Is there a workaround for backing-Up a HDD with Full Disk Encryption?

Discussion in 'Acronis True Image Product Line' started by Cam06, Jul 21, 2006.

Thread Status:
Not open for further replies.
  1. Cam06

    Cam06 Registered Member

    Joined:
    Jul 21, 2006
    Posts:
    3
    Greetings!

    I use PGP's Whole Disk Encryption feature to secure my HDD. This essentially encrypts every sector of the hard drive. I presume (i dont know much about TI i just purchased it) that when backing up I can't use the 'image' function (since the hdd is encrypted at a sector level).

    Can I instead just use the 'Files and Folders' option and just select the "C:\" without having to decrypt the entire drive and still get a complete backup of my HDD? Will this work? What are the downsides of this option (e.g. will the backup image be HUGE etc.)? How would the recovery processs work?

    I would appreciate an input or workaround advice :)
     
  2. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Welcome, Cam06.

    Neither Acronis True Image nor any other imaging program should need to decrypt your hard drive. An imaging program simply copies a bunch of 1s and 0s.

    Since ATI will store all of the bits on your hard drive when imaging, that will include your files' security information, whether encrypted or not.

    In files/folders backup, you can select the option "In archives, store encrypted files in decrypted state" whereupon the files will be decrypted for the image file so that anybody can access them. I f you don't want this to happen, verify that it's unchecked either by default or for a given imaging session. Not certain if it works that way with PGP whole disk,

    Anyways, as long as you image the ENTIRE physical disk, it can be restored regardless of the file system, encrypted or not
     
  3. writedom

    writedom Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    57
    If you copy a PGP WDE drive the backup will be the same size as your entire hard drive. (Random data cannot be compressed)

    This is not a recommended procedure!!!!!!!

    Decrypt first and then image

    Ghost 10 supports encrypting created images.

    Hopefully ATI will include encryption options soon
     
  4. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi crofttk,

    That's what I thought too, a drive/partition image is a drive/partition image, right?
    But it seems this may not be the case with all FDE programs.
    They sit in the MBR and may cause problems with imaging programs.
    It would be best to get more info from the companies directly involved (PGP and Acronis) or people who have actually used both together to learn of compatibility issues.

    I just learned this here
     
  5. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    Why not ?
     
  6. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    writedom,

    Ghost can encrypt images on a normal drive.

    But can Ghost 10 successfully backup and restore the OS partition and drive that is using PGP WDE if the Ghost image is not compressed?
    What if the image is compressed?
     
  7. crofttk

    crofttk Registered Member

    Joined:
    May 15, 2004
    Posts:
    1,976
    Location:
    Eastern PA, USA
    That's precisely why I put an emphasis in my post on imaging the ENTIRE physical disk. If you elect that option, ATI WILL image and restore the MBR, partition table, EVERYTHING, regardless of format, byte-for-byte. If it's a file system ATI recognizes, it won't image the unoccupied sectors, if not, you will have a larger TRUE byte-for-byte image that includes all sectors, regardless of content.

    Either one has the storage space available for this or they don't. If OP hasn't stated how much storage they have for images, I'm not aware of any reason to NOT recommend doing this -- that's why I asked writedom "why not".
     
  8. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    cam06
    search for my threads on backing up encrypted drives (which unfortunately did not get many other responders)

    Acronis option of storing encrypted files in decrypted state does not apply to your scenario.

    You are looking to back up a full encrypted drive. Acronis normally looks at a drive, in a file structure (from what I understand), and does a backup utilizing some of this structure, to create the image.

    For an ENCRYPTED drive, acronis cannot see any file structure. SO, it then decides to do a full sector-by-sector backup. THEORETICALLY, if this is done correctly, and you then recover that image to a new drive, and boot from it, it should THEORETICALLY restore your original drive setup, to boot from .

    My personal tests have involved Acronis (from version 8, to latest version), and SsecureDoc (winMagic), from version 3.8, to their version 4.2

    I am working with one of their tech's on this, to RELIABLY restore my encrypted drives, and show that a reliable protocol can exist.
    His personal experience is that Acronis does work.
    My personal experience (with prior SecureDoc versions) was that errors happened.
    BUT, acronis, since it included in the latest 9.x versions, the MBR-0 ability, seem to possibly have it correct, now.

    My latest test was to
    1. back up an encrypted drive to an image
    2. Recovedr that image to a new drive
    3. BOOT, on the same machine, from that drive. (after entering encryption key)

    ALSO, I was able to take that machine, boot from the original drive, AND also see the contents of hte RECOVERED NEW drive, when it was hooked up as a USB drive (all this assuming that I entered the correct initial key/password)

    BUT, on my MACHINE #2, 2nd test machine, I've been having some glitches,but getting them worked out.

    WITH PGP, I'm not sure what results you will get. BUT, if you are a willing tester, your experience could help us all.
    ACRONIS could help with this, in its backup methods, to actually HAVE an option that allows to SELECT BACKUP SECTOR BY SECTOR, ALLL sectors, of a partition. This way, it is a more reliable assurance that a partition you KNOW to be encrypted gets a full sector-by-sector backukp.

    Any other feeedback, testing, etc., is appreciated.
    Again, please search for my prior threads on encryption; I have detailed some of my prior testing, and progress

    Nick
     
  9. Acronis Support

    Acronis Support Acronis Support Staff

    Joined:
    Apr 28, 2004
    Posts:
    25,885
    Hello Cam06,

    Thank you for using Acronis True Image http://www.acronis.com/homecomputing/products/trueimage/

    Please note, that if you boot form Acronis Bootable Rescue Media you will be able to backup your encrypted drive but only in sector-by-sector mode. It will require the same amount of space on the destination drive.

    We advice you to decrypt your drive (it will take form 3 to 7 hours depending on the size of the drive), back it up and then encrypt it if you need.

    Thank you.
    --
    Fedor Kurbatov
     
  10. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    Re: Is there a workaround -Acronis, we need a reliable method

    to acronis,
    I'm sorry to be blunt, but your reply to this is not adequate.
    We need a RELIABLE way to back up ENCRYPTED drives, even if sector-by-sector.
    I am a physician. I need security of encryption, AND reliability of RECOVERABILITY.
    Despite my curent testing, the methods are still not well documented, or totally reliable.
    You and other companies must work toward this.
    We need data security, and EASE of backup and recoverability.

    Example -
    I ahve a tablet PC. It takes half a day to ENCRYPT the drive !. Your reply tells me to take another half a day to decrypt it, then do a backup, then re-encrypt it.
    that really isn't practical. The sector-by-sector method DOES seem to work for me in INTERMITTENT successful modes (I use SecureDoc for encryption), and I think they are working to document this better.

    You have GREAT PRODUCTS ! But PLEASE be aware of the increasing need for data security, in portable machines, and please help us end-users to have a product that can help US keep data secure, by making it easy to reliably back this up.

    Please don't take this email as a nasty one; take it as a reflection of what is needed in this market. And if you are able to provide this, Ithink this opens up a wider market for you.

    thanks
    Nick
     
  11. werne

    werne Registered Member

    Joined:
    Dec 29, 2003
    Posts:
    102
    Doc,

    You've got the right product as Acronis will reliably backup your encrypted hard drive. The limitations inherent to the product that people have mentioned in this thread are mostly due to operating system and file system restrictions that will be a function of any backup product that you choose. If it was me in your situation, this is what I would do:

    1. As Acronis suggested, use the Bootable rescue media to backup your hard drive. This will result in an exact duplicate of that hard drive.

    2. Since the hard drive is encrypted, Acronis will not detect a recognizable Operating system on the hard drive and will do a sector by sector backup. This means that the size of the backup will not be compressed and will be the same size as the original.

    3. Number 2 shouldn't be a problem. You can buy internal and external hard drives of tremendous size. Depending on the size of your hard drive that you are backing up you can either buy an external hard drive large enough in an already configured kit or buy an external enclosure for any hard drive on the market. You are not limited to USB or Firewire; as the fastest way would be to get a SATA card for the computer (one with an external SATA connector) and a SATA enclosure with of course a large SATA hard drive. Get the latest SATA II with 3.0 Gb/s capability (yes for your purists out there I know that the computer's bus is saturated with data at the present but at least this will improve HD burst capability and allows use of these drives in some future enhanced motherboards). Look at the new perpendicular hard drives by Seagate sold on newegg.com.

    4. Backup your encrypted drive to either another hard drive on the same computer and/or an external hard drive of sufficient size. You could also backup to an internal hard drive and later copy the *.tib file to an external hard drive for off site storage and or depending on the size of the *.tib file copy it to a double layer DVD or DVDs for storage.

    To reiterate: While most of the comments you have received are related to the size of the backed up file, I don't think that should be problem because of the relatively low cost of huge hard drives available today on the market. As long as Acronis supports the hardware that you are using, I have found Acronis to be absolutely reliable in backing up a hard drive. Reliability has nothing to do with whether your hard drive is encrypted or not. You want to backup your encrypted hard drive as is and you can - reliably with the present state of technology at a relatively low cost.
    I highly recommend the external drive solution as it can be stored off site and if your computer is burned up, blow up, or otherwise totally destroyed; all you would need would be your Acronis rescue media CD or USB device (just get a cheap 256 MB Flash USB device for this purpose), the external hard drive with your *.tib files, and the new PC that you rushed out to buy, and you would be back in business in a very short time.
     
  12. seekforever

    seekforever Registered Member

    Joined:
    Oct 31, 2005
    Posts:
    4,751
    Another method, given the large amounts of data, is XPilot's method of using drive caddies to mount a swappable "internal" drive; it is an great solution for this problem. High reliability, high speed and removable/relocatable as well.

    Since this is business application, I would think spending a few bucks on a set of drives for making rotating backups should not be out of the question.

    See:
    https://www.wilderssecurity.com/showthread.php?t=136754
     
  13. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    thanks for replies.

    I currently do any/all of the above, and have been working with SecureDoc to improve the reliabilty of the encryption with the backups.

    I have 8 hard drives; 3 in exernal boxes, 5 in removable drawsers; one test system that can boot from the drive caddies (drawers); one tablet PC (not encrypted yet), one main system which is encrypted and is being run real-time.

    One NEAT thing with acronis and SecureDoc, if testing holds up, is that, with a Multi-partition hard drive (MBR-0, c: d: e:, where d: and e: are data), I can backup MBR-0, and c:, to an image; and RECOVER from it and get a bootable drive with just that partition, even though the original had d: and e: on it.
    THEN, I could also do an image backup of d: and e:, as FILE-based (rather than actual image), from WITHIN windows (since it is not the operating system), and thus,for disasters, be able to recover from incremental data backups, etc.

    BUT, also as noted,for true security, I could get a same-size drive, and back up to that, for more immediate disaster recovery (
    the caveat being that all these backups should be locked up in the safe, as they are secure data .

    Again, with the latest versions of Acronis and SecureDoc, things seem to be operating more reliably; in fact, I am currently (this minute, in fact) doing an image recovery of c: and MBR-0, to try and boot from the recovered image, on the real-time machine. Thyis machine was being finicky;; it would NOT boot from a recent recovered image, although that same recovered image worked in an external USB box. these are the bugs that need worked out, cleaned up.

    I will keep testing.
    Other feedbck is appreciated.
    Nick
     
  14. Cam06

    Cam06 Registered Member

    Joined:
    Jul 21, 2006
    Posts:
    3
    This thread has got to technical for me to comprehend :blink:

    But from what I do understand -

    I can perform a backup by creating a Acronis Image bootable CD and going through the backup process by booting from the CD? The downside is that I have to have a backup purchase a backup source that is atleast the same size of my HDD (60GB)?

    Many Thanks for everyone's contribution in this thread :)
     
  15. werne

    werne Registered Member

    Joined:
    Dec 29, 2003
    Posts:
    102
    [FONT=&quot]Succinctly[/FONT], YES.
     
  16. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    you are correct.
    AND, that is why I pursue testing of this, with both acronis and SecureDoc, to try to get them both to understand the need to make this slightly more simple.
    Because, otherwise, when it involves extra steps, you get the scenario of data being stolen from the VA, notebook PC's being stolen with identity data of thousands of people on it, etc.

    The simpler that both encryption and its subsequent restoration become, the more people might use it.
    And, being in the Medical field,I NEED it.

    AND, all of you, being in the patients/consumers/financial CUSTOMERS, NEED it

    AND, if it involves more than a couple steps to do ,it won't get done..... :(



    Nick
     
  17. aoz

    aoz Registered Member

    Joined:
    Jun 8, 2005
    Posts:
    223
    AND, if you want to see what I mean, look at my prior post.
    I could CARE LESS about emoticons.
    At the end of my note, I added a ":" and a "(" to indicate a frown. I don't mind typing, and I don't want to include fancy faces, etc.

    BUT, this forum is IDIOT-proof- It read my mind, and AUTOMATICALLY included the frowny face.

    I don't CARE about frowny faces; but since it is done AUTOMATICALLY, I'm not going to take the time to remove it.

    SO, by same token, if Encryption, Recovery, etc., were super-simple for the everyday user...... EVERYONE would have it !

    Nick
     
  18. smartenup

    smartenup Registered Member

    Joined:
    Sep 25, 2006
    Posts:
    3
    If I back up my drype crypt plus pack encrypted drive to DVD it will be backed up on a by sector basis.

    So if only DVD is scratched and becomes unusable afterwards, the entire backup is junk? Is that correct?
     
Thread Status:
Not open for further replies.