Getting Started Guide

Pretty much everything in FreeOTFE works as it seems, and should be fairly self explanatory. If there's anything you're not too sure of, most times an educated guess will give you the right answer.

• Installation/Portable mode
• Creating a new volume
• Mounting volumes
• Dismounting volumes
• Changing a volume's password

Before FreeOTFE can be used, it must first either be installed or started in portable mode.

Please see the section on Installation and Upgrading for instructions on how to do this.

In order to use FreeOTFE, you must first create a "disk image" (called a "volume") to represent your virtual drive.

This is a fairly straightforward process, and consists of using FreeOTFE to create a large file (or setup a partition) on your computer's hard drive.

This volume will hold an encrypted "disk image" of your virtual drive, and is where FreeOTFE will store all data written to your virtual drive.

This file (or partition) can subsequently be "mounted", at which point a virtual drive will appear on your computer - anything stored on one of these virtual drives will be automatically encrypted before being written to volume file.

To create a new volume, select "File | New..." menuitem to display the "new volume wizard", which will guide you through the process in a series of simple steps.

(PC version)	(PDA version)
New volume wizard

When prompted to select between creating a file or partition based volume, new users should select "File". This is the safer of the two options - partition based volumes are intended for more advanced users.

Some users who are unfamiliar with disk encryption systems may not understand all of the options they are presented with. If you feel that you are in this position, you should probably simply accept the default values you are presented with, which will give you a volume that will be secure enough for your needs.

FreeOTFE is a highly flexible system that caters for both novice and advanced users alike; many of the options that the volume creation wizard provides you with are intended for more advanced users who understand the implications of the options provided (e.g. storing a volume's CDB separately to the volume file it relates to), and how they operate.

You may want to create and use multiple volumes; one to store work related files, one for personal files, etc

Do not simply copy an existing volume file to create a new one - even if you change the password on the "new" volume. If you do this, both volumes will have the same encrypted master key, which reduces the amount of security offered.

Once you have created a volume, it must be "mounted" in order for it to appear as a virtual drive on your computer.

Select "File | Mount file..." menuitem to mount a file based volume, or "File | Mount partition..." to mount a partition based volume.

You will then be prompted to select which volume you wish to mount; do so, and click "OK" to display the password entry dialog.

You can also mount volumes by dragging and dropping the encrypted volume file onto the main FreeOTFE window.

(PC version)	(PDA version)
Password entry dialog

Enter your volume's password, and click "OK". If the correct password has been entered, the volume will be mounted and shown in the main FreeOTFE window.

To reduce the time taken FreeOTFE spends mounting volumes, see the FAQ How can I speed FreeOTFE up when mounting my volumes?

If this is the first time you have mounted a particular volume after creating it, you will need to format the virtual drive before it can be used. To do so, select the mounted volume shown in the main FreeOTFE window, and select the "Tools | Format..." menuitem. The standard MS Windows format utility will be displayed, and should be used to carry out the format.

To increase security, it is recommended that after a volume is formatted, it is overwritten with random data. However, this process can take some time and may be skipped if required. See section on plausible deniability for further details

Once mounted, a virtual drive can be used in the same way as any other drive (e.g. they will appear in Windows Explorer and in Open/Save dialogs shown by applications); transparently encrypting and decrypting your files as and when needed.

(PC version)	(PDA version)
Explorer showing mounted volume

You can have more than one volume mounted at the same time

Once you have finished using your secured drive, it should be "dismounted". This will remove the virtual drive, and wipe any sensitive information FreeOTFE has stored in the computers memory.

Select which volumes shown in the main FreeOTFE window you wish to dismount and click the "File | Dismount" menuitem; or use the context menu shown by rightclicking on one of the volumes shown (tap and hold, on the PDA version)

(PC version)	(PDA version)
Main window context menu

To quickly dismount all mounted volumes, use the "Dismount all" menuitem.

To change a volume's password (or a keyfile's password), select the "Tools | Change volume/keyfile password/details..." menuitem (or "Tools | Change password/details..." on the PDA version) to display the "change password wizard", which will guide you through the process in a series of simple steps. Note that volumes must be dismounted first before they can be modified in this way.

You may also change certain volume/keyfile details via this wizard; for example, the default drive letter which the volume will normally be mounted as. Advanced users may also change more technical details, such as the length of salt used in encrypting the volume's CDB/keyfile

In common with most disk encryption systems, FreeOTFE uses an "encrypted master key" system to secure volumes. Every FreeOTFE volume has its own "master encryption key" which is generated when the volume is created. This master key is used to carry out the actual encryption/decryption process used to secure data stored within the volume. A volume's master encryption key is, in turn, encrypted with the (PBKDF2 processed) user's password. As a consequence, FreeOTFE doesn't need to decrypt and re-encrypt the entire volume to change the user's password - only the encrypted master encryption key. This makes changing a volume/keyfile's password an extremely quick, and risk free, operation when compared to a complete volume re-encryption.