Encryption revisited, backup works

Discussion in 'Acronis True Image Product Line' started by aoz, Nov 7, 2006.

Thread Status:
Not open for further replies.
  1. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    to all
    I've been working with encrypted drives, from SecureDoc (www.winmagic.com), and trying to find a way to back up the drive image, for prevention of disaster.
    since drive is encrypted, this has been problematic (see my prior threads)

    I've been working with WinMagic support on this, using SecureDoc, and Acronis TI version 9.

    I now think there is a reliable reproducible method to do this, relatively simple ! I will detail it slightly below, and can provide more info if people are interested.
    I have NO affiliiation with Acronis or winMagic. I just keep testing their products, as I think they are great !

    AND, this method, if others test it and it proves reliable, means that not just I, the small user, can encrypt his drive and protect it, BUT that those large data storage people who collect data on you (financial institutions, VA, banks, etc) - those who travel with portable laptops - SHOULD be REQUIRED to do so, since methods exist to easily encrypt their drives and recover them


    Method used
    1. encrypt drive, secureDoc

    2. Create image of c: (and D:, e:, etc) from within windows, using Acronis

    3. disaster strikes - drive blows up
    you can get a new drive, do an Fdisk /mbr from dos boot disk.
    then, recover from TrueImage c: image; just recover the C: (and d: and e:, etc) drive, NOT the MBR-0
    the image willl be recovered in an UNENCRYPTEd format; you can then re-encrypt it

    Also, that c: (and d: and e: images) can be MOUNTED and the files browsed, in the event that the main encrypted machine had some corrupted files.

    Again, if others are interested, we can review this more.

    If not, hopefuly this is of benefit to someone.
    Nick
     
  2. jaycee

    jaycee Registered Member

    Joined:
    Aug 24, 2006
    Posts:
    186
    OK,

    So i would advise you to password protect your TIB backup, that way you're still on the same idea...

    Ciao!

    Jaycee
     
  3. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    two options I use

    1. encrypt the external hard drive that is storing the image.
    a 2nd machine could read this encrypted drive (assuming it has the same keys as the original machine)

    2. an UNencrypted external drive stores the image, and that drive gets locked in a safe; I still add password protection, but I've been told that that is more easily broken

    thanks
    Nick
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Nick,

    Is this FDE (Full Drive Encryption) so the operating system is encrypted also?

    What are the specific settings you used to make the image in acronis?
    Did the backup include MBR-0?
    Or was that excluded because SecureDoc uses the MBR to perform the FDE and backing that up would cause issues?

    Why not recover the MBR-0?

    Can you create an encrypted partition on an external drive with secureDoc that you store the TIB file on so the backup would be encrypted also?
    When the main drive dies, you get a new replacement, what is the procedure/interaction between the Acronis recovery CD and the secureDoc boot disk, how does that work so you can restore from an encrypted backup?

    How has the reliability of secureDoc been for you?
    FDE (encrypting the OS) has in general so far appeared to be somewhat flaky from what I've seen.
     
  5. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    Hi Nick,

    >>>> Is this FDE (Full Drive Encryption) so the operating system is encrypted also?


    Yes, full drive encryption, including boot sector bootup.
    you cannot access files, without unencryption key



    >>>>>>>What are the specific settings you used to make the image in acronis?
    Did the backup include MBR-0?
    Or was that excluded because SecureDoc uses the MBR to perform the FDE and backing that up would cause issues?

    Acronis, just back up FULL drive (including MBR-0), from within windows. BUT, upon recovery, you will NOT recover MBR-0, just c:, d:, e:
    we TRIED to get a backup done from using the BOOT CD, but there are problems in authenticating the encryption. BUT, it can POSSIBLY be done, but there were problems with MBR-0 kept getting overwritten somehow. Not eithe hardware's fault; just a condition of encryption



    >>>Why not recover the MBR-0?

    It relates to the encryption. That WAS able to be done but we kept getting glitches.
    It is easier to recover c:, d:, etc., to a formatted/mbr'ed drive, and then re-encrypt.
    after all, this is for emergencies, and should hardly ever be needed.
    AND, since unencrypted, the image can be mounted as a virtual drive, and files extracted.
    (keep the backup drive lockede up in a safe....)



    >>>Can you create an encrypted partition on an external drive with secureDoc that you store the TIB file on so the backup would be encrypted also?
    YES

    >>>When the main drive dies, you get a new replacement, what is the procedure/interaction between the Acronis recovery CD and the secureDoc boot disk, how does that work so you can restore from an encrypted backup?

    THAT is the problem....
    two options. have a separate machine that has 2nd secure-doc license on it, encrypted with same keys/password, and then can read the encrypted drive.

    OR, just back up to unencrypted drive, and lock up the drive, which is what I do


    >>>How has the reliability of secureDoc been for you?
    FDE (encrypting the OS) has in general so far appeared to be somewhat flaky from what I've seen

    I have been using it for three years, I trust my notebook/tablet with it on, and I do a lot of work with it.
    I have a medical office.
    If my machine gets stolen, my data is not retrievable. I think it is a necessity for ANY tablet/notebook out there. Just look at what has been stolen/misplaced !!
    but, the reliabilithy has been good also; no use having a substandard product.

    Nick
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Thanks for your answers Nick.

    Not 100%, but I remember reading somewhere that Acronis could be put on a Bart PE CD.
    If secureDoc could also be put on that same CD, then that might be something to look into. One CD to mount FDE and restore the encrypted backup.

    I couldn't agree more!
    I think FDE AND backup software developers need to address the real need for easy to use secure encrypted backups that are FDE aware.
    If backup providers aren't up to the challenge of providing encrypted backups (Symantec Ghost 10 can but I don't know if it works with FDE), then FDE providers need to step up and provide encrypted backup solutions.
    Adding encrypted backups to an FDE product (or adding a separate encrypted backup product) should not be too difficult for FDE developers.
     
    Last edited: Nov 8, 2006
Thread Status:
Not open for further replies.