Using an unecrypted decoy OS with truecrypt hidden OS?
Solution 1:
Despite being a bad decoy, you can still use an unencrypted system as the decoy by simply not encrypting the decoy OS after you install it, using the TrueCrypt rescue disk to restore the boot loader, and pressing [ESC] on boot, to boot the decoy.
To boot the hidden OS, you type your password for it.
You may want to change the boot loader screen to show a custom message such as "Press [ESC] to continue." so at first glance, no one else will realize that there is an encrypted hidden OS.
When your decoy OS boots, it can see all the other partitions. You may then want to install tracking software (such as Prey) in case your computer or laptop gets stolen.
You may also want to install something that formats and overwrites your encrypted partitions so basically it will destroy your hidden OS. You might as well make it destroy the decoy OS by deleting everything.
So what happens is, upon boot, you have 2 choices:
- type your hidden OS password, and use your hidden OS as normal.
- type the wrong password, and it will simply hang. reboot.
- press [ESC] and it will boot your unencrypted decoy OS that will immediately attempt to locate itself and send an email to you, destroy the encrypted partitions, and destroy itself.
The forensic team or dude will have to image your drive first, but it's possible they won't get that chance and your hidden OS will be safe (and gone.)
Or maybe you are not concerned about the loss of data as much as the recovery of your stolen laptop, so therefore you have an unencrypted decoy OS that phones home when the thief uses it.
You can make it easy for the thief to be distracted by installing 3 web browsers (Firefox, Internet Explorer and Chrome) and a bunch of freeware games and they are all on the desktop. Then you can secure the decoy OS by using a guest account, or using something like Deep Freeze to prevent permanent changes to the decoy OS.
Solution 2:
An unecrypted decoy OS is a really bad decoy. It is pretty easy to spot encrypted data on a harddrive (there isn't much data that looks as random as encrypted files). It will be obvious to any forensics expert that there is encrypted data there. So what you want is 2 encrypted OS's. This way if you are asked to provided your decryption password, you can provide the decryption password for the decoy.
From the truecrypt FAQ:
Can I save data to the decoy system partition without risking damage to the hidden system partition?
Yes. You can write data to the decoy system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is not installed within the same partition as the hidden system). For more information, see the section Hidden Operating System in the documentation.
See this link for documentation.