Operation Manual
92
you need to work with sensitive data, boot such a live CD/DVD. If you use hidden
volumes, follow the security requirements and precautions listed in the subsection
Security Requirements and Precautions Pertaining to Hidden Volumes. If you do no
use hidden volumes, ensure that only non-system partition-hosted VeraCrypt
volumes and/or read-only filesystems are mounted during the session.
Paging File
Note: The issue described below does not affect you if the system partition or system drive is
encrypted (for more information, see the chapter System Encryption) and if all paging files are
located on one or more of the partitions within the key scope of system, for example, on the
partition where Windows is installed (for more information, see the fourth paragraph in this
subsection).
Paging files, also called swap files, are used by Windows to hold parts of programs and data files
that do not fit in memory. This means that sensitive data, which you believe are only stored in
RAM, can actually be written unencrypted to a hard drive by Windows without you knowing.
Note that VeraCrypt cannot prevent the contents of sensitive files that are opened in RAM from
being saved unencrypted to a paging file (note that when you open a file stored on a VeraCrypt
volume, for example, in a text editor, then the content of the file is stored unencrypted in RAM).
To prevent the issues described above, encrypt the system partition/drive (for information on
how to do so, see the chapter System Encryption) and make sure that all paging files are located
on one or more of the partitions within the key scope of system encryption (for example, on the
partition where Windows is installed). Note that the last condition is typically met on Windows XP by
default. However, Windows Vista and later versions of Windows are configured by default to create
paging files on any suitable volume. Therefore, before, you start using VeraCrypt, you must follow
these steps: Right-click the ‘Computer’ (or ‘My Computer’) icon on the desktop or in the Start
Menu, and then select Properties -> (on Windows Vista or later: -> Advanced System Settings ->)
Advanced tab -> section Performance -> Settings -> Advanced tab -> section Virtual memory ->
Change. On Windows Vista or later, disable ‘Automatically manage paging file size for all drives’.
Then make sure that the list of volumes available for paging file creation contains only volumes
within the intended key scope of system encryption (for example, the volume where Windows is
installed). To disable paging file creation on a particular volume, select it, then select ‘No paging
file’ and click Set. When done, click OK and restart the computer.
Note: You may also want to consider creating a hidden operating system (for more information,
see the section Hidden Operating System).
Memory Dump Files
Note: The issue described below does not affect you if the system partition or system drive is
encrypted (for more information, see the chapter System Encryption) and if the system is
configured to write memory dump files to the system drive (which it typically is, by default).
Most operating systems, including Windows, can be configured to write debugging information and
contents of the system memory to so-called memory dump files (also called crash dump files)
when an error occurs (system crash, "blue screen," bug check). Therefore, memory dump files
may contain sensitive data. VeraCrypt cannot prevent cached passwords, encryption keys, and the
contents of sensitive files opened in RAM from being saved unencrypted to memory dump files.
Note that when you open a file stored on a VeraCrypt volume, for example, in a text editor, then the
content of the file is stored unencrypted in RAM (and it may remain unencrypted in RAM until the
computer is turned off). Also note that when a VeraCrypt volume is mounted, its master key is
stored unencrypted in RAM. Therefore, you must disable memory dump file generation on your
computer at least for each session during which you work with any sensitive data and during which