Solved Using Imaging software with Truecrypt system encryption.

[Mikenet]

What I want to do is make backup images of all my operating systems using something like Macrium or Norton ghost.

I have some concerns with doing this however, the primary concern that I have is that one of my Windows 7 partitions is encrypted with Truecrypt. It requires preboot authentication using Truecrypts bootloader to be decrypted and used.

In my search for finding a good program to image with I have learned that there are problems with many imaging programs and Truecrypt system encryption. Ive read stories of people only being able to make unencrypted images of their encrypted partition. Others have said that an image restore of an encrypted system partition made their OS unbootable.

I should also mention that I have 3 operating systems win98/win7/win7 encrypted
Of these operating systems, Windows 98 was installed 1st. It is the active partition which I believe has all the bootmgr settings on it. I don't know if this is relevant but I also used easyBCD to make windows 98 bootable, and later installed Truecrypt on my last install of Win7. This probably modified the bootmgr again by adding the Truecrypt bootloader but Im not exactly sure how that works.

Anyways, All operating systems work fine as they are and Im hoping not to mess things up by restoring an image that doesn't work.

For my encrypted version of Win7 im thinking there is only 2 possible options for imaging..

First option is to find a program that can make an encrypted image of a Truecrypt system partition, then restore it successfully.

My second option is to just make an unencrypted image of my Truecrypt system partition, then if I need to restore the image, I could re-encrypt the OS after I restore it.


Id prefer the first option, but Id love to hear about how to do either successfully with Truecrypt. All ideas are welcome, but I should mention that Ive never used any imaging program before so step by step instructions on how to successfully make an image and restore it with my current setup would really help me.

Thanks in advance.

 

[Corazon]

I use TrueCrypt and Macrium, and I have done both ways successfully. Everything worked as expected.

As you've already figured out, when backing up the (encrypted and running) Windows system, you end up with an unencrypted image - but you can let Macrium re-encrypt it using its own (non-TC) encryption (registered version only). Restoring it will undo the Truecrypt encryption though and you'll have to re-encrypt it from scratch. But TC has no problem with an encrypted system partition that, from its own point of view, was "suddenly and unexpectedly" decrypted.

Quite cleverly, you can save your Macrium backups on an external storage device that's also encrypted with TrueCrypt, this way you don't need Macrium's own encryption. (You will need to run TrueCrypt from the WinPE rescue disc however in order to mount the encrypted volume on the external storage before you can access the backup and restore it. I do this by running Truecrypt from an USB stick after I've booted the rescue disc.)

I've also done a full sector-by-sector clone of my encrypted system using the WinPE rescue disk (since it allows you to both back up and restore). When I later restored this clone image and rebooted, it fired right up without any problem and the Truecrypt encryption was completely intact.

So, I can vouch that both ways of doing this are safe and work well.

 

[Mikenet]

That's comforting, you read my mind on the idea about storing the unencrypted Macrium image on an Truecrypt volume stored on an external HD. However this method adds a major step of having to re-encrpt the system partition, once you restore it, which took me hours the first time around.

So what was your procedure for making and restoring an encrypted image of your Truecrypt system partition? Did you have to run Macrium before the the Truecrypt password screen?

If so what did you use to boot macrium with and were there any special steps you had to take for this situation? Sorry for all the questions but Im very new to imaging.

 

[Corazon]

I have the full registered version of Reflect, so I have the benefit of the bootable WinPE rescue disc that comes with it. And this disc lets you both back up and restore, so I boot from that and then make the backup of the encrypted system partition 'as is'.

Since the system partition will be seen by the rescue disc as raw data instead of a recognizable filesystem, you can obviously only make a full sector-by-sector copy. The big advantage is not having to re-encrypt your system if you ever restore it from such a Macrium image.

But I think that despite the TrueCrypt encryption you can still benefit from compressing the image file if you wipe your free disk space clean while running your normal Windows system before you restart and boot from the rescue disc. (That was a mouthful, lol, but I hope you understand what I mean).

 

[Mikenet]

I think making an image with a paid version of macrium, prior to boot will be the way I go then. Or maybe I can use the free macrium and download WinPE if it's free.

I'm guessing that a full sector-by-sector copy will be the same size as the partition itself though. That should be ok as long as it restores the image properly.

Im a bit worried about if it will restore the TC bootloader properly, because I have 3 operating systems and I think my truecrypt bootloader may be on my Win98 partition. Its the partition that is set as active but im hoping this won't matter since that partition wouldn't be touched in an image restore of the win7 partition.

Thanks for your help, if there is anything else you can think of that I need to know when backing up or restoring an encrypted image please let me know.

Mike

 

[Corazon]

A full clone of a partition will still be somewhat smaller than the partition itself since Macrium can still compress the encrypted data - it just has more data (namely whatever is in the unused disk space) to deal with.

The TrueCrypt bootloader lives in the MBR of your system harddisk, not in any particular partition. Macrium always backs up the MBR and restores it for you (you have the option of not restoring the MBR but that wouldn't make much sense of course). So no worries, you're all set for what you're planning to do.

 

[Mikenet]

I hope your right, I'll give this program a try here soon. For the next few days I'll be preparing my system. I still have somewhat new OS installs but Ive been on the internet already with them for a couple months. So I'll run a couple virus applications and probably CCcleaner. Then I'll create all the images.

Wouldn't be anything worse than restoring an image of an OS that contains viruses or other problems.

 

[Mikenet]

I have full macrium now with a winPE rescue disk. Im a little lost navigating the bootable rescue cd though.

My biggest question is how do I make images or backups from this disk?

I see many options for restoring created images but nothing for creating new images.

These are the options I'm looking at......

Windows PE Rescue Environment

My idea was to create an image of the encrypted OS while it is still encrypted, in other words before its booted, then restore it as an identical encrypted partition. I believe that's what you managed to do but I don't know how exactly.

I'm also a bit confused about how to access TC and mount a partition from the rescue disk. This would be helpful if it's possible.

Thanks again

 

[Mikenet]

Disregard my last post, I just had to update macrium to update the interface. I'm still not sure about mounting a TC volume from the PE recovery disk though, if I could do this I could restore individual files to my TC volume without windows being booted. Not a big deal though.

I haven't made any images yet but I'll probably start with imaging my unencrypted partitions, then I'll deal with the encrypted partition.

Looking at the Macrium interface, If a clone is my only option for backing up and restoring a Trucrypt volume while maintaining its encrypted state, it's a shame these clones aren't stored and recovered the same way as images.

What I mean is, I cant store the clone neatly within an existing partition right? It's basically just a copy of the partition that is going to need a drive letter allocated to it just like the original? Or am I wrong? My computer has so many drive letters already that it's making me dizzy, lol. Ive had to hide some of them from view in windows just to keep things neat.

Im also hoping that restoring the clone to its original location is easy. I see the restore image feature in WinPE, I dont see a restore clone feature. So how were you restoring the clone to its original location?

Thanks again

 

[Corazon]

Nono, the clone is saved as a regular .mrimg file just like an image made with 'intelligent copy'. There's no difference otherwise. Don't confuse a clone image with a partition-to-partition copy (that's not what Macrium does).

As for TrueCrypt, I have a copy of TC on an USB stick, from where it will run in portable mode. What I do is simply insert my USB stick after the WinPE environment has booted, open a command shell, navigate to the stick and start TC from there.
Then I can mount my encrypted system partition with the 'mount without pre-boot authorization' option checked.

 

[Mikenet]

I may have been testing out the wrong feature. Since I remembered you talking about cloning for the encrypted OS, I went directly to the "clone disk" feature from WinPE, then I deselected the unencrypted partitions so I could see if I could clone just one partition.

Using this method the recovery disk asked for a destination drive. I selected my external HD, which has two partitions and some unallocated space. The program was insistent on adding the cloned partition to the unallocated space, as if it would be an exact partition copy.

However I took a closer look at the recovery program and decided to click directly under the encrypted OS and select "image this partition" from there I selected my destination folder for the mrimg to be created, then under advanced setting I deselected "intelligent sector copy" and instead selected "make an exact copy of the partition". Is this right?

Oh, There were also some other options for things like a password, but I'm assuming I don't need this on the encrypted OS since I'm creating an image of the OS in it's encrypted state, correct?

If this is exactly what you did, please give me the thumbs up. Sorry for the relentless questions on this but I think I'm a bit lucky that the one person who responded here has tried exactly what I'm about to attempt.

Not to mention that this is going to be a one shot, get it right the first time thing for me. I spent about a week getting every program I wanted, optimizing windows settings, updating drivers, and running virus scans and registry cleaners, and all this on 3 operating systems. My computer is in optimal shape for the hardware, so getting the images right while it's in this condition would put an end to a long project.

 

[Corazon]

You're correct on all counts. (I realize I said Macrium doesn't do partition clones, but as you figured out it does. I wasn't aware of that myself.)

It sure is lucky that you ran into me LOL, but I'm more than happy to pass on my knowledge - I had to figure it all out on my own and do some testing as well. Why shouldn't you or anyone else benefit from that

Good luck!

 

[Mikenet]

To update, I have the images created for the two unencrypted OS partitions now. I used standard "intelligent sector copies" for these. Since these are compressed I had plenty of room for making two images for each of these OS partitions.

For the unencrypted win7 for example I made both a partition image, and windows image using intelligent sector copy. I was guessing that a windows image can be used to restore windows without overriding my programs and data on the partition.

However when I looked at the sizes for the images, the windows image was the exact same size as the partition image. I'm not sure what that's all about, I figured a windows image would be smaller but at any rate it's their if I need it.

I'll be making two images for the Truecrypt OS as well, probably today or tomorrow.

One image will be made before the OS is decrypted from the WinPE disk, as you explained . I'll store this, as is, on my external HD. I'm going to attempt to access the data on this image to ensure the image is indeed encrypted.

I assume it will be, but it will be an interesting experiment to check for loopholes in truecrypt encryption.

The second image I make for the encrypted OS will be from windows after the OS is decrypted, I'll make this one using intelligent sector copy, and save this one on a truecrypt volume since it will be created unencrypted.

This image will be my backup if the other method doesn't work, in which case I'll be forced to re-encrypt the image after it is restored.

Im still debating on whether or not I should test out restoring one of these images, I think the cautious part of my personality is telling me to wait until something goes wrong before restoring.

 

[Corazon]

If the backup goes well, and if you let Macrium verify the image and it comes back OK, then you can rest assured nothing will stand in the way of a successful restore.

For the unencrypted Windows 7 for example I made both a partition image, and windows image using intelligent sector copy. I was guessing that a windows image can be used to restore windows without overriding my programs and data on the partition.

However when I looked at the sizes for the images, the windows image was the exact same size as the partition image. I'm not sure what that's all about, I figured a windows image would be smaller but at any rate it's their if I need it.

I'm not sure I understand, what exactly do you mean by "Windows image" and how would it be different from a "partition image"? Did you make both these images from the WinPE disc?

Whether or not you use "intelligent sector copy" doesn't change the fact that you're always backing up the entire partition with all data inside it - Windows, programs, settings, everything. The difference lies in whether unused filesystem clusters are backed up as well.

Intelligent sector copy skips them, but technically you still end up with an image of a complete partition - minus whatever data actually resides in those clusters marked as unused by the NTFS filesystem.

 

[Mikenet]

I set all the images to verify and they checked out ok Now I also have the encrypted partition imaged as well, with two copies.

All the images were created using the WinPE disc with the exception of the second image I made for the encrypted Win7. I wanted a backup for that partition as well, so one of those images I made after the OS was booted and I stored that one in a Trucrypt container, since it was created after the OS was decrypted.

I also confirmed that the encrypted partition that I imaged from the WinPE disk was indeed created as an encrypted sector by sector image, because that image turned out to be over 30 gigs, and when I tried to read data on it from WinPE it asked me if I wanted to format it, which is typical of encrypted volumes/partitions. So that's cool.

About the "windows image", there was an option from the WinPE disc that let me make an OS image, or it might have said Windows or perhaps system image. From what I remember this was a separate option from imaging the entire partition.

Perhaps I should read up on this more because on both my unencrypted OS's I made one of these windows images, and one standard partition image. I also used identical settings for both types. Intelligent sector copy with the same compression method was used for both the standard images and the windows images. Whether or not I used the create windows image feature, the images turned out to be the same size as their standard counterparts though.

It might have been that the program itself just allows you to create the same type of image in two different locations from the menu, then they decided to label one of the menu options differently than the other, calling it a "windows image".

I dunno, but I do have two copies of each partition at the very least.

Thanks again for your help, i really needed it on this one. Im always a bit jittery with new types of projects, even though I have experience in computers, software concepts that are new to me always have me scratching my head for a while.

BTW if I mark this topic as solved will it prevent further post? I may want to leave the topic open in the case that I decide to do a restore in the near future and I run into a problem.

 

[Corazon]

That does make sense (about partition images and 'Windows images' being the same thing). Glad to hear you've been successful with everything!
Feel free to mark this thread solved; you can always just start a new one if you run into any issues with restoring.

 

[Mikenet]

Thanks again Corazon, I'll return to this site if I ever have a problem restoring.