03-27-2011 09:17 PM
Because it carries sensitive data, I've encrypted my XP Pro laptop system with TrueCrypt. I also periodically back it up from the hard drive with Ghost 15. It has worked well until recently when I found it necessary to restore the system to a previous restore point using the Ghost 15 SRD. The restore succeeded, but I discovered that instead of writing the encrypted volume back to the hard drive, it wrote back the unencrypted contents, leaving only the TrueCrypt boot manager in place - i.e., instead of imaging the encrypted drive sector-by-sector, it had used TrueCrypt as an intermediary to image the original content. It still boots to the TC boot manager, but, without the envrypted volume, I now can bypass the TC boot manager and directly access XP. I also can reencrypt the system, but I wonder: is there is a way I can both generate and restore Ghost images of the encrypted system?
03-27-2011 09:51 PM
When your in Windows, TrueCrypt is providing "On the fly" encryption / unencryption of everything on the drive.
It becomes transparent to you, thats why everything you do and all the files and folders "look" normal.
So when you run Ghost inside windows, the same thing happens, TrueCrypt allows it to backup everything in it's unencrypted state.
But it's good to know that the image restore actually works, I never encrypted an entire operating system partition.
But it makes sense the only way to image it in it's encrypted state would be ouside of windows when TrueCrypt is not running. It's possible that you could do a cold image from the recovery disk and "Disable Smart Sector Copying"
You "May" get a working image but it's going to be as big as the entire partition. You couldn't let it skip "free space" because a space could easily be an encrypted bit of data. (if that makes any sense).
Personally I don't know if that would work, Ghost really isn't made for an accurate "forensic" copy of the drive and it would not even be able to access the master file table to see what the system thinks is being used.
The easy solutionn would be to let Ghost encrypt the image. You can set Ghost not only to password protect the image but to encrypt it as 128. 192, or even 256bit encryption.
256bit will get you pretty close to TrueCrypt's highest level and should be plenty strong if Symantec is implementing it correctly. I guess that would be the big question.
03-28-2011 05:23 PM
Many thanks for the quick reply. What you say about internal and external imaging makes good sense - particularly about the necessary size of the external image. The laptop HD is about 100GB, and, with pseudo-random data being essentially incompressable, even that small a drive would produce a pretty large image. So it looks like my best bet is to continue backing it up internally and, if a restore is again needed, just re-encrypt the disk and chalk it up to the cost of doing secure business :-).
Your suggetion of letting Ghost encrypt the image is one I didn't think about. It's a good one, but in this case it won't do what's needed. The main object of the excercise is to secure the lapotop contents when I travel. Backing up usually is done at home in a (relatively) secure environment. So there is less of a need to secure the backup image.
I probably will be getting a new laptop sometime this year, and I'm thinking about incluiding hardware encryption with the hard drive. I'm not yet familliar with exactly how the hardware excryption process works on those drives, but I'm hoping it will let me avoid the current problem.