Swap File Encryption
BCWipe allows encrypting Windows Swap File. Swap File is the Windows system file that is used for the virtual memory support, and it can store parts of documents, you are working with, in plain form on the hard drive. Even when the documents are encrypted on a file level, Windows can put a whole document or part of it to the Swap file in plain form. Encryption keys, passwords and other sensitive information can also be swapped to hard drive. Even if you use all of the security advantages of the latest Windows versions, simple investigating of the Swap file in DOS mode may allow extracting a lot of information from the file.
How to activate Swap File Encryption
BCWipe Task Manager can be used to activate encryption of the swap file. To enable Swap File Encryption, run BCWipe Task Manager and click "CryptoSwap" in the right upper corner of the window. The following panel will appear:
Note: A similar window appears when you click Encrypt Swap File at the Wiping Options property page in the dialog window associated with Delete With Wiping or Wipe free space right-click menu commands.
To enable encryption of the swap file, click on the toggle or tick the Enable encryption of swap file checkbox.
Note: BCWipe will start (or stop) encrypting the Swap file after a reboot. If the computer is not rebooted after enabling the utility, Current status is reported as Not active, and vice versa - if you disable the utility and don't reboot, Current status will still be reported as Active.
Swap File Encryption utility (aka CryptoSwap) allows choosing one of the following encryption algorithms - Rijndael, Blowfish, GOST 28147-89 or Twofish.
Encryption key is generated from random statistics, like nanoseconds timing intervals, when Windows boots up, and new key is generated every time when computer is rebooted. For added security, the CryptoSwap utility does not store the key on the disk. Instead, the key is being erased every time you reboot the computer.
How Swap File Encryption utility works
Swap File Encryption utility (CryptoSwap) loads a low-level driver when Windows is started and before the operating system runs its virtual memory support mechanism and initializes the Swap File.
At the time of initialization the driver generates random encryption key, which is unique for the current Windows session. Encryption key is generated from random statistics, like nanoseconds timing intervals, and new key is generated every time you reboot computer. The CryptoSwap utility does not store the key somewhere on disk, it forgets the key when you reboot or shutdown computer.
The CryptoSwap driver intercepts all filesystem operations, like open/close, read/write file and others, detects requests to the system Swap File and encrypts data buffers when Windows writes something to Swap File. Similarly, when Windows reads data from Swap File, CryptoSwap decrypts the data. Hence, activity of the CryptoSwap utility is transparent for the operating system and for running applications.
About initialization of the swap file.
When you reserve, for example, 5 Mbytes of disk space for a regular new file, the operating system fills the reserved sectors with zeroes. But it is not happening with the Swap File. When Windows boots, it reserves disk space for the Swap File without overwriting the reserved disk space.
As a result, the following effect may occur. CryptoSwap starts encrypting all the read/write queries to the Swap File, but the activity on the computer is not too high, and there is no need to use the Swap File. Hence, encrypted information won't be written to the disk space, reserved for the Swap File.
Now we boot to DOS and notice that only a small part of the Swap File (pagefile.sys) has been encrypted, all the other space in the file is leftover data from what used to be on the disk. Since this leftover data might also contain some sensitive information, it is recommended to set the 🗹 Fill swap file with random data next time Windows starts (🗹 Initialize swap file by random data when Windows starts) checkbox.
Another solution is running Wipe Free Space command with Swap File Wiping option at least once, when you turn on encrypting Swap File for the first time. After that you do not have to use Swap File Wiping option at all, because contents of the Swap File will be encrypted.