Encrypting a USB Flash Drive in Windows 10

Home > Videos > Windows 10 > Encrypting a USB Flash Drive in Windows 10

Encrypting a USB Flash Drive in Windows 10

Hi, my name is Mike Danseglio. I’m an instructor here at Interface Technical Training. I want to talk a little bit about encrypting USB flash drives with Windows 10. The concept of protecting data when it’s on a USB flash drive is not a new concept.


BitLocker 2-day instructor-led training is now available at Interface:
BITLOCK: Planning and Deploying BitLocker Drive Encryption Training


When files are portable on USB stick, they might get lost at, let’s say, Starbucks, or on an airplane, or on a bus, or at a friend’s place, something like that. You don’t want your sensitive data to be compromised potentially by whoever happens to find that USB flash drive at any given time. Given that they’re so inexpensive and so small, they get lost a lot.

An important concept here is just protecting that data to make sure you are the only person that has access to that data no matter who happens to find this flash drive wherever you happen to lose it. That’s what I’m going to show you with Windows 10 and a built‑in feature in Windows 10 called BitLocker.

In particular, BitLocker has a component called BitLocker To Go which allows us to encrypt data on a USB flash drive. I’m going to show you how to do that using a few flash drives that I happen to have over here. First thing we obviously need is a USB flash drive. I’m going to use, let’s say…Hello Kitty is probably a good choice.

Here’s Hello Kitty. That’s going to be my data drive. I’m going to plug Hello Kitty into our USB hub. Then I’m also going to plug a second drive, a really boring USB flash drive in as a second flash drive. I’ll show you why I do that in just a moment. It’s an important part of actually having some redundancy or some recoverability.

Now that I’ve got those in there and Windows 10 has found them both, as you saw. I can show you a little bit about how to use them, how to actually encrypt the data on there. What I’ll do is I’ll fire up File Manager and make sure I can see the drives. I’ve got Kitty drive here and boring drive. You can kind of surmise based on the name which drive is which.

Kitty drive, I can access it just like any other flash drive. I can create files on it. In fact, I’ll create a quick one just to show you that it’s got nothing special on it. Let’s see sample.txt, and we’ll sample text. Now, we’ve got a file there. Don’t really need a file there, but it’s always healthy to have one just to show.

Now, I want to encrypt that drive so that no one else that finds the drive accidentally or steals it on purpose can have access to that file or anything else on there. I’ll click on the Windows flag in Windows 10. I’ll type in BitLocker. You’ll see Manage BitLocker comes up pretty darn quickly. Click here, and then this is BitLocker.

BitLocker lets us encrypt both the local drive, which is kind of a common thing for people to do ‑‑ local drive on a computer, on a laptop, anything like that ‑‑ but also on removable drive. Like on our Kitty drive, you’ll see BitLocker is off.

We want to turn BitLocker on on Kitty drive. BitLocker will fire up and then start checking the drive to make sure it’s got all the necessary components, make sure it can make space for the little bit of data it needs to store for the encryption, make sure it can properly encrypt the drive without losing data.

It runs a check for a few moments. This will depend on the speed of the USB drive, the USB flash memory. Once that’s done, BitLocker comes up and says, “Great! I’ll need either a password or a smart card to unlock this drive.” Every time you put this drive in a USB port, you’re going to need to provide either a password or a smart card.

Most folks are going to wind up using passwords so we’ll provide a little password here. I won’t tell you what my password is, but it’s the word “password” because this is a demo. I’m done here.

Probably the most important part for most users is the recovery key. The recovery key is what lets us get the data back if we lose the password. If we lose the password that we just typed in a moment ago or forget it, we’re going to need a recovery key. Otherwise, the data is lost. Otherwise, there’s no way to unencrypt it. We’ll just have to reformat the drive, losing the data.

When I click to Save to a File…This why I had to add that second USB drive in. BitLocker is smart enough to know I don’t want to store the recovery key on the same drive I’m encrypting. I don’t want to store the recovery key on the main hard drive. I want to make sure it’s somewhere else so that it has distance from the actual data it’s protecting, so I have to use a third drive.

Right here, I’m going to save it to the boring drive. Now that I’ve saved the recovery key, I can go ahead and answer the question whether I want to encrypt just the space in use or all of the space on Hello Kitty. It’s efficient to do the Used Disk Space Only on new disks because new disks don’t have very much data written to them.

However, if Hello Kitty had been used for a while, if Hello Kitty had been dirtied with a bunch of data over time, probably want to encrypt the entire drive. Because this is a demo, we’ll assume that it’s a new drive. We’ll choose Used Disk Space Only. Click Next. We’re going to then answer the question of, “Do I want this drive to be able to be used in older version to Windows?”

If we select that option, we’re going to use older cryptography which is not a very good idea, not as efficient. It’s not a horrible trade‑off, to be honest, but whenever possible, we’re going to want to use the newer version of the encryption algorithms that Windows 10 provides.

We’ll stick with new encryption mode in this case. You can read the text right here. We’ll tell you pretty clearly what the trade‑offs are in this choice. Now, we can go ahead and start encrypting. It tells us right here. It’s going to take a little while. Hello Kitty will take a little while before encryption is finished, but it’s encrypting already.

Chug‑a‑chug‑a‑chug. The drive is encrypting. It won’t take very long. Once it’s done encrypting, we can actually take it out, use it. Even before we take Hello Kitty out and use it, as long as encryption has started, the data is being protected. Certainly, gradually, we want to leave it in until it’s finished.

If we pulled it out right now, it wouldn’t really cause any reparable harm to the drive. The encryption would just continue where it left off the next time it gets inserted in a machine. That’s pretty much it for Hello Kitty. It’s encrypted.

After that, once I take that drive out of this machine into any other machine or even take it out of this machine and put it back in, I’m going to get prompted for the password again. If I don’t type the password, Hello Kitty will stay protected. That’s it. That’s how you encrypt a USB drive in Windows 10.


BitLocker 2-day instructor-led training is now available at Interface:
BITLOCK: Planning and Deploying BitLocker Drive Encryption Training


Videos You May Like

Government Edition – Encrypting a USB Flash Drive in Windows 10

0 222 2

In this video, Security Instructor Mike Danseglio demonstrates how to use BitLocker in Window 10 to secure files on a USB Flash drive that adhere to stricter data protection requirements as found inside Government entities. BitLocker 2-day instructor-led training is now available at Interface: BITLOCK: Planning and Deploying BitLocker Drive Encryption Training Video Transcription: Hi. … Continue reading Government Edition – Encrypting a USB Flash Drive in Windows 10

Creating Users and Managing Passwords in Microsoft Office 365

0 675 3

In this Office 365 training video, instructor Spike Xavier demonstrates how to create users and manage passwords in Office 365.   For instructor-led Office 365 training classes, see our course schedulle: Spike Xavier SharePoint Instructor – Interface Technical Training Phoenix, AZ 20347: Enabling and Managing Office 365    

Detailed Forensic Investigation of Malware Infections – April 21, 2015

4 630 5

How does an investigator hunt down and identify unknown malware? In this recording of our IT Security training webinar on April 21, 2015, Security expert Mike Danseglio (CISSP / CEH) performed several malware investigations on infected computers and identify symptoms, find root cause, and follow the leads to determine what’s happening. He demonstrated his preferred … Continue reading Detailed Forensic Investigation of Malware Infections – April 21, 2015

Write a Comment

See what people are saying...

    Share your thoughts...

    Please fill out the comment form below to post a reply.