UPDATE: There is a new version of this guide available for Kali Linux 2018.
Please see: Kali Linux 2018 Live USB with Encrypted Persistence (Windows)
In this guide we will create a bootable USB of Kali Linux Live and configure an encrypted persistent partition so we can securely retain files and settings between reboots. You will need at least an 8GB USB drive.
If you want persistence without encryption, please see: Kali Linux 2017 Live USB with Persistence (Windows)
1. Write Kali Linux ISO to USB
Download the latest Kali Linux ISO. Both the 64 bit and 32 bit versions are good for this guide.
Select Kali Linux from the dropdown. Browse for your downloaded ISO file and select the correct USB drive.
Check the box Fat32 Format Drive (Erases Content), and then click Create.
It can take up to ten minutes to write the ISO.
2. Resize USB Partition
Once the ISO has finished writing, download and install MiniTool Partition Wizard Free Edition.
Run the program and locate your USB drive. Right-click on the blue disk space bar and select Move/Resize from the menu.
Resize the partition to 4GB and click OK.
In the example above, I am using a large 128GB USB drive.
3. Create New Partition
We now need to create a new partition in our unallocated space.
Right-click on the unallocated space and click Create.
Click Yes if you see a message “The new created partition cannot be used in Windows. Because Windows could only recognize the first partition on a removable disk. Do you want to continue?”
In the File System menu, select Unformatted and click OK.
Finally, click Apply to begin the partitioning process. It may take some time depending on the size of your USB drive.
4. Boot Live USB
Once partitioning is complete, restart your machine and boot from USB.
You may need to do some searching on Google on how to boot from USB on your particular machine. Repeatedly pressing one of the function keys (F12, F2, etc) or the ESC or Delete keys on bootup will invoke the boot or BIOS menus on most machines.
In the Kali boot menu, select Live system and press Enter. The menu may look different depending on your version of Kali. It’s usually the first option you want here. Don’t select the persistence option yet, we will do that later.
If Kali prompts for login details, the username is root and the password is toor.
5. Initialize LUKS encryption
Firstly, we will run
fdisk to identify the device name of the empty partition we created earlier.
Open up a terminal window and run:
You will see several entries for drives and partitions listed. Look for your USB drive. It will have a boot partition where Kali resides and the empty partition you created earlier.
Device Boot Start End Sectors Size Id Type /dev/sdb1 * 2048 12584959 12582912 4G c W95 FAT32 (LBA) /dev/sdb2 12584960 242614271 230029312 110.6G 83 HPFS/NTFS/exFAT
In this example, my empty partition device name is
We will now initialize LUKS encryption on
sdb2 with the following commands:
cryptsetup --verbose --verify-passphrase luksFormat /dev/sdb2
You will see a warning. Type YES and press
ENTER to overwrite data.
Enter a passphrase of your choice. Don’t forget it!
When you see “Command successful”, run the following command:
cryptsetup luksOpen /dev/sdb2 my_usb
Enter your passphrase one last time.
6. Configure Persistence Partition
ext3 filesystem. This may take a minute.
mkfs.ext3 -L persistence /dev/mapper/my_usb
Label it persistence.
e2label /dev/mapper/my_usb persistence
Mount the new encrypted partition.
mkdir -p /mnt/my_usb
mount /dev/mapper/my_usb /mnt/my_usb
Set up the persistence.conf file and unmount the partition.
echo "/ union" > /mnt/my_usb/persistence.conf
Lastly, close the encrypted channel to our persistence partition.
cryptsetup luksClose /dev/mapper/my_usb
7. Reboot and Test
Restart and boot from USB, and from now on always select Live system (encrypted persistence, check kali.org/prst)
You should see a message like below.
Please unlock disk /dev/sdb2:
Enter your passphrase and press
ENTER. Kali should now load.
To test if persistence is working correctly, try creating an empty test folder on the Desktop and restarting. Select Live system (encrypted persistence, check kali.org/prst) again and if the test folder is still there, persistence is working correctly.
p.s. I increased my AdSense revenue by 68% using AI 🤖. Read my Ezoic review to find out how.