Note: To save space, only the menu items that are not self-explanatory are described in this documentation.

Volumes -> Auto-Mount All Device-Hosted Volumes

See the section Auto-Mount Devices in the chapter Main Program Window.

Volumes -> Save Currently Mounted Volumes as Favorite

This function is useful if you often work with more than one TrueCrypt volume at a time and you need each of them to be always mounted to a particular drive letter.

A list of all currently mounted volumes (and the drive letters they are mounted as) is saved to a file called Favorite Volumes.xml in the folder where application data are saved on your system (for example, in C:\Documents and Settings\YourUserName\Application Data\TrueCrypt). In traveler mode, the file is saved to the folder from which you run the file TrueCrypt.exe (in which TrueCrypt.exe resides).

Note that when you use this function, all dismounted volumes that were previously saved as “Favorite” will be deleted from the list of favorite volumes.

To mount volumes saved as “Favorite”, select Volumes -> Mount Favorite Volumes.

To delete the list of favorite volumes, dismount all TrueCrypt volumes, and select Volumes -> Save Currently Mounted Volumes as Favorite.

Volumes -> Mount Favorite Volumes

This function mounts volumes you previously saved as “Favorite”. For more information, see the section Volumes -> Save Currently Mounted Volumes as Favorite above.

Volumes -> Set Header Key Derivation Algorithm

This function allows you to re-encrypt a volume header with a header key derived using a different PRF function (for example, instead of HMAC-RIPEMD-160 you could use HMAC-SHA-512). Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will not be lost after you use this function. For more information, see the section Header Key Derivation, Salt, and Iteration Count.

Note: When TrueCrypt re-encrypts a volume header, the original volume header is first overwritten 200 times with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy [17] to recover the overwritten header (however, see also the chapter Security Precautions).

Volumes -> Change Volume Password

Allows changing the password of the currently selected TrueCrypt volume (no matter whether the volume is hidden or standard). Only the header key and the secondary header key (XTS mode) are changed – the master key remains unchanged. This function re-encrypts the volume header using a header encryption key derived from a new password. Note that the volume header contains the master encryption key with which the volume is encrypted. Therefore, the data stored on the volume will not be lost after you use this function (password change will only take a few seconds).

To change a TrueCrypt volume password, click on Select File or Select Device, then select the volume, and from the Volumes menu select Change Volume Password.

See also the chapter Security Precautions.

PKCS-5 PRF

In this field you can select the algorithm that will be used in deriving new volume header keys (for more information, see the section Header Key Derivation, Salt, and Iteration Count) and in generating the new salt (for more information, see the section Random Number Generator).

Note: When TrueCrypt re-encrypts a volume header, the original volume header is first overwritten 200 times with random data to prevent adversaries from using techniques such as magnetic force microscopy or magnetic force scanning tunnelling microscopy [17] to recover the overwritten header (however, see also the chapter Security Precautions).

Tools -> Clear Volume History

Clears the list containing the file names (if file-hosted) and paths of the last twenty successfully mounted volumes.

Tools -> Traveler Disk Setup

See the chapter Traveler Mode.

Tools -> Keyfile Generator

See the section Keyfiles -> Generate Random Keyfile in the chapter Keyfiles.

Tools -> Backup Volume Header

If you do not have enough free space to backup all files stored on your TrueCrypt volume, we highly recommend that you at least backup the volume header (using this function), which contains the master key (size of the backup file will be 1024 bytes). If a volume header is damaged, the volume is, in most cases, impossible to mount.

To backup a volume header, click Select Device or Select File and select the volume. Then click Tools -> Backup Volume Header. To restore the header, follow the same steps except the last where you select Restore Volume Header.

A TrueCrypt volume header backup is just an exact copy of the encrypted volume header(s). The backup file does not contain any additional information. TrueCrypt volume header backups cannot be decrypted without knowing the correct password and/or supplying the correct keyfile(s).

Note that both the standard volume header and the area where hidden volume headers are stored will be backed up (copied to the backup file), even if there is no hidden volume within the volume (to preserve plausible deniability of hidden volumes). However, when restoring a volume header, you will choose which header should be restored (hidden or standard). Only one volume header can be restored at a time. To restore both headers, you need to use the function twice (Tools -> Restore Volume Header).

WARNING: Restoring a volume header also restores the volume password that was valid when the volume header backup was created. Moreover, if keyfile(s) are/is necessary to mount a volume when the backup is created, the same keyfile(s) will be necessary to mount the volume again after the volume header is restored.

After you create a volume header backup, you might need to create a new one only when you change the volume password and/or keyfiles. Otherwise, the volume header remains unmodified so the volume header backup remains up-to-date.

Note that this facility can be used in a corporate environment to reset volume passwords in case a user forgets it (or when he/she loses his/her keyfile). After you create a volume, backup its header (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header backup (Tools -> Restore Volume Header).

Tools -> Restore Volume Header

If a TrueCrypt volume becomes impossible to mount, it is possible that its header is corrupted. If you backed up the volume header, use this function to restore it.

When restoring a volume header, you have to choose which header is to be restored (a hidden or a standard volume header). Only one volume header can be restored at a time. To restore both headers, you need to use this function twice (Tools -> Restore Volume Header).

WARNING: Restoring a volume header also restores the volume password that was valid when the backup was created. Moreover, if keyfile(s) are/is necessary to mount a volume when the backup is created, the same keyfile(s) will be necessary to mount the volume again after the volume header is restored.

Settings -> Preferences

Wipe cached passwords on exit

If enabled, passwords (which may also contain processed keyfile contents) cached in driver memory will be cleared when TrueCrypt exits.

Cache passwords in driver memory

When checked, passwords and/or p rocessed keyfile contents for up to last four successfully mounted TrueCrypt volumes are cached. This allows mounting volumes without having to type their passwords (and selecting keyfiles) repeatedly. TrueCrypt never saves any password to a disk (however, see the chapter Security Precautions). Password caching can be enabled/disabled in the Preferences (Settings -> Preferences) and in the password prompt window.

Open Explorer window for successfully mounted volume

If this option is checked, then after a TrueCrypt volume has been successfully mounted, an Explorer window showing the root directory of the volume (e.g., T:\) will be automatically opened.

Close all Explorer windows of volume being dismounted

Sometimes, dismounting a TrueCrypt volume is not possible because some files or folders located on the volume are in use or “locked”. This also applies to Explorer windows displaying directories located on TrueCrypt volumes. When this option is checked, all such windows will be automatically closed before dismounting, so that the user does not have to close them manually.

TrueCrypt Background Task – Enabled

See the chapter TrueCrypt Background Task.

TrueCrypt Background Task – Exit when there are no mounted volumes

If this option is checked, the TrueCrypt background task automatically and silently exits as soon as there are no mounted TrueCrypt volumes. For more information, see the chapter TrueCrypt Background Task. Note that this option cannot be disabled when TrueCrypt runs in traveler mode.

Auto-dismount volume after no data has been read/written to it for

After no data has been written/read to/from a TrueCrypt volume for n minutes, the volume is automatically dismounted.

Force auto-dismount even if volume contains open files or directories

This option applies only to auto-dismount (not to regular dismount). It forces dismount (without prompting) on the volume being auto-dismounted in case it contains open files or directories (i.e., file/directories that are in use by the system or applications).