TrueCrypt encrypted Partition: How to backup?

Discussion in 'privacy technology' started by SYS 64738, Mar 5, 2008.

Thread Status:
Not open for further replies.
  1. SYS 64738

    SYS 64738 Registered Member

    Apr 29, 2006
    After having had a serious hard drive damage i lost all my data on my secon internal hard drive including TrueCrypt partitions.

    Now, i would like to be as sure as possible that this wouldn't happen again. I got a new second internal hard drive and created there again a TrueCrypt encrypted partition. This secondary drive is partitioned as follows: One primary partition and one extended partition with two logical drives, which are the TrueCrypt partitions.
    My plan is to backup these encrypted partitions on a 500 GB external usb drive, which consists currently of only one partition.

    But i'm not certain about the method to backup. Is there a possibility to do that such, that it works like Terabyte's IFD? Meaning, if i'm forced to have again a new hard drive i'll just create the again an extended partition and then restore the TC partition (which, of course, should be decryptable).

    TrueCrypt partitions are not recognized as such by Windows itself, so it has to be a backup program that copies the whole partition sector by sector, regardless if it contains data or not.

    I hold licenses of all Terabyte products like IFD, IFW, BING and IFL, but i haven't used BING very much up to now.
    I'm not sure, which program is used best. IFD? but then i have this image files, can they really restored to an encrypted partition? Or is partition copy using BING the proper choice?

    I read also in the TC forum, that some people are using this freeware here but it does not work properly on my system (issues with screen resolution and large fonts).

    So, what would be your suggestions? Or might it be the easiest way, just to create a TC container with different password and so on on my external drive and copy all file from the decrypted partition there? This would take the most time i guess, but might be the safest option.
  2. KookyMan

    KookyMan Registered Member

    Feb 2, 2008
    Michigan, USA
    What I would suggest would be to use a backup solution of your choice, and back up in the clear. You could also use encryption if your solution supports it. (IE I think that Acronis supports AES image encryption. Then its still not in the clear, and smaller than a sector by sector.)

    Then just physically secure the external media somewhere. Thats the simplest. Remember, if your HD completely goes down, you'll need to be able to read your backup images. If they aren't encrypted, that makes it a lot simpler.

    If they are encrypted, you'll need to be able to boot into a working OS to access the images with TrueCrypt, along with the TrueCrypt Rescue CD to recover your boot loader.
  3. rwt325

    rwt325 Registered Member

    Jul 28, 2005
    Strasburg VA
    I backup my True Crypt drive with Acronis True Image v11
    True Crypt drive must be mounted to show on Windows Explorer and ATI.

    From the Acronis True Image menu choose "Backup My Data" and not "Backup My Computer". The first choice will show the True Crypt drive, the second choice will not.

    When I click on the backed up image I get a True Crypt logging on screen. However I have not yet an occasion to restore the backed up copy.
  4. noyb2008

    noyb2008 Registered Member

    Mar 18, 2008
    Hi guys,

    This is my experience to date:

    Vista partition ~120Gb - system encrypted with TrueCrypt.
    Lots of extra partitions thereafter, some encrypted, some not.
    500Gb Seagate FreeAgent Desktop external
    Acronis True Image 11 Home

    -NOTE: Before doing anything I assume you have made a valid and current TrueCrypt Rescue Disk. Also next to essential for those of us who didn't get a Vista disk with our new PCs is a WinRE 2.0 disk from which you can boot up Vista in case of trouble and fix any damage done. Neosmart is hosting a copy here.

    -1st attempt: I tried doing a sector-by-sector backup of the system partition using ATI. To do this, I booted from the ATI CD and executed the backup from there. No compression (didn't want to risk buggering up the encryption on restoration). This succeeded but it took 13 hours, including verification of the backup. However, when I came to restoring the partition ATI would not let me select the C: partition as a target partition. Partitions which are deemed to be 'already restored' or not large enough to restore the image to are automatically greyed out. Since I made a sector-by-sector image of C: the image should be exactly the same size as the partition and so ATI should have let me restore it there.

    -2nd attempt: Decrypted the system partition. Tested ATI with an unencrypted system partition made from ATI within Vista. Normal compression. This took 40 minutes to make an image of about 40Gb. Booted up from the CD. Verification of the image took 2 hours. This time backup proceeded normally and it took me 2 hours to restore the backup. N.B. when restoring I did not select to restore the MBR. No problems encountered, removed CD and the system booted up as if nothing had happened. Very good.

    Next step - reencrypted the system partition. Again made a full backup image (but this time it is from within an encrypted partition which is being decrypted on the fly). This time I verified from within Vista and it only took 10 minutes. NOTE: I set a password for the backup but this only seems to restrict access. ATI Home DOES NOT APPEAR TO OFFER TRUE ENCRYPTION OF BACKUPS. (I think you need the corporate version for this. Personally I think this is Microsoft-style thinking. Individuals need security too.) Shutdown, booted from CD. Restored system partition from the image just made. Again, didn't select to restore the MBR. Only took 1 hour this time. Removed CD. When booting up, you still get TrueCrypt's Pre-Boot Authentication screen but this is to be expected since we haven't touched the MBR. Just hit Esc and Vista should now boot up normally. Of course, you will need to re-encrypt the system (which takes about 2 hours for me). To do this, you will first need to launch TC, then decrypt the system. (This will be near instantaneous as all this does is remove the TC.mbr.)

    The advantages of doing it the 2nd way (other than the fact I couldn't get the 1st way to work :p ) are;
    -the images are smaller
    -the whole process is a lot faster
    The major disadvantage is that the images are not encrypted - only password protected. The solution to this would be to encrypt the images using TC. However, you then wouldn't be able to access them in ATI. The process in this case should then be as follows.

    Create a boot disk with ATI and truecrypt.exe installed.
    Use truecrypt.exe to mount the partition/container containing your image from the command line.
    Now use ATI to restore the image.

    Haven't tried this yet but will do it when I get around to it.

    NOTE: This is only my procedure for system backups. Am in the process of implementing backups for my data partitions. Will follow the TC manual advice on this and use TC to encrypt the images. Since I assume the system is working at this point, it should be a simple matter to access, decrypt and restore these images from within Vista.

    NOTE: If you are running Vista and for some reason your MBR needs to be restored but you do not restore the system partition itself then most likely your bcd file will now be out of sync with the MBR. When you attempt to boot up you will see a message to the effect that winload.exe is missing or corrupt (not true) and get a status '0xc000000e'. Either you can restore the bcd file (though this might overwrite any changes you have made e.g. dual boot) or you will have to edit it. The latter is easy to do. Boot up with your WinRE disk and open a command prompt.

    (assuming C: is your system partition)


    This should show you your bcd file. If you see entries where 'device' or 'osdevice' are marked as 'unknown' then you need to fix these, e.g.;

    bcdedit /set {bootmgr} device partition=C:
    bcdedit /set {default} device partition=C:
    bcdedit /set {default} device partition=C:

    If you have other partitions which need to be changed or different identifiers then you will have to amend the identifier name in {}.
    Run bcdedit again to confirm the changes.
    Remove disk and reboot - system should now boot fine.

    If you haven't made any changes to your boot setup then even easier is to just rebuild the bcd.

    cd boot
    attrib bcd -s -h -r
    bootrec /RebuildBcd

    Remove disk and reboot - system should now boot fine.
  5. SYS 64738

    SYS 64738 Registered Member

    Apr 29, 2006
    I did now some testing on my own, using Terabyte's IFD, IFW, BiNG,
    selfimage and
    DFSee ( ).
    Only selfimage does not work so good for me, i didn't understand how to restore.
    I created for testing a small (1.5 GB) encrypted partition. A logical drive on an extended partition. After creating images, copies, and clones respectively (every time from the unmounted, encrypted partition to an external usb drive, except for BiNG, which doesn't detect the usb drive on my USB 1.1 port, however) i deleted the logical drive in the extended partition by wiping with BiNG. Also deleted the extended partition itself, but for so restoring procedures (IFD, IFW, and DFSee i created an empty exteded partition of the same size again.

    BiNG was the most convenient, and the fastest. Very simple, bullet proof i would say. You have to copy to empty disk space, not formatted before. Result is then a primary partition of the size of the TC partition. This copy is mountable as well! Same after copying back. :thumb:

    IFD, IFW images were also easily restored to the empty extended partition again, images were not compressed as i created them. No problem with mounting again, got all data back.

    Finally the real meat, DFSee. Ok, this took some time to understand, how to work with this. I tested not yet the imgaging feature extensively, it seems to need a FAT16 formatted partition to write the copy of the TC partition. Cloning to empy disk space worked well, as did restoring. Took more time than the Terabyte programs.

    So, for me i found out what i was searching for. But it may be safer, just to create a seperate TC volume for backup, so you don't have a second identical TC partition with the same password, but different content, when you don't backup every time after changing the content of the first one.

    All in all i would highly recommend Terabyte's solutions.
Thread Status:
Not open for further replies.