Users who want to encrypt the whole computer in one click, and do not need any additional functions - refer to the article Simple Interface.
The chapter explains the main steps in using BestCrypt Volume Encryption and provides referencies to corresponding articles explaining them in detail.
Main purpose of the software is to make a volume permanently encrypted so that unauthorized persons could not access any information on the volume.
The encrypted volume is protected by a password and optionally by removable hardware devices like SafeNet eToken or Yubikey device. The user can also move encryption key to regular USB removable disk.
If the user enters an appropriate password, BestCrypt Volume Encryption mounts the volume and starts transparently decrypting the data when reading from the volume. When the user decides to disable any access to the volume, he/she runs the dismount command. BestCrypt Volume Encryption forgets encryption key for the volume and stops transparent decrypting data stored on the volume.
It is recommended to use rescue commands to backup information about encrypted volumes. BestCrypt Volume Encryption creates so-called Rescue File with information about encrypted volumes. It would be wise to backup the file to some safe place, for example to removable disk, and use it to decrypt volume if some accidental damage occurs. Information inside Rescue File is encrypted exactly in the same way as on volumes, so there is no risk that someone who does not know the proper password can use the file.
If you encrypt Windows System/Boot volume, it is recommended also to create Rescue Bootable CD, USB or Floppy Disk. If the volume where Windows boots from becomes damaged, you will be able to boot computer using the Bootable Disk. Special recovering program will start from the disk and ask your confirmation to run decrypting process for the System/Boot volume(s).
BestCrypt Volume Encryption supports hardware removable devices (eToken, Yubikey, USB disk) to store encryption keys. If you use such device to store key for some encrypted volume and lose the device, you will not be able to access the volume. So it is recommended to backup the key to another device and keep it in a safe place. Managing Keys on Hardware Token article explains the backup process in detail.
If you have encrypted System/Boot volume, BestCrypt Volume Encryption software allows
customizing password-prompt text
appeared when you boot computer. Changing standard
Enter password > text
has a sense, for example, if you do not want to show everyone who may turn on your computer
what program requires the password. It is also possible to hide star characters (*)
reflecting password typing. You can easily make your computer showing your own fun text
to surprise your family or emulate hanging boot process, or make the computer showing
some standard text of an error in operating system at earlier boot up process time.
Although BestCrypt Volume Encryption does not require knowledge of physical location of volume on hard disks, the program has several commands allowing the user to view and even save and restore contents of physical disk sectors. The sectors can be viewed both in encrypted and decrypted states. The commands can be useful for deeper investigating of the software, as well advanced users may find it interesting to look at low-level contents of filesystem tables and other system data.