Backup & Restore Encrypted System Drive With True Crypt

1 view
Skip to first unread message

Ka...@no.email.com

unread,
Nov 28, 2019, 6:31:18 PM11/28/19
to
I found this article some years ago in Wilders. It worked twice for
me on my XP machine. It might help someone else.

I used older Acronis True Image version 8.0.and TrueCrypt 7.1a.

https://www.wilderssecurity.com/threads/encrypted-drive-acronis-ti9-securedoc-if-anyone-interested.131124/

To All -
I have been testing (over past year or so), how to reliably
encrypt my hard drive, and also enable recovery of this in a disaster.
Encryption poses its own problems, if the FULL drive is encrypted
(more secure to me than just encrypting partitions, due to the
protection of encryption of all sectors, swap file spaces, operating
system bootup, etc)
and this poses problems for backup.
Backup of a FILE that is encrypted is easy; file is backed up as
is, and can be opened with its unique key.
Backup of DRIVE that is encrypted is difficult; backup utility
must get sectors correct, despite not seeing data.

I welcome ANYONE to enter this discussion; I am posting my
results, tests, etc; I've started a similar thread before, then gave
up due to lack of others' interest, and lack of time to test.
BUT, with new acronis TI 9 (3567 and above),and ability to back up
individual partitions that ALSO include the MBR, I started to pursue
this again.
I'm passing these results to both this forum, and to SecureDoc, as
my tests seem to indicate a reliable method of backup. AGAIN, I'm only
one person, testing, and I can't guarantee these results, but any help
on this is appreciated.


Testing of
Acronis TrueImage 9 Home
SecureDoc Encrypted drives

Testing Multi-partition drive
40g, Seagate, C: NTFS (XP operating system), D: NTFS data, E: NTFS
data

Goal -
to be able to back up the ENCRYPTED drive, either as
encrypted/unencrypted, to enable Data Recovery for emergencies.

Backup can be done, from windows, as FILE MODE, when drive has
been booted up, ; either using any windows backup program, and also
Acronis TI9.

BUT, problem has been how to back up an IMAGE of any/all
partitions, and copy these images to another drive, and boot that
drive, for disaster recovery.

PROBLEM -
SecureDoc disk is encrypted. When backing up partition, it takes
up lots of space, as Acronis sees it as unrecognizable data, and does
sector-by-sector backup (This is GOOD, if able to be done, but just
problematic with size)
SO, if C: is small (xp partition), but D: and E: are large, doing
the full backup takes up lots of space.

SOLUTION - (Partial) Acronis TI 9 (3567 and above) enable
INDIVIDUAL partition backups that ALSO include the MBR (critical). SO,
I caan attempt to back up C: (image), WITH the MBR; and then do D: and
E:, as FILE backup (thus shrinking their backup size)

CONCERN -
with the encryption, question whether this can be recovered, etc,
and rebuilt; I've been testing this in the past, with mixed results.

PROBLEM (for both encrypted and unencrypted drives) with IMAGES -
especially c: (operating system) partition. we are assuming that the
drive will fail (usually happens that way) and we are then going to
recover the image to a new drive, for SAME machine. BUT, if MACHINE
fails, then IMAGE has less usefullness, because no easy way in ANY
recovery to transfer this DISK (or its image) to a NEW DIFFERENT
machine

PARTIAL SOLUTION - IMAGE backup of C:, if drive was unencrypted,
can have files extracted. BUT, if an ENCRYPTED drive (and image), then
image can NOT be mounted and viewed; but you could do an associated
FILE backup of the C: drive

OK, those aresome of the items that I considered in my testing.

Software/equipment
Acronis TrueImage TI9 (3567)
secureDoc diskEncryption
Testing Multi-partition drive
40g, Seagate, C: NTFS (XP operating system), D: NTFS data, E: NTFS
data, all encrypted (full drive encryption)
60g IBM, empty drive
disk wiping software

Booted, got secureDoc key/password entry; entered it, selected
<F8>, which allows CD boot after encryption authentication.
Booted the Acronis TI9 disk
Did backup of C: partition (which included MBR)
Acronis sees that there is a partition, but does not recognize
what it contains, or what type it is. It tells me that it will need to
do a sector by sector backup.
I do the backup to an image

I REMOVE the 40g drive, insert the 60g drive, wipe it with '0'
disk wipe.
I boot with acronis TI9, and restore to the 60g, the C: partition
and the MBR

I boot the 60g drive
it tells me that "SecCode Not Found" (a SecureDoc message)

I boot with an emergency boot disk of SecDoc, that has the MBR of
40g on it.
I start the SDEMGREC.exe program (MBR recovery program)
Tells me that partition is different on disk than on CD - I type
"I AGREE"
tells me "opening Diskette error - continue
tells me "fail to backup MBR, continue = I answer "y"
tells me "ready to replace MBR disk 1 - proceed - I select OK

Asks me "automatically replace SecDoc space in HD with contents of
Emergency Disk (not sure what this means), - I select "no"

tells me "sector 0 data on HD is dffernt from backup, continue? I
select "A"ll
it goes through this, repeating that message, from sector 0 to
about sector 500, about 3 passes
NOT SURE what it was doing
It then says it is complete.

I then BOOT
It boots to the SecDoc key, and password - I enter it
It then boots into WINDOWS XP, with a working C: drive !

SO, what have I done?

It appears that I WAS able to BACK up my C: image, as an ENCRYPTED
image, along with the MBR
AND, then RECOVER it to a DIFFERENT drive, as the C: and MBR,and
then load the SecureDoc MBR control,
AND have it boot.

To load D: and E: (prior backed up as files), I could have
unencrypted the drive, repartitioned the D: and E: on that drive,
added the files, then re-encrypted everything; this would have let me
recover from disaster;


To me, one of the hinderances of Encryption is ability to restore
a working disk in event of disaster. The above results, if I can get
them reproduced, seem to indicate this is possible.
AND, DATA as noted before can be backed up as FILE method (more
easily restored)

Any feedback from anyone on this, further testing, etc, is
appreciated.
Nick


aoz, May 11, 2006
#1

Anonymous Remailer (austria)

unread,
Nov 29, 2019, 4:18:06 AM11/29/19
to

In article <zy4nevwp1wgj.r4er2g45bq7g$.d...@40tude.net>
Use GHOST -IR.

The REAL GHOST, not the Symantec fucked up the ass worthless
piece of shit, i.e. "Ghost1n".

Reply all
Reply to author
Forward
0 new messages