selected and click Next.
In the Volume Type screen, click Next again to create a Standard TrueCrypt volume.
Click Select File in the Volume Location screen to select a folder and create a new file. Do not select any existing files here - these will be overwritten during the volume creation process!
Those who need more security should enable the Never save history option here.
Now a standard Windows browsing dialog opens. Open the folder you need and specify a new file name. To make the file automatically open with TrueCrypt after a double-click, add the extension ".tc" to the end of the file name - for example, "MyContainer.tc". To stay on safer side, add no extension to the file name or use some extension that makes people believe the file is not an encrypted volume - for example, ".avi" for larger encrypted volumes might trick others into thinking that this is a video file.
Again - do not select an existing file here - otherwise the file will be overwritten! You can move existing file to the encrypted volume later.
Click Next back in the Volume Location screen to move on to the Encryption Options dialog.
In most cases, the defaults (AES and RIPEMD-160) are fine as this is the fastest encryption-decryption option TrueCrypt offers. Those very concerned about security of their files can select even stronger algorithms for encryption and hashing, while sacrificing some speed of operation.
Click Next to move on.
In Volume Size screen, specify the size of the new volume. Amount of free space on selected drive is shown below. Please remember to create a volume that has some spare capacity for future growth.
Next, create a strong and unique password for the encrypted volume - and make the passphrase longer than usual (at least 20 characters). Try using free Password Safe for storing and auto-filling user names and passwords securely.
After filling Password and Confirm fields, enable the Use keyfiles option and click the Keyfiles button. Keyfiles will serve as additional protection for the volume and make cracking the protection much harder.
Keyfiles are files that should never change. If a keyfile changes, you will lose all access to your encrypted volume (unless you have a valid backup of keyfiles). That's why you should create new keyfiles instead of selecting existing files or folders.
Click Generate Random Keyfile on the bottom right of the TrueCrypt - Keyfiles window.
TrueCrypt Keyfile Generator opens. Move your mouse randomly in the window for at least 1 minute before clicking Generate and Save Keyfile.
Create and save at least two keyfiles this way.
Please store encrypted volumes and keyfiles in different folders to avoid easy guessing of your keyfile location. Do not use any variant of "keyfile" in the file name - use random names instead. If possible, save keyfiles to an external drive (USB thumb drive or a memory card) and keep a backup of the files.
Click Close after you are done.
After you've generated and stored all keyfiles, click Add Files back in the TrueCrypt - Keyfiles window.
Locate and select the keyfiles you just generated and click Open in common Windows browsing dialog.
Click OK in TrueCrypt - Keyfiles window after adding the keyfiles. Then, back in the Volume Password window, click Next.
If you specified a password shorter than 20 characters, TrueCrypt will warn you that such passwords are easy to crack. If your password is at least 12 characters long and you use at least 3 keyfiles, it is safe to click Yes here.
In the Volume Format window, select the filesystem you need. For encrypted volumes that will not store files larger than 4 gigabytes, FAT is fine. If you need to store large files or need additional file system security, select NTFS instead. Default cluster size is fine.
Depending on the size of the volume, it might take some time to create and format it. After the process is complete, click OK.
In the Volume Created window, click Exit if you do not want to create more encrypted volumes. If you do, click Next and start over.
To mount an existing encrypted volume, open TrueCrypt main window using its Taskbar Notification Area (System Tray) icon or Start menu.
Click any listed available drive letter and then click Select File. Those very concerned about the safety of their files should ensure that the Never save history option is active.
Locate the volume you want to mount and click Open.
Next, click Mount.
In the Enter password dialog, type the passphrase. Then turn on the Use keyfiles option and click Keyfiles.
The TrueCrypt - Keyfiles window, familiar from volume creation wizard, appears. Click Add Files.
Locate the keyfiles associated with the TrueCrypt volume and click Open.
Back in the TrueCrypt - Keyfiles window, click OK.
Back in the Enter password window, click OK.
If password and keyfiles were correct, the volume appears mounted in TrueCrypt main window.
TrueCrypt icon in Taskbar Notification Area will turn from blue to brown - this shows that a volume is mounted and encrypted files are usable.
You can now use the encrypted volume as any other drive - open it in Windows Explorer, create folders, copy, move and delete files, etc.
After moving files and folders to the volume, it is strongly suggested to wipe free space on your hard disk to prevent recovering the sensitive files using undelete software.
The mounted volume stays mounted as long as you log off Windows. If you have specified so in TrueCrypt preferences, the volume might be automatically dismounted when screen saver runs, or when no data has been read from or written to the volume within 60 minutes. The preferences are described in the very beginning of this article.
If you want to manually dismount a TrueCrypt volume, right-click TrueCrypt icon in Notification Area. Then use either Dismount All Mounted Volumes or Dismount <drive letter:> command.
Please note that the commands do not affect encrypted system drives or partitions.
A notification about this appears in Notification Area. If you dismounted all volumes, TrueCrypt icon turns blue. If you still have mounted volumes, the icon remains brown.