6
1
A couple of times now I have imaged a truecrypt system partition in windows. When the system has crashed on me I've attempted to recover the system only for truecrypt to not boot the recovered system. Has anyone successfully backed-up and restored a system truecrypt partition?
nobody
Posted 2011-07-19T01:36:09.123
Reputation: 83
3
You can backup and restore a TrueCrypt system partition if you use imaging software that is capable of reading and writing in raw mode -- copying the whole partition byte for byte without regard to the underlying file system. You also need to back up the MBR (master boot record), and perhaps the data between the MBR and the first partition.
And you must not image it when running Windows, like with "hot running" image software such as Acronis TrueImage. You must boot from a separate disc (CD or external drive) with your imaging software and then take the image.
I used Clonezilla to back up and restore a Linux encrypted root partition and MBR; I don't see why it shouldn't also work with a TrueCrypt encrypted partition.
Sometimes the problem is only with the header of the TrueCrypt partition, and restoring just the header might solve the problem. TrueCrypt provides the ability to backup and restore the header (you'll need to boot with the TrueCrypt rescue disc or another Live CD to restore the header).
Which software did you use in your backup and restore attempts? I would recommend Parted Magic, which is a Live CD that contains disk imaging and partitioning utilities (including Clonezilla), and also includes TrueCrypt.
Mike Rowave
Posted 2011-07-19T01:36:09.123
Reputation: 1 835
I was able to get a truecrypted disk-to-disk copy working using Parted Magic. The Clonezilla options I used were -e2, -j2, -ql and Use Partition Table. Afterwards I had to use the Truecrypt rescue disc to restore both the boot loader AND key data. It took over 15 (!) hours to clone a 160 GB drive. I suspect that if I'd had a 500 GB drive, it would have been much, much faster to just reinstall Windows and all my software. – mhenry1384 – 2011-09-20T00:56:42.757
15 hours for 160 GB is an unusually long time. Were you cloning over the network? – Mike Rowave – 2011-09-20T01:33:09.013
Disk cloning of large encrypted drives is time consuming whether it is 2 hours or 15 hours, especially because the cloning software can't skip over the empty space. What I do to minimize that is keep the system partition fairly small like 20GB, then use a huge separate partition (also encrypted) for everything else. So when I have to clone/restore after a crash, it's just 20GB and I'm up and running in an 1 hour. If I'm lucky the extra big partition is still accessible without any rescue operation necessary, otherwise I can just copy back the files from an external backup drive. – Mike Rowave – 2011-09-20T01:36:03.190
I just used Clonezilla and it worked just fine and very fast. Between two SSDs, I got >11GB/s. I used the expert mode but used the default choices, and my new SSD booted just fine. The only thing I need to do now is to expand the partition on the new disk. – northben – 2013-08-23T01:29:01.890
1
I have had many successes at cloning TrueCrypt encrypted system volumes. If you clone outside of Windows and make an exact clone (cloning MBR, partition table, and partitions WITHOUT any resizing or re-arranging of partitions) all should work as expected.
That said, I've also had one (repeated) failure which I was wasn't able to explain. Maybe it was the software I was using that time versus the software I used in on the other occasions (I failed to clone with Acronis Disk Director, latest version as of 8/15/2012, I don't recall which software I was successful with).
Quinxy von Besiex
Posted 2011-07-19T01:36:09.123
Reputation: 121
Not while encrypted, no. – None – 2011-07-19T04:56:18.660
so then truecrypt essentially prevents anyone from imaging a drive and investigating it lively? – nobody – 2011-07-19T05:00:55.260
Effectively, yes. It also allows the partition within a partition which makes a good dummy if someone gets hold of the first password. – None – 2011-07-19T20:08:14.267