Need guidence for encrypted portable virtual machine

Hello again,

I apologize for the long post ahead of time, but I appreciate any input to help solve my problem.

This evening I’m working on a method to get a virtual machine that I can run off of a portable ssd drive that would be encrypted. I was hoping that in the event that I’m on the go, I could just plug in the drive, decrypt, and start the virtual machine.

My thought process so far is that I could use veracrypt to fully encrypt the portable ssd drive, then run an application called ‘Portable VirtualBox’ to run the virtual machine portion and then ensure that the virtual machine networking goes through a proxy to connect to the internet.

As of right now, I have the drive fully encrypted and working.

Though it seems that Portable VirtualBox isn’t working well with my windows 10 environment and is pretty outdated as it is still running a 5.X.X version of virtualbox.

I do have some concerns on what could potentially escape or leak from the virtual environment onto my windows 10 installation even with disabling most of the settings that share data like clipboard, file sharing between the host and OS and so forth. I’m also worried about what information would be left behind on Windows 10 (drivers and stuff like that) that could lead someone to believe that I have a hidden vm somewhere.

My questions:
With Portable VirtualBox not working as expected, are there any
known alternatives that could be used in place that are portable?

I’ve also seen different arguments about what networking methods should be presented to the virtual machine (Bridged vs NAT). I want to ensure that this virtual machine can’t reach anything on my physical network and all traffic is routed through the proxy that is setup later on the vm.

Another idea that I had to prevent some of the threats above is to just install the operating system directly onto my portable drive and boot directly to it. Though I’m not sure how I would do encryption (beyond OS encryption) and not sure how portable it would be since it would need to have drivers and support for any machine that I plug the drive into.

Thoughts, criticisms, and questions are welcome!

so it seems like you need some custom live cd, perhaps runngin Linux for portability.

I read your post twice, and still don’t know the intended use case:
A: Secure / private use of the machine, i.e. private browsing without logs on host
B: running a service / program isolated from the other system
C: A single instance of a system you can take anywhere that isn’t tied to any hardware, adn can go wherever you do.

so private so you can see stuff really incognito, or private so no-one knows the secret server is running in the background/on the network?

Thank you for your comment, I’ll try to clarify further since my original post didn’t do justice :smiley:

It is kind of a blend of A, B, and C. Though, I’m not running any persistent services for end users. Just a basic operating system for personal use.

The intended use case:

A fully portable encrypted linux operating system so that I can do secure web browsing and file storage and ‘research’ while minimizing traces of the operating system on the physical host machine in the event it was checked.

I’m still debating on what method is best to limit exposure of this hidden operating system that runs off the drive.

First of all, don’t do bad stuff.
Especially terrorism.

As much as encryption is touted as a security threat, most terrorists are caught by other means, and even as secure as you are, they’ll still get you…

In your case it sounds like a live USB of a Linux distro won’t leave logs on the host machine, as long as you boot straight to it.
It might leave traces that you booted another OS, but nothing actually useful for investigators.

Once in an environment however, the network traffic can still be logged as normal at firewall, router and ISP level.
For privacy, you’d want to set up a vpn (paid or open)


Agreed, I feel that I may abandon the vm method and just stick with the live usb, less risk, less traces.

Already have a solution for this :smiley:

1 Like