Can Norton Ghost create compressed image on bitlocker drive in standby?

I am looking to employ Norton Ghost on a system with Bitlocker encryption configured. I found that while the drive is under active encryption, Ghost cannot compress the image, and must copy sector by sector.

I have also seen instances where people can get the following error "80004005 Pre-provisioning Bitlocker stage" when attempting to reimage the drive, but it looks like it is received while encryption is still enabled.

If I were to put Bitlocker into Suspend mode, could Ghost capture a compressed image of the drive that could be later used to re-image in case of failure? What risks are involved in this approach? And is it better to just take an image of the entire disk instead of trying to compress it?

iso_spitfire

Posted 2017-05-12T15:57:01.413

Reputation: 1

1I think you would need to have bitlocker off and decrypt the drive completely. As far as compression being "better", it's just a matter of speed vs storage size. If you compress it, it will take longer to restore and vice versa. – BrianC – 2017-05-12T16:14:06.430

Answers

From: BitLocker Frequently Asked Questions (FAQ)

What is the difference between suspending and decrypting BitLocker?

Decrypt completely removes BitLocker protection and fully decrypts the drive.

Suspend keeps the data encrypted but encrypts the BitLocker volume master key with a clear key. The clear key is a cryptographic key stored unencrypted and unprotected on the disk drive. By storing this key unencrypted, the Suspend option allows for changes or upgrades to the computer without the time and cost of decrypting and re-encrypting the entire drive. After the changes are made and BitLocker is again enabled, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade, the volume master key is changed, the protectors are updated to match and the clear key is erased.

As such Norton Ghost would need to be aware of how BitLocker works. If it is not it will still just see a bunch of encrypted data.

Seth

Posted 2017-05-12T15:57:01.413

Reputation: 7 657