Encrypted Drive, Acronis TI9, SecureDoc, if anyone interested

To All -
I have been testing (over past year or so), how to reliably encrypt my hard drive, and also enable recovery of this in a disaster.
Encryption poses its own problems, if the FULL drive is encrypted (more secure to me than just encrypting partitions, due to the protection of encryption of all sectors, swap file spaces, operating system bootup, etc)
and this poses problems for backup.
Backup of a FILE that is encrypted is easy; file is backed up as is, and can be opened with its unique key.
Backup of DRIVE that is encrypted is difficult; backup utility must get sectors correct, despite not seeing data.

I welcome ANYONE to enter this discussion; I am posting my results, tests, etc; I've started a similar thread before, then gave up due to lack of others' interest, and lack of time to test.
BUT, with new acronis TI 9 (3567 and above),and ability to back up individual partitions that ALSO include the MBR, I started to pursue this again.
I'm passing these results to both this forum, and to SecureDoc, as my tests seem to indicate a reliable method of backup. AGAIN, I'm only one person, testing, and I can't guarantee these results, but any help on this is appreciated.


Testing of
Acronis TrueImage 9 Home
SecureDoc Encrypted drives

Testing Multi-partition drive
40g, Seagate, C: NTFS (XP operating system), D: NTFS data, E: NTFS data

Goal -
to be able to back up the ENCRYPTED drive, either as encrypted/unencrypted, to enable Data Recovery for emergencies.

Backup can be done, from windows, as FILE MODE, when drive has been booted up, ; either using any windows backup program, and also Acronis TI9.

BUT, problem has been how to back up an IMAGE of any/all partitions, and copy these images to another drive, and boot that drive, for disaster recovery.

PROBLEM -
SecureDoc disk is encrypted. When backing up partition, it takes up lots of space, as Acronis sees it as unrecognizable data, and does sector-by-sector backup (This is GOOD, if able to be done, but just problematic with size)
SO, if C: is small (xp partition), but D: and E: are large, doing the full backup takes up lots of space.

SOLUTION - (Partial) Acronis TI 9 (3567 and above) enable INDIVIDUAL partition backups that ALSO include the MBR (critical). SO, I caan attempt to back up C: (image), WITH the MBR; and then do D: and E:, as FILE backup (thus shrinking their backup size)

CONCERN -
with the encryption, question whether this can be recovered, etc, and rebuilt; I've been testing this in the past, with mixed results.

PROBLEM (for both encrypted and unencrypted drives) with IMAGES - especially c: (operating system) partition. we are assuming that the drive will fail (usually happens that way) and we are then going to recover the image to a new drive, for SAME machine. BUT, if MACHINE fails, then IMAGE has less usefullness, because no easy way in ANY recovery to transfer this DISK (or its image) to a NEW DIFFERENT machine

PARTIAL SOLUTION - IMAGE backup of C:, if drive was unencrypted, can have files extracted. BUT, if an ENCRYPTED drive (and image), then image can NOT be mounted and viewed; but you could do an associated FILE backup of the C: drive

OK, those aresome of the items that I considered in my testing.

Software/equipment
Acronis TrueImage TI9 (3567)
secureDoc diskEncryption
Testing Multi-partition drive
40g, Seagate, C: NTFS (XP operating system), D: NTFS data, E: NTFS data, all encrypted (full drive encryption)
60g IBM, empty drive
disk wiping software

Booted, got secureDoc key/password entry; entered it, selected <F8>, which allows CD boot after encryption authentication.
Booted the Acronis TI9 disk
Did backup of C: partition (which included MBR)
Acronis sees that there is a partition, but does not recognize what it contains, or what type it is. It tells me that it will need to do a sector by sector backup.
I do the backup to an image

I REMOVE the 40g drive, insert the 60g drive, wipe it with '0' disk wipe.
I boot with acronis TI9, and restore to the 60g, the C: partition and the MBR

I boot the 60g drive
it tells me that "SecCode Not Found" (a SecureDoc message)

I boot with an emergency boot disk of SecDoc, that has the MBR of 40g on it.
I start the SDEMGREC.exe program (MBR recovery program)
Tells me that partition is different on disk than on CD - I type "I AGREE"
tells me "opening Diskette error - continue
tells me "fail to backup MBR, continue = I answer "y"
tells me "ready to replace MBR disk 1 - proceed - I select OK

Asks me "automatically replace SecDoc space in HD with contents of
Emergency Disk (not sure what this means), - I select "no"

tells me "sector 0 data on HD is dffernt from backup, continue? I select "A"ll
it goes through this, repeating that message, from sector 0 to about sector 500, about 3 passes
NOT SURE what it was doing
It then says it is complete.

I then BOOT
It boots to the SecDoc key, and password - I enter it
It then boots into WINDOWS XP, with a working C: drive !

SO, what have I done?

It appears that I WAS able to BACK up my C: image, as an ENCRYPTED image, along with the MBR
AND, then RECOVER it to a DIFFERENT drive, as the C: and MBR,and then load the SecureDoc MBR control,
AND have it boot.

To load D: and E: (prior backed up as files), I could have unencrypted the drive, repartitioned the D: and E: on that drive, added the files, then re-encrypted everything; this would have let me recover from disaster;


To me, one of the hinderances of Encryption is ability to restore a working disk in event of disaster. The above results, if I can get them reproduced, seem to indicate this is possible.
AND, DATA as noted before can be backed up as FILE method (more easily restored)

Any feedback from anyone on this, further testing, etc, is appreciated.
Nick