Encryption, Hard drive, Backup, Testing, Success

Discussion in 'Acronis True Image Product Line' started by aoz, Feb 11, 2006.

Thread Status:
Not open for further replies.
  1. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    To Winmagic Support, Acronis support
    I am (and have been ) testing how to achieve an EASY backup of an encrypted drive. After many many months, I had what appears to be success. If you can review the results below, and provide feedback, it would be appreciated.
    To ALL - (posted to Acronis TrueImage forum)
    Here are my test results (again, MY results, no guarantees). Any feedback, comments, etc, are appreciated.

    Here are some testing results.

    Goal - To be able to have encrypted hard drive (full encryption);
    To be able to have EASY backup mechanism (even if backup is unenctypted) (can be stored in locked vault)
    To be able to RECOVER from that backup if the hard drive blew up (even if initial recovery is to an unencrypted drive, as it could be re-encrypted)

    SUCCESS has been achieved (I think, at least from initial tests), after MANY MONTHS of testing (I WILL test this more, and other co-testers would be welcomed)

    Software –
    Acronis TrueImage version 9 (2337) - using FILE method of backup (NOT partition)
    WinMagic’s SecureDoc (tested with 3.9 or 4, and now testing the 4.1 after re-install)

    Windows XP with spare 40-gig hard drive

    -Drive was encrypted fully (SecureDoc encrypts whole drive, cannot even be accessed from DOS without password)
    -C: drive approx 4 gig used space
    -Booted up the encrypted drive, into Windows XP
    -Started TrueImage 9-2337 , IN WINDOWS, in FILE mode, across network, to network drive, backed up full C: system.

    ---------------------------------------------------
    -(The GOAL of this is to do an EASY backup, from WITHIN windows, AND to INCLUDE the system-state files, such as registry, etc. Up to now, the problem has been that you could NOT do a partition backup of the encrypted drive, from WITHIN windows; it needed to be in DOS mode;
    AND, when TRYING to do the partition backup, from a DOS or rescue disk bootup mode, the newer bootup sequences of partition backup software were not very compatible with the drive encryption (from MY experience) and would not let ME clone the partition)

    -From some of my posts on this forum, to Acronis, regarding the FILE method, they did indicate (but NOT guarantee) that the FILE mechanism, from WITHIN windows, should (PROBABLY, again not guaranteed) backup the system state files.
    ------------------------------------------------------

    OK, backup was done. Continuing…
    -took 40-gig drive, Deleted the partition (tried PQ-Magic, Acronis Disk director, etc), but initial attempts seemed to leave the MBR info intact (needed to clean this off, have essentialy a NEW drive to simulate disaster). Finally deleted all partition info, and did a WIPE (actually not a full wipe; but enough to wipe out first several sectors
    -Used Acronis Disk Director, recreated partition, PRIMARY, NTFS, approx. the same size as prior partition,
    -tried to REBOOT this CLEAN partition; it then came up to “NTLDR not found”; this told me that I now did not have encryption on the drive in the MBR
    -Booted with TrueImage 9-2337, restored ALL FILES from their original location (from the network backup), ONTO their ORIGINAL location (NEW, CLEAN, 40-gig drive)
    -RE-BOOTED the NEW CLEAN drive. SUCCESS !! It booted up, did NOT ask for encryption password, and booted up to Windows XP.
    -I tried to do a file COMPARE (binary) against the original backup files, BUT, UNFORTUNATELY, you cannot MOUNT those images since they are not a partition. SO, I cannot guarantee that all files came across correctly (but I may restore them to another location later, and do a compare….)
    -MORE IMPORTANTLY, the SecureDoc program, which exists STILL in the Startup routines, DID come up as expected, BUT did NOT cause any havoc; it just recognized that the drive was NOT encrypted, and warned me to ENCRYPT the hard drive, but did not do any automatic routine to do this, which IS GOOD; this lets me do it at my own discretion and at least test out the restored backup to ensure its integrity.

    For FURTHER testing, I have UNINSTALLED the older secureDoc software, and am installing the newest version and will RE-TEST as above,and then at some point do a binary compare of files.

    BUT, if ALL the ABOVE works, (and, again, further testing is needed), it allows a method to
    -SECURELY ENCRYPT a hard drive (notebook computer, for travel
    -MORE EASILY BACKUP this drive (from WITHIN windows, not needing a DOS bootup backup sequence)
    -be able to RESTORE this backup to a new drive (several steps needed, but CAN be done) from the FILE-based backup

    AGAIN, DISCLAIMER, THESE ARE JUST MY TEST RESULTS, NOT SUBJECT TO GUARANTEE, DO ANY OF THE ABOVE AT YOUR OWN RISK, ETC, ETC, ETC..
    BUT, IF YOU WISH TO TEST THE ABOVE, YOUR RESPONSES/FEEDBACK ARE APPRECIATED

    NICK
     
  2. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello NICK,

    Thank you for choosing Acronis Disk Backup Software.

    Sharing your experience is very much appreciated.

    If you have any further experience to share, please feel free to post it on this forum.

    Thank you.
    --
    Kirill Omelchenko
     
  3. beenthereb4

    beenthereb4 Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    568
    Interesting and nice post! Something does not compute for me. If you really cleaned the drive, you should have gotten "Operating System Not Found" at this point, I think.
     
  4. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    true; I may have actually gotten that at one point,but since I had done the FILE backup, I needed a partition to restore to, so I had used DiskDirector to create an NTFS partition.
    Thus (I assume) it tried to boot from that clean NTFS (since no files in it) and gave me the NTLDR error

    I have REPEATED that scenario, again with success; again, the one true test will be to restore this, and ALSO restore the files to a different directory that is a non-operating-system site, and then do a compare of files

    Again, anyone with some spare time on their hands, wanting to test out the above, withhn an encrypted drive, feedback is apreciated...
    Nick
     
Thread Status:
Not open for further replies.