Boot-To-Restore Software and Truecrypt

Discussion in 'sandboxing & virtualization' started by LockBox, Jan 14, 2012.

Thread Status:
Not open for further replies.
  1. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm running a new Windows 7 64-bit laptop with full system encryption using TrueCrypt. I'm looking for supported, and actively developed, Instant System Restore software. No need for multiple snapshots - I just want simple reboot-to-restore. What is the latest information on compatibility of ISR products and TrueCrypt?

    Deep Freeze? Returnil System Safe? Drive Vaccine/Baseline Shield (same product)? Clean Slate? Are any of these compatible with TrueCrypt system encryption? Did I miss a piece of software that might work?

    You'll notice I left out Shadow Defender due to Tony's disappearance and all that's gone on with that. I also left out Rollback-RX, Returnil RVS Pro, and some of the other programs that act as "suites" of sorts, offer multiple snapshots, etc.

    I would like to hear from the Wilders hive as to your thoughts, experiences, or whatever might help. As always, thanks in advance!
     
  2. Boost

    Boost Registered Member

    Joined:
    Feb 2, 2007
    Posts:
    1,293
    Deepfreeze and Returnil never let me down. I never used them with encryption though.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Hi, well i'm not on W7 or 64 bit or FDE, but i've NEVER had a problem with SD here. I use TC, but only containers, not FDE.

    If you want to try it, PM me ;)
     
  4. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm familiar with almost all of these products - just not the compatibility with TrueCrypt. Does anyone here use one of these WITH TrueCrypt system encryption?
     
  5. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    I've been just about to set up a FDE, but I've run into problems that seem to be insurmountable - dynamic disk (not supported), 100MB system reserved partition, OS and boot on Disk 4 etc.

    Reading about FDE, I've seen in the PGP documentation that Deep Freeze is incompatible with PGP WDE. Since all FDE software is similar in main things, I guess TC could be incompatible with Deep Freeze too.


    EDIT: Just found on TC forum about RollBack (I'll copy the post):

     
    Last edited: Jan 20, 2012
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,599
    I am a long time and very active member on the TC forum (different user name). What you want to do isn't going to be possible and its a good thing that it is impossible. The recovery tools will not be able to mount any file system on the encrypted system disk. While its frustrating for you its a great thing for the security of TC. The PBA security means that recovery tools cannot be effective.

    If you could do what you want then where is the true security? I surely wouldn't want a recovery tool that could even touch my fully encrypted and protected system disk.

    You could mount a linux OS in RAM and if it had TC in the build you could do "mount without PBA" repairs and such. Also, if you have backups you obviously could do restore on files/registries/etc.... with the OS up and hot!

    WDE leaves the system disk off limits to any recovery tools that require a recognized file system. I don't see any way around that. Glad I don't either.
     
  7. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    That's why I specifically said "reboot-to-restore." It's a different animal than recovery from snapshots, etc. I have found out Returnil (System Safe only), Drive Vaccine, Rollback (instant restore function only), and Deep Freeze are all compatible with TrueCrypt (Deep Freeze has issues with PGP - but no conflict with TC). The key is to install the product first and then encrypt the system.

    There's no security risk - whatsoever - in using FDE with an ISR product. The baseline image is still fully encrypted and cannot be touched without PBA.
     
  8. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    For me, encryption and snapshotting technology are incompatible and can only run safely with a suite (i.e., the same company snapshots and encrypts).
     
  9. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I just don't understand this at all. If all execution of the instant restore is done AFTER pre-boot authentication for the encryption - what's the problem? Specifically? Do you really have facts to back this up? Or, is this just a shoot-from-the-hip thought? If so, that's perfectly fine - we all do it at times, but if you give it some thought and can post back with something that makes sense of your theory - it would be appreciated by many.

    Same goes for you, Palancar.

    It's important enough to hear very specifically what the threat is under the conditions I have described.
     
  10. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    It's a driver layer egg and chicken problem. The bottommost driver controls the others. In this case, which is done last? The encryption or the snapshotting?
    I'm talking by experience: not a snapshot program (low level disk sector snapshotting) works with encryption nowadays.

    Besides, the concurrence for the MBR. Only one application can control it. So, my opinion about having a suite that can manage both things at the same time and avoid conflicts.

    Doskey is a Comodo programmer and talks about it.
    http://forums.comodo.com/bug-report...d-truecrypt-t58263.0.html;msg409201#msg409201
     
  11. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    What you are talking about are the programs that keep multiple snapshots on a hidden partition that is created for that purpose by the application. With ISR products (no multiple snapshots) you do not have that problem. In fact, that's why I specifically ruled out those "multi" applications in my OP.

    I now know that several of these simple reboot-to-restore programs (no multiple snapshots) will work with TrueCrypt. It's important the program be installed first and then encrypt the system drive. As I have said, the drivers needed for the boot-to-restore only load after pre-boot authentication. Hence, no security problem.

    Edit For Example: For example, a developer with Horizon DataSys explained the above in an email to me (much appreciated) and said their product "Rollback-RX" and its re-branded "EAZ-FIX" will not work with TrueCrypt. But, it's basic reboot-to-restore program, "Drive Vaccine" (also sold as a re-branded product called, "Baseline Shield,") will work fine IF the product is installed before any system encryption.
     
    Last edited: Jan 24, 2012
  12. Technical

    Technical Registered Member

    Joined:
    Oct 12, 2003
    Posts:
    471
    Location:
    Brazil
    We're thinking the same. Sorry if I expressed it in a dubious way.
    Toolwiz is another tool that would be compatible with TC.
     
  13. Foxi352

    Foxi352 Registered Member

    Joined:
    May 18, 2012
    Posts:
    1
    Location:
    Luxembourg
    Hi LockBox !

    I read your thread here with a lot of interest as i am actually confronted with this problem. I am currently preparing laptops that go to humanitarian missions all over the world. We use Drive Vaccine for easy recovery once agents come back home with their laptops. That is far easier and quicker than an image restore. Beside that, there are SSD drives inside, so this is better for drive life.

    Now i want to drive encrypt these laptops with truecrypt PBA. Drive Vaccine is installed (only manual recovery, not recovery on every boot) and already working.

    Everything seems fine, but Truecrypt Pre Boot Test fails. The laptop reboots and asks for password, it then boot windows as it should. But then truecrypt tells me the pre boot test failed. No way to get over this and start encryption.

    Do you have any idea what i could be missing in the procedure you described ?

    Cheers,

    Serge

     
Loading...
Thread Status:
Not open for further replies.