TrueCrypt’s Deniable File System
Bruce Schneier talks about a paper he helped write with a few other researchers on breaking the deniable encryption feature of TrueCrypt.
The claim behind this feature is that you can have a secret encrypted file system that will remain undetected, and so you can deny its existence if your drive is confiscated somehow. Schneier and the other authors prove that this deniability is rather weak. Since the encrypted file system is stored and used within a normal operating system (Windows, Linux, etc.), traces of its existence are scattered throughout the unencrypted parts of the hard drive. There are swap files, temporary files, and other remnants created by various applications, such as word processors.
Since the paper [PDF] came out, TrueCrypt released version 6.0, which addresses many of the issues presented in this paper. But the bottom line is that you shouldn't depend on this deniability feature. It's much safer to encrypt the entire disk, to ensure that sensitive data isn't left on unencrypted portions of the file system. The only problem with this method is that you can't deny having anything encrypted.
