Question about reinstalling Windows on hard disk with Truecrypt encrypted partition

Discussion in 'encryption problems' started by Peter4667, May 13, 2015.

  1. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    I have Windows 7 on my PC and the hard disk is divided on three partitions C,E,D. Partition E is encrypted with TrueCrypt. I want to reinstall windows but i have never done this so far when i have encrypted partition on my disk. I will reinstall Windows on C but i want to ask is it possible something to go wrong during the reinstall that could break the encryption on partition E? How do i prepare if something goes wrong to be able to fix it after this?
     
  2. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    Can someone help with advice? I am realty concern because i have important data on E drive.
     
  3. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    The first most obvious step is to backup the data on E (your encrypted partition). Even though the device based encryption on E covers the entire partition, it might be that the actual data on E is not that voluminous. You could/should mount the volume and copy the data to removable media to be sure. In fact, you should always backup your data since a hard drive failure could happen at any time. It would be trivial to re-encrypt that partition and copy the data back.

    Window's Installer is notorious for breaking device based encrypted volumes. I bet I have written over a hundred "fix it" posts at the TC forums while they were still running. For the future, find a good backup program Acronis, Macrium, etc... and create system disk backups for your C drive. You can write back flawless copies all day long without any of the fears the Windows Installer presents.

    Another option depending upon the size of your E is to copy out a sector based image of the partition and then copy it back if needed (about half the time the installer will break something).

    Not a know it all here; my opinion is that you will regret not making a backup if you use the raw installer with E on the platter as you describe. You need that backup anyway. I hear you being fearful of losing the data. What happens if the drive hardware fails tomorrow? Backup the data then you don't have to worry so much.
     
  4. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    Thanks, for the info. Unfortunately, i can't backup all data on E because i don't have a device where i can transfer all data but i have a backup of the most important files on it. I also made a backup of E drive volume header. Will report if i have some problems after the reinstall.

    About creating image of C drive with Acronis. Can i do this after encrypting C drive with TrueCrypt or i should do this before encrypting it?
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    You can create the backup either way and it'll be exactly the same. Macrium, Acronis, etc.. use smart/hot image, which means they will copy out the sectors used in clear/non-encrypted fashion to the media of your choice. You DO have the option for those programs to use their own encryption during the write out to your media. One clear advantage is that you will only write out the space used, so 25 Gig used on a 100 Gig system disk means 25 Gig to write out (not including adjustments for compression and/or software encryption employed). Make sure to enable copying the MBR/boot section at the same time. Its a click feature on both of those products.

    Should you have to restore; the image written back will be plain text and then you simply re-encrypt the system disk and create a new rescue disk. Easy as pie! When I moved to 7 a few years ago I switched over to Macrium Pro but I do know that Acronis works too. I can and do re-write system disks with ZERO concern about messing up my other encrypted volume partitions.
     
  6. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    I will use Acronis True Image to create a image of the system drive after reinstalling Windows without first encrypting it. I will just encrypt the system drive after restoring it from a image. I don't have much sensitive data on the system drive anyway, almost all of my software is portable and it is on other drives.
     
    Last edited: May 16, 2015
  7. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Good luck. Once you master the process you'll find it simple in fact. The only scary part is the first time you "acid test" the process by needing to do a full system disk re-write.
     
  8. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    I reinstalled Windows and after this encrypted the system partition and i didn't have serious problems. I don't like how Truecrypt is forcing you to burn the rescue disk but i found a way around this because my cd drive is not functional and i couldn't burn it. Is it ok to disable Truecrypt background service and leave to Windows to dismount the encrypted volumes on shutdown?

    I have a question about securing the data on hard disk that i don't need any more but i don't want anyone to have access to the data on it, no matter if it is deleted files or not deleted files. Is it ok to encrypt the whole disk with Truectypt instead of wiping it with programs like DNBK, considering that the password is unbreakable?
     
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Let me simply caution you in strong terms about using the over ride flag command to encrypt the system disk BUT not burn the rescue disk. At the very least you will see that TC creates a rescue disk image that you should save somewhere on different media. If memory serves me correctly it is under 2 meg, but is a lifesaver when things break. You can take that image to another machine and burn a rescue disk when needed. If you don't take the time then you'll simply live with the consequences down the road. After so many years I have stopped providing how to's for getting data back on no rescue disk, and no backup volume header threads.

    Your second question about data you don't need anymore: it would be OK to use TC but if you really don't need/want the data why not simply wipe it? No adversary can ask for a password to require recovery on a wiped surface because there is nothing to recover. IF you are going to encrypt the disk anyway then TC would be an acceptable risk for me (unless the old data is high threat) because the sectors are going to be encrypted. If the disk is going to be used "plain text" then wipe is ideally better.
     
  10. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    I used format.exe to bypass the burning of the disk, I started it with the command "format.exe /n". But it created the rescue disk and i copy it on usb drive. Does the rescue disk can fix only problems with the encrypted system drive or it can fix problems with other encrypted volumes on the hard disk?
    I have noticed that now Windows is starting a bit slower and i think that is because of the encryption.

    I created a image of the system drive with Acronis before encrypting it. Now, if i want to restore the image i don't need to decrypt the system drive first, correct?

    Also, is it a good idea to make a backup of the MBR sector with programs like HDhacker?
     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    You are correct -- you do NOT need to decrypt before writing the backup image to the system disk partition if you re-do it. Of course you will then need to encrypt again IF you want TC encryption in play.

    Regarding the MBR: another nice thing about the rescue disk image is that it contains the original MBR. Even after you encrypt the system disk, which installs the TC bootloader, you will always be able to restore the original MBR with the rescue disk image available. Keep the rescue image and you almost certainly won't regret it. Don't sweat the MBR. Restoring or rebuilding an MBR is child's play and tons of free software is around to accomplish the task.

    The TC rescue disk image is valid for the system disk, the original mbr, the TC bootloader restoration contents, and IF you make the mistake of encrypting the entire hard disk platter during encryption. My opinion based upon years of recovery assistance is do NOT encrypt the entire platter, just the system disk. Then and only then you can encrypt the remaining partitions to different volume keys/headers. If you read around you'll see why. Or just ask.
     
  12. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    Yes, first i was thinking to encrypt the whole disk but then i found that i will need to reinstall the systems partition sometimes and that may cause problems with the encryption. Now my hard disk is divided on four partitions and i encrypted each partition separately.

    I prefer my system partition to be not encrypted because my systems is performing better without encryption, but i still have some sensitive data on C drive even so 90% of my programs are portable and located on other drives. I could move the user folder with symlink to another drive but i can't move the registry and they have some sensitive information.
     
  13. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    Your performance observations are unusual. You need not get all technical with benchmarks and stuff, but do you really see a noticeable (gut feeling from being on the steering wheel of the machine) difference with TC encryption? I see zero in the sense I am asking. My machines run fast as can be with encryption. My 7 machines smoke but they are i7 late generation.

    BTW - you may not be worried about somebody like me BUT a forensic examination of your system disk would tell me more than almost anyone could imagine. So I am suggesting that unless the performance hit is strong, you would be wise to encrypt the system disk. This is just a suggestion based upon what I know your system disk logs would reveal during a "look see". My .02
     
  14. Peter4667

    Peter4667 Registered Member

    Joined:
    May 31, 2013
    Posts:
    30
    This are my system specification:

    OS Version: Microsoft Windows 7 Ultimate, Service Pack 1, 32 bit
    Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz, x64 Family 6 Model 15 Stepping 13
    Processor Count: 2
    RAM: 2038 Mb
    Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 384 Mb
    Motherboard: Intel Corporation, SANTA ROSA CRB


    It's an old Toshiba Satellite laptop and the hard disk is probably worn out already. I will get a more powerful one as soon as i can afford it.

    I can't say that there is a big slow down of the system performance, it's more like a feeling that the system is running slower, but it is bearable. I am concerned more about the security than the performance so i will leave my system partition encrypted.
     
  15. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,591
    That encryption sounds like a plan! Your machine specs look fine, while realizing its been around for awhile. Who cares if its a nice machine that works for you?

    Its been a long time since I have run 32 bit stuff. I have a few VM's for testing that are 32 bit. The rest (one old desktop excluded) windows and linux all use 64 bit. You are smart to stay with 32 bit on only 2 Gig of RAM, in fact your processor may not even work on 64 bit. I have an old desktop that I run linux on and the processor will not even allow an install of 64 bit. My other machines have 8-16 Gig of RAM allowing for extensive VM use.
     
  16. bernhardinjo

    bernhardinjo Registered Member

    Joined:
    Jul 23, 2015
    Posts:
    2
    Make sure to disconnect all encrypted hard drives except the one Windows goes on. That prevents the Windows setup to rewrite the header of the encrypted drives, which it otherwise does as it can't recognize them obviously. Had that scenario the first time I set up Windows 8, the second hard drive was not mountable afterwards. If you have a header backup you can restore that and it's fine again. Last time I set up my new pc I just disconnected the encrypted drive and reconnected it after setup was finished. Worked fine.
     
Loading...