LITIGATION SUPPORT TIP OF THE NIGHT

In Windows 7 if you to Start and type in 'Event Viewer', an application will launch that will allow you to track all login attempts to your PC.

In the Event Viewer menu list, select Windows Log and expand the folder tree. Select security. This will show you a log of events on your PC, and 'Date and Time' field will allow you to easily tell whenever someone has had your PC on.

Note that you may see entries with the Task Category of 'Logon' and with a note of 'An account was successfully logged on' on the General tab in the pane at the bottom, even when the someone has not successfully logged on and entered the correct password to access the system.

If you click on the 'System' icon in the tree, and scroll to find 'Error' level records, you'll be able to find notes reading, "currently configured password due to the following error: Logon failure: unknown user name or bad password." on the general tab. A good way to pinpoint when an unauthorized person was trying to access your PC.

You can use VeraCrypt to encrypt your hard drive. Go to the System menu and select, Encrypt System Partition / Hard Drive.

If you choose the Normal method of encryption, you'll be given the option to either encrypt the entire partition on which the Windows OS is running, or the complete hard drive. Users of a laptop notebook may have a special recovery partition that will lead an encrypted hard drive to become unbootable, so it may be wise to use the former option. VeraCrypt will allow you to account for a situation where you have more than one operating system installed.

You can select between nine different algorithms to encrypt the data.

At the next stage you'll be prompted to enter a password which must be between 20 and 64 characters. If you select the option for key files, you'll have to provide certain key files on a USB drive. The option for a PIM - Personal Iterations Multiplier - will require that you enter a number, which will later have to be given with a password when you boot up the computer.

At the next stage you move your mouse randomly in order to increase the strength of the encryption keys.

As part of the process you're required to create a recovery disk on an optical disk. If the bootloader gets damaged you can use this to get into your encrypted drive.

VeraCrypt also gives you the option to wipe unencrypted data on your drive.

When you reboot your computer, you'll have to enter the password to unencrypt the drive before your regular Windows login. Note that you'll be prompted to enter a PIM even if you haven't set one. Just press enter if you did not select this option.

The Tip of the Night for January 4, 2016 noted that you need a PC with the TPM (Trusted Platform Module) chip in order to access a Bitlocker encrypted drive. There is actually a way around this limitation.

Click on your start button, enter 'run', and then enter gpedit.msc to open the Group Policy Editor.

You then browse to ocal Computer Policy > Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives, then click 'Require additional authentication at startup'.

Choose the enabled radial button, and then check off the box that allows Bitlocker without TPM chip.

See this post by Chris Hoffman.