Just want to run this by the forum. My system drive has two partitions on it, one for windows 7, and one at the end for data. I'm running low on space on the OS partition and want to move the data in the second partition to another drive and resize the OS partition to fit the whole drive. Everything is encrypted with Truecrypt. What is the best way to proceed to avoid an outer body experience?
Its a simple process but Expansion is not how you'll have to do it. TC code won't allow system disk expansion. Move the data to its new location. Then do an OS backup on an external drive. Macrium Reflect is a great choice, but there are many great choices. This backup will allow you to restore the OS to exactly how it is when you create the backup. Now format the drive to one partition. [You didn't mention an EFI or hidden partition so I didn't discuss them either. When you say you have two partitions I am giving you credit for knowing those special cases are not present on your system]. This would be the time to WIPE the drive space IF you know there is "forensic" dirt that would cause you problems. In a one partition OS there is no hidden system disk so I assume you just want privacy and security but have no expectation of ever guarding against a high level adversary. Most are in the same scenario. In short, its a redo and not an expansion. The system disk backup will greatly facilitate the process, and also safeguard the future for disk failure. Let me finally add that there is substantial proof of weaknesses in the old TC code where system disk encryption is employed. Most if not all have been addressed in the VC code. But, in candor, for adversaries that are weak the TC code is ample. Why not use the latest and improved code since you are starting over anyway?
I think I want to stay on TC for now. My disks are MBR, no hidden partitions. I do have two other harddrives connected also encrypted with TC, theese automount when the system starts. I have acronis true image. I just created an image, the image is stored, for now, on one of the other harddives that are also encrypted with TC. I'm always a bit nervous around those images if something went wrong and I couldn't restore the image. Can't I (after having moved the data on partition 2) try and decrypt the os then resize the partition and encrypt it again while still having the acronis image as backup? If so would I decrypt from the boot loader? How will that affect the two other TC drives connected to the system?
Yes - but only in theory. Explaining: examination of the TC code reveals no issues for decrypting the system disk. For reasons usually unexplained there is a significant percentage of users that experience "crashes/freezes" during decryption. When/if it happens its often times game over without a working backup. We poured over the code line by line and what happens within areas of windows that can't be accessed made it impossible to conclusively determine the cause. It is NOT TC code but at times something gets mishandled somewhere in the background. I can tell you that I used Acronis circa 2009 and restored many dozens (likely over a hundred) of system disks from scratch. You will need two things which I can't determine you have available. 1. You need to create a recovery environment where Acronis will mount that environment in RAM and then you can select the recovery image and write it directly to your new system disk platter. 2. You MUST have access to your saved (and hopefully VERIFIED) backup image. It sounds like you are "hiding" the backup image within an encrypted volume, which would make it unavailable to the Acronis recovery tools. So picture an easy restore like this ----- > Insert a bootable usb and bring up the Acronis recovery environment. Now insert an external drive with a backup image on an available partition. NTFS most likely, but Acronis will auto span if you go FAT32 for a filesystem. Just write back the image. I am assuming you made a "hot image" meaning the used space and not a forensic copy of every byte. As soon as the image is written back and you boot up you'll need to encrypt your new drive. Done, and easy! ALWAYS and without exception DISCONNECT all other encrypted drives until you are done. While I am still preaching at you - LOL, take this time to make volume header backups of those encrypted drives if you don't have them immediately available. You have been warned. Yes, go ahead and decrypt from the rescue disk if you decide to go that route. I NEVER did that except to verify the process during code inspections. Why? Painfully slow and error prone. Acronis is far better and safer. As long as you have the two items I depicted above you can attempt decryption and then do it my way if it fails to complete. Remember, a hidden backup image is of little value until you figure out a way to access it using another computer. Get my drift here?
I have Acronis true image 2013, I assume I would have to use the "Rescue Media Builder" under tools and utilities inside the program to create a recovery environment? I should mention that I have the windows 7 boot files inside the windows partition as was suggested I think by you in one of my privious threads. Should I worry about these? Wouldn't they just automatically be in the image I made? Could I do an extra image with Macrium reflect, does it have the features I need in the free version? Volume headres of the other HDs are backed up. I have an extra HD. I was thinking of proceeding like this: 1. Put the OS images onto unencrypted media. 2. Restore one of them to an extra HD that I have (That way I won't destroy my current install) as a test. 3. Test the new HD to see if windows boots and that I can mount the other TC drives that I have. 4. Format my current OS drive to one partition. 5. Put the image on it. 6. Boot up to see if things are working. 7. Encrypt the drive. 8. Wipe my test drive and the media where the images was temporarly stored.
Sounds like a plan! It is important to know that your RAM based recovery environment is working. Of course I recommend always taking the extra time to do a VERIFY of the image when Acronis creates the backup image. You are making me smile with the notion of pulling out the drive and using an extra one just to be sure. Nothing wrong with that either, especially if you have never "acid tested" Acronis on your machine. Remember that Acronis allows you to AES encrypt the backup image so that too will be encrypted even on the regular NTFS external partition. You will need to unlock the image with the correct password to gain access when you need it. I switched to Macrium Pro years ago and mostly because I was able to construct a recovery environment where it uses USB3 drivers really well on my machines. I am sure by now your more modern Acronis does usb3 too, but I am not certain. I became comfortable with Macrium code, but there is nothing wrong with Acronis for what you are doing. Your disk sizes are somewhat small. I use multi TB volumes on some stuff so the USB3 drivers are critically important for and to me. Its 200 meg vs around 800 meg on the "speed meter". Reminding you to unhook those other encrypted drives if its easily possible. No sense in breaking something that is working fine.
Yes did verify the image. I will physically unhook those other drives. My other drives will be fine as long as I know the password and have the headers right? I mean, if the OS fails, I could acess those without the OS drive, provided I install truecrypt on another machine?
You don't even need to install TC on any other machine. You can run TC from a portable version on a USB ---- provided the user you are logged in as on the donor machine is an admin. OR you have the code to bypass the Windows UAC prompt when asked. The portable files are literally only a few meg and TC will create the portable folder for you. Just look in the TC control panel and it will be staring at you. LOL! TC is not OS specific. If I took your encrypted volumes (not system disks) I could easily open them on my machines that are running linux (obviously I would need to know the passwords). So if you have a Sata to USB cable and a spare little USB flash you everything to access those Sata drives on any computer. Simple.
I imaged the acronis image onto the spare HD I mentioned above. All the files seem to be there. However when I boot I get the following error: error: unknown filesystem Entering rescue mode... grub rescue> I did format this disk but Linux was installed previously on this disk, so I'm guessing the Grub is still there. What's the easiest way to get rid of the Grub. I have trouble finding my original Windows 7 installation disk. Also remember I have the boot files ("System Reserved" Partition) INSIDE windows partition as suggested by you. If I was able to just delete the Grub (don't have any use for it, linux is nolonger on this drive) wouldn't windows just start up? I still have my original windows OS that I can boot into, would be nice with a freeware utility or something that could delete Grub.
So if I understand you correctly the following applies: you used Acronis recovery (mounted in RAM) and wrote the saved system disk OS backup to the new HD? If yes, how did you PREP that HD before writing your new OS on it? Whether or not you forensically wiped it is up to you. Leaving that discussion as moot, was the HD formatted as one partition in NTFS before you started the restore? If you formatted that HD to NTFS did you also rebuild the MBR on the disk after your OS restore, or did you write back the MBR in the Acronis image?? Important, see below: I am going to give you credit for assuring your backup image is intact and you did indicate that you VERIFIED it with Acronis checker. However; when you made the backup image IF you saved the MBR (from old disk) and IF Acronis wrote back the saved MBR it is now WRONG for your new disk. The MBR contains a partition table in 4 different 16 byte slots. The other drive had more than one partition so the former MBR is inaccurate for the new drive. This is a simple solution if only the MBR is hosed, which is somewhat likely. You merely need to use any number of good free software products to rebuild/repair the disk MBR. I use Gparted in linux, but Partition Wizard is good if you are a windows guy. Your disk structure should look like this with NOTHING else existing: MBR in the first 512 bytes followed by ONE partition formatted to NTFS. You can easily view the disk structure in Windows command or much easier viewing in Partition Wizard (free). When you look at your new HD if you see the one NTFS partition after the MBR then simply rebuild the MBR using any method you know of. Its very simple. You have already stated that the OS boot files are inside the Windows system disk (great move by the way) so there should be NO hidden boot partition on your disk. Let me know after trying the above. If you rebuild the MBR and there is only one other partition, then there is no place/space for grub to hide/reside.
Yes It was just a matter of recreating the MBR real easy. I made a rescue disk, BTW, will the old rescue disk also work or should I throw it away? Should I make new header back ups, or wil the old ones work?
I am glad to have helped. Lots of people forget about how important that little 512 byte file is. It contains the geometry instructions for the partition and without it you can be dead in the water. If you made a rescue disk I guess that means that you went ahead and encrypted the new HD? I would make a copy of the new rescue disk, and as you will see the file is only a few meg. Burn one (which you already have I think) and then keep the digital file saved in case you lose or damage the rescue disk itself. You can burn a replacement rescue disk as an ISO on any computer, but you need that small file. Keep it safe. The old rescue disk is now invalid if you have encrypted the new HD. Even with the same password the header file is completely different than it was on the old drive. Plus the old rescue disk contains the OLD MBR and as you have seen its invalid for the new drive. Toss it! If I have misunderstood any of your questions its likely my fault because you communicate clearly and appear to think things through.
Yes, I encrypted the OS drive again now that it's on this new larger partition. So I guess the header is inluded in the rescue disk for the OS drive right? Should I backup the headers on the other hard drives? (these are seperate disk as in metal bricks you can hold in your hand) these disks were disconnected during this process, and I have header backup of those from a few years ago. I'm guessing the headers haven't changed on those drives.
Those headers should NOT have changed UNLESS you have changed a password in the interim. It sounds like those separate hard drives are device encrypted (more accurately partition encrypted). You might be doing yourself a large favor by backing up those MBR's. Not all disks contain an MBR that will build back to a generic one produced by various software products. Again, 512 bytes is almost a nothing file to retain in case needed. Suggesting only, not required.
