Encrypted Drive, Acronis TI9, SecureDoc, if anyone interested

Discussion in 'Acronis True Image Product Line' started by aoz, May 11, 2006.

Thread Status:
Not open for further replies.
  1. aoz

    aoz Registered Member

    Jun 8, 2005
    To All -
    I have been testing (over past year or so), how to reliably encrypt my hard drive, and also enable recovery of this in a disaster.
    Encryption poses its own problems, if the FULL drive is encrypted (more secure to me than just encrypting partitions, due to the protection of encryption of all sectors, swap file spaces, operating system bootup, etc)
    and this poses problems for backup.
    Backup of a FILE that is encrypted is easy; file is backed up as is, and can be opened with its unique key.
    Backup of DRIVE that is encrypted is difficult; backup utility must get sectors correct, despite not seeing data.

    I welcome ANYONE to enter this discussion; I am posting my results, tests, etc; I've started a similar thread before, then gave up due to lack of others' interest, and lack of time to test.
    BUT, with new acronis TI 9 (3567 and above),and ability to back up individual partitions that ALSO include the MBR, I started to pursue this again.
    I'm passing these results to both this forum, and to SecureDoc, as my tests seem to indicate a reliable method of backup. AGAIN, I'm only one person, testing, and I can't guarantee these results, but any help on this is appreciated.

    Testing of
    Acronis TrueImage 9 Home
    SecureDoc Encrypted drives

    Testing Multi-partition drive
    40g, Seagate, C: NTFS (XP operating system), D: NTFS data, E: NTFS data

    Goal -
    to be able to back up the ENCRYPTED drive, either as encrypted/unencrypted, to enable Data Recovery for emergencies.

    Backup can be done, from windows, as FILE MODE, when drive has been booted up, ; either using any windows backup program, and also Acronis TI9.

    BUT, problem has been how to back up an IMAGE of any/all partitions, and copy these images to another drive, and boot that drive, for disaster recovery.

    SecureDoc disk is encrypted. When backing up partition, it takes up lots of space, as Acronis sees it as unrecognizable data, and does sector-by-sector backup (This is GOOD, if able to be done, but just problematic with size)
    SO, if C: is small (xp partition), but D: and E: are large, doing the full backup takes up lots of space.

    SOLUTION - (Partial) Acronis TI 9 (3567 and above) enable INDIVIDUAL partition backups that ALSO include the MBR (critical). SO, I caan attempt to back up C: (image), WITH the MBR; and then do D: and E:, as FILE backup (thus shrinking their backup size)

    with the encryption, question whether this can be recovered, etc, and rebuilt; I've been testing this in the past, with mixed results.

    PROBLEM (for both encrypted and unencrypted drives) with IMAGES - especially c: (operating system) partition. we are assuming that the drive will fail (usually happens that way) and we are then going to recover the image to a new drive, for SAME machine. BUT, if MACHINE fails, then IMAGE has less usefullness, because no easy way in ANY recovery to transfer this DISK (or its image) to a NEW DIFFERENT machine

    PARTIAL SOLUTION - IMAGE backup of C:, if drive was unencrypted, can have files extracted. BUT, if an ENCRYPTED drive (and image), then image can NOT be mounted and viewed; but you could do an associated FILE backup of the C: drive

    OK, those aresome of the items that I considered in my testing.

    Acronis TrueImage TI9 (3567)
    secureDoc diskEncryption
    Testing Multi-partition drive
    40g, Seagate, C: NTFS (XP operating system), D: NTFS data, E: NTFS data, all encrypted (full drive encryption)
    60g IBM, empty drive
    disk wiping software

    Booted, got secureDoc key/password entry; entered it, selected <F8>, which allows CD boot after encryption authentication.
    Booted the Acronis TI9 disk
    Did backup of C: partition (which included MBR)
    Acronis sees that there is a partition, but does not recognize what it contains, or what type it is. It tells me that it will need to do a sector by sector backup.
    I do the backup to an image

    I REMOVE the 40g drive, insert the 60g drive, wipe it with '0' disk wipe.
    I boot with acronis TI9, and restore to the 60g, the C: partition and the MBR

    I boot the 60g drive
    it tells me that "SecCode Not Found" (a SecureDoc message)

    I boot with an emergency boot disk of SecDoc, that has the MBR of 40g on it.
    I start the SDEMGREC.exe program (MBR recovery program)
    Tells me that partition is different on disk than on CD - I type "I AGREE"
    tells me "opening Diskette error - continue
    tells me "fail to backup MBR, continue = I answer "y"
    tells me "ready to replace MBR disk 1 - proceed - I select OK

    Asks me "automatically replace SecDoc space in HD with contents of
    Emergency Disk (not sure what this means), - I select "no"

    tells me "sector 0 data on HD is dffernt from backup, continue? I select "A"ll
    it goes through this, repeating that message, from sector 0 to about sector 500, about 3 passes
    NOT SURE what it was doing
    It then says it is complete.

    I then BOOT
    It boots to the SecDoc key, and password - I enter it
    It then boots into WINDOWS XP, with a working C: drive !

    SO, what have I done?

    It appears that I WAS able to BACK up my C: image, as an ENCRYPTED image, along with the MBR
    AND, then RECOVER it to a DIFFERENT drive, as the C: and MBR,and then load the SecureDoc MBR control,
    AND have it boot.

    To load D: and E: (prior backed up as files), I could have unencrypted the drive, repartitioned the D: and E: on that drive, added the files, then re-encrypted everything; this would have let me recover from disaster;

    To me, one of the hinderances of Encryption is ability to restore a working disk in event of disaster. The above results, if I can get them reproduced, seem to indicate this is possible.
    AND, DATA as noted before can be backed up as FILE method (more easily restored)

    Any feedback from anyone on this, further testing, etc, is appreciated.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.