Acronis True Image 2016, Win 7 and Truecrypt 7.1a Encrypted Drive Question
Is it possible to do a simple full disk backup using Acronis True Image 2016 on a Win 7 64 bit install that has been encrypted via Truecrypt 7.1a without being required to first decrypt the drive? I have read conflicting information on this so I would really appreciate a definitive answer, please. Any tips on pitfalls or special steps required would be appreciated. I do basic full backups each time versus incremental backups.
Thanks in advance.
Short answer is No. The drive must be un-encrypted for backup. The good news is that True Image offers it's own encryption of backup files done during the backup process and which can be set in the Backujp Options screen of the application GUI.
Doug,
In addition to the information provided by Steve and Enchantech, if you perform a restore operation of the entire backup, the drive will then become unencrypted. You would then have to encrypt the drive after completing the resore operation.
Thanks for the replies. I am still a bit unclear on the information you have given me but it might be because I didn't give enough information so I will try to first restate things.
When running my computer normally within Windows 7 using a hard drive that has been encrypted by Truecrypt and using Acronis (either 2014 or 2016), I want to be able to create a useable full hard drive backup. By full backup, I mean a file I can use to either pull individual files/directories out of or use the Acronis rescue disk to totally overwrite the drive and restore the entire drive to be exactly like it was at the point the backup was created. In the past, and I have been using Acronis for many years, Acronis support told me there would be a problem creating a backup of a drive that has been encrypted and then being able to do a full drive restore due to the fact Acronis could not work correctly on a drive that had been encrypted. They said the restoration would not work and I could not extract any useable files.
Am I correct that you all are saying:
1. I can do a full disk backup with Acronis from within Windows and the fact the drive is encrypted with Truecrypt is not an issue creating a useable backup file since I am using the Acronis software from within Windows. Therefore, I do not need to unencrypt the drive each time before I do a full disk backup.
2. If needed, I should be able to pull single files or directories out of this Acronis backup file working within Windows using the Acronis software just fine.
3. If I have/want to do a full disk restore from this file, I will have to use the Acronis rescue disk. The restore will work just fine to bring the entire disk back to the state of the drive at the point in time the backup was created. The only "issue" is that the drive will be unencrypted and thus I will need to re-encrypt the drive again.
Sorry to be so nitpicky about trying to clearly understand the situation but it seems I may have gotten bad information from Acronis support in the past (or the software has changed). I am just trying to feel certain that I can stop the laborious backup routine of unencrypting the drive, creating a backup and then re-encrypting the drive.
Thanks for your patience with me.
Am I correct that you all are saying:
1. I can do a full disk backup with Acronis from within Windows and the fact the drive is encrypted with Truecrypt is not an issue creating a useable backup file since I am using the Acronis software from within Windows. Therefore, I do not need to unencrypt the drive each time before I do a full disk backup.
Yes - this is correct. Any program operating inside of Windows does not see any encryption, including Acronis.
2. If needed, I should be able to pull single files or directories out of this Acronis backup file working within Windows using the Acronis software just fine.
Yes - correct. The resulting full backup file will not be encrypted and you can access this normally. You can provide a password to protect the backup file when you first create it (but not after that point) - you will be asked for the password at any time you try to access it.
3. If I have/want to do a full disk restore from this file, I will have to use the Acronis rescue disk. The restore will work just fine to bring the entire disk back to the state of the drive at the point in time the backup was created. The only "issue" is that the drive will be unencrypted and thus I will need to re-encrypt the drive again.
Yes - correct. The backup file is exactly as would be created for an unencrypted drive - the main caveat in restoring from the file, is that you must have included <<ALL>> partitions required to successfully boot your OS after you do the restore. So your backup must include all required hidden partitions (System Reserved / EFI bootloader...)
Please see the KB document I referenced in my earlier reply.
Ok, thanks so much for the clarification. It seems I received bad information. So much time has been wasted unencrypting and then re-encrypting.
Doug, you have not wasted time. Backup and recovery of unencrypted drive is what Acronis True Image 2016 does flawlessly. That use case is supported.
As you know, development of TrueCrypt was ended in 5/2014, there are unfixed security issues and it is advised to move to other encryption solution. We simply have not tested Acronis True Image 2016 with drives, encrypted with TrueCrypt software due to that reasons. We do not guarantee that Acronis True Image 2016 will work with disks, encrypted with TrueCrypt.
That said, we have not received any reports from Acronis True Image 2016 users saying that the scheme outlined at http://forum.acronis.com/forum/123335#comment-380275 did not work and they had issues. There might have been issues, but we are unaware of them.
If you switch from TrueCrypt to Bitlocker, then https://kb.acronis.com/content/56619 will fully apply and you could safely create entire disk images with Acronis True Image running in Windows, without the need of decrypting the disk beforehand. Disk/partition restoration should be done under bootable media, though. File restoration that does not require computer restart could be completed in running Windows (e.g. you are not trying to recover a system file ,that is currently in use, to its original location and cannot be overwritten without reboot). You can always recover any files from backup when computer is started from bootable media.
Regards,
Slava
I have successfully backed up an image of a Windows 7 computer encrypted with Truecrypt 7.1a and restored the image with only minor issues. Since the intent of a system image is not file recovery but system recovery in the event of a crash, I don't see the issues as show stoppers.
1. Like windows image backup with Bitlocker (Win 7 Enterprise, 8 & 10 Pro and above) the image created is decrypted, so unless you add a password to your TrueImage disk image backup set, you have a security issue here. Bitlocker says to hide your backup disk, but I think adding AES encryption to your TrueImage disk image is a better idea.
2. TrueImage disk image backup set must be created while running under windows, since the image is created from the decrypted disk data while Windows is running. Making an image backup from bootable media won't be successful.
3. Restoring the image works with bootable media, or what would be the point of a disk image restoration be if it doesn't allow a hard disk replacement, but the restored system reserved partition where Truectypt's bootloader lives will fail to boot the now decrypted system partition. You can escape out of the Truectypt bootloader to boot the restored, decrypted Windows. To fix the boot issue run fixboot and fixmbr (a good idea in case of a disk replacement anyway). Here is a handy guide: http://www.digitalcitizen.life/command-prompt-fix-issues-your-boot-reco…
You will need a Windows system repair disk or your Windows 7 distribution disk. System repair disks can be created from the Windows 7 (as well as 8 and 10) windows backup.
4. After restoration, fixboot and fixmbr, re-enctypt your drive.
PLMD, thanks for sharing your experience and results, I am sure that this will be useful to other users.