Lazybit

PD Explorer is a free tool that enables you to explore Private Disk encrypted images even in the cases when Private Disk is not installed on the computer, even if you don't have administrative privileges.

You can view the contents of the encrypted disk, write or remove files from it - as you can normally do with an archive such as a ZIP file.

It is extremely simple in use, making it easy to add new files to the encrypted vault, delete or update existing files.

PD Explorer is compatible with NTFS images of any size, there are no file size restrictions, nor are there limitations about the maximum number of files that can be processed.

PD Explorer is a available for free, you can download it right now.

Most of us think that we're stuck with the letters assigned to the partitions by Windows - and that cannot be changed. C: will always be C: and D: will always be D:, etc.

If you are a Private Disk Light user, you may run into a problem - the disk cannot be mounted, because the letter it was supposed to be mapped to is already in use. Since Private Disk Light doesn't allow you to change the disk letter of the encrypted disk - you cannot access your data. There are several solutions to this problem.

Make sure the letters are available

Use the standard Disk Management tool (Start\Run\diskmgmt.msc) to modify the drive letter of an existing partition. You will see that letters can be changed at will, unless you're trying to change the letter of the system disk (in this case you will be trying to cut off the branch upon which you are standing).

Note that if you use NTFS, the partition can be mapped to a folder on another NTFS drive, not necessarily to a letter. Also, some partitions may not have a letter or a folder to which they are mapped - of course, the obvious disadvantage is that you won't be able to access them.

 

Install Private Disk (the non Light version)

With Private Disk, you get a lot of other security features, as well as many other handy features - among them is the possibility to edit the settings of an image and change its disk letter.

This approach is the opposite of the one. In the previous case we make available the desired letter, while in this one we "desire another letter".

You don't have to actually buy the program, you can make the changes while still in the trial mode (which is fully functional), and then go back to Private Disk Light. If you decide to stick to the full version, don't forget that you can get it for a discount.

Private Disk Explorer

PD Explorer is a new tool that is perfect for this job, if what you need is to simply extract the files from an encrypted image. Note that PD Explorer works with NTFS images, so it is not applicable if you have FAT32 or another file system.

This encrypted image browsing tool is not yet officially released, but you can get a copy from our forum.

Use another computer

Private Disk and Private Disk Light are both portable programs - they can run from removable disks without installation enabling you to encrypt a USB flash disk or a CD; all you need is another computer on which the disk letters you need are not in use.

It has been reported that in certain circumstances the system will shutdown instead of rebooting itself when the user restarts it while Private Disk is running and an encrypted disk is mounted.

This was a problem difficult to trace; while it repeats itself 10/10 times on a "problematic" machine, on "non-problematic" ones everything is working correctly and it is impossible to simulate the problem.

This is what makes it of reason to make an educated guess that this is caused by a third-party component present on the system, which somehow alters the standard behaviour of Windows. The tough part is that even when you think you have disabled all the non-standard programs, there is a myriad of low-level components that one can't see with the naked eye.

Full story »

A new beta of Logon for Vista is now available for download: http://files.dekart.com/beta/Logon-Vista-2230.msi It is not yet a final, and it does not provide all the features that are available in the non-Vista version. Here are some highlights that will be useful to you if you're planning to play with it:

• You must logon using a key once, in order to make the Dekart credential provider the default one;
• Press Other credential providers to choose key authentication;
• This version does not provide support for biometric authentication as a third factor, but the feature will be available in the next release;
• A restart after the installation is not needed;
• The current version cannot use keys created by the older version, therefore you should make a backup of your sensitive data.

The GUI of the key administration tool is not yet final, there will be changes here and there.

I am on Private Disk v 2.09. I close my files and every time I try to disconnect a drive letter I get the message:

There are files currently opened on disk Z:\

I feel that my data is not closing correctly. My question is how do I find out what file(s) are still open and how do I close them?

Quite often a volume can be used by a service, or another process that is running in the background - which makes it difficult to detect. In such cases, the best approach is to use a tool that monitors all the file activity that goes on in the system, and examine the list of processes that interfere with files located on the specific volume.

One such tool is Process Monitor; among many things, it can show which programs are working with data on a specific volume.

• Start Process Monitor and make sure the File System Activity monitor is enabled
• To simplify the task, create a new filter that will only show the activity that involves the volume you are interested in. The screenshot below illustrates how to add a rule that will only show which files are open on disk D:\
• As you can see, in this example the non-system programs that are using files on disk D:\ are TheBat, Trillian.

All you have to do is close these programs, and try to dismount the volume again.

If you see an unknown program accessing the volume, and you don't know how to close it (or you are not sure whether "killing the process" will have any serious consequences or not), look up the name of the program in a search engine and that will give you enough details to make a correct decision.

Earlier I explained how blue screens of death can be countered, today I will describe an alternative approach, which achieves the same result using different means.

Normally, the blue screen of death contains a driver name, and some addresses; if you're lucky, removing that driver will do the trick. But what if there is no driver name on the BSoD? And what if you don't have all the skills to play with crashdumps and debuggers?

In this case, Autoruns comes to the rescue. This is a graphical tool that allows you to disable/enable drivers in a very easy way.

The strategy:

1. Boot into safe mode (since the system is crashing when you attempt to boot normally);
2. Start Autoruns, and switch to the Drivers tab;
3. Go through the list, and uncheck the drivers that are suspicious;
4. Close the program, restart and boot normally

The steps above will be repeated until the system is able to boot correctly.

When that happens, remember what were the last changes you applied, and try to enable some drivers back - until you figure out which one of them was causing the issue.

The advantage of this method is that you can keep unchecking drivers without knowing what they do, because undoing any change is as easy as checking an item back (this is one of the coolest things about Autoruns).

What makes a driver suspicious?

When temporarily disabling a driver, you are not yet sure whether the driver in question is the culprit, so an educated guess is your best option. Start by unchecking:

• Non-Microsoft drivers (see the info in the Publisher column);
• Drivers that have a description that sounds like something you don't need;
• Drivers that don't have a publisher name, nor a description;
• Drivers the path to which points to an unknown location.

In the example above, I highlighted Private Disk's drivers, you can see the description and the vendor name - this illustrates how one can easily spot the modules related to an application.

Note: if you have a driver from 'Micr0soft' or "MlCROSOFT" (i.e. something that mimics the name of a well-known vendor), it is most likely a piece of malware, so you should not only disable it, but also figure out how it got in your system in the first place.

How to find the blue screening driver faster?

Usually one's technical knowledge provides sufficient data for a good guesstimate, but what if you have no clue where to start, and there are a lot of suspect items? In this case, try the binary search:

• Disable half of the items in the list of suspects;
• Reboot; if the problem persists - it is caused by an item in the other half;
• Go back, undo the previous changes and uncheck the items in the other half instead;
• Reboot; if the problem is gone - one of the disabled items was the problematic one;
• Go back, enable half of the half back;
• Reboot... repeat the previous steps.

The trick is in narrowing down the problem to as few items as possible. At each step the list of suspects is cut in two, so eventually you are left with one single item.

How to tune my Windows performance with Autoruns?

If you switch to the other tabs, you'll see a lot of other stuff that loads automatically when the system boots (drivers, services, applications in the registry, various shell extensions, etc). You can go ahead and uncheck the items that look suspicious - this will cut boot times, and make the system faster once it is loaded (since less stuff is loaded into RAM).

Beware of the fact that if you uncheck the wrong stuff, certain functionality will be lost, and the system may become partially unusable. Therefore be careful with the changes you apply:

• If not sure what an item means, look it up on the Internet;
• If something went wrong and you cannot boot, boot into Safe Mode and use Autoruns to check the item back.

Sometimes the standard behaviour of the Windows OS annoys the end user - this story is about NumLock and the fact that Windows sets it to an "off" state.

The easy way to make sure NumLock is automatically turned on when you logon is to

1. Turn NumLock on
2. Press Ctrl+Alt+Del
3. Log off

Next time you log on with your user - the state of NumLock will be set to the state it had when you logged off.

Now, that does work, but there is still another problem - when a user is not yet logged on, NumLock is off. The explanation is simple - since nobody is logged on yet, Windows does not know which user profile to use (this is the beauty of a multi-user OS).

To deal with this, follow these simple instructions:

1. Start the registry editor (Start\Run...\regedit)
2. Open HKEY_USERS\.DEFAULT\Control Panel\Keyboard
3. Change the value of InitialKeyboardIndicators to 2
4. Set NumLock on
5. Ctrl+Alt+Del
6. Log off

An alternative is to create a .REG file with this contents, then merge it into the registry

Windows Registry Editor Version 5.00

[HKEY_USERS\.DEFAULT\Control Panel\Keyboard]
"InitialKeyboardIndicators"="2"