How to clone a VeraCrypt HDD while retaining encyrption


Author
Message
mc40638
mc40638
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)
Group: Forum Members
Posts: 3, Visits: 13
Please note, I was able to continue incrementing an existing MR on the cloned HDD after this procedure as well. This is a very nice bonus.

I have completed some experiments using Macrium Reflect (MR) and VeraCrypt.

VeraCrypt is the successor to TrueCrypt.  The document http://kb.macrium.com/KnowledgebaseArticle50140.aspx explains how to include TrueCrypt on the MR Rescue Environment. Following the published instructions and adapting them to VeraCrypt (honestly trivial) I was able to create a MR and VeraCryupt Rescue Environment.
The
Rescue Environment allows me to mount the VeraCrypt volumes and gave me complete access to the volumes.

The discussion below includes some tests I preformed before I got to cloning the VeraCrypt HDD while retraining the encryption.

Test 1:

From within Windows7 use Reflect to restore and Image of a VeraCrypt encrypted HD.  As expected the restore was unencrypted, but was not bootable. This was not unexpected. I used NeoSmart's Easy Recovery Essentials (https://neosmart.net/EasyRE/) to repair the boot sector. There are other tools, several free ones, which also work. I am just familiar with EasyRE.  I did not try using  the MR internal tool.  One important caveat - Reflect changed the Disk ID of the target HDD at the end of the restore. This was necessary to be able to mount the drive on windows.

Test 2 : 

Boot from the restored HD created in test 1 and try appending to the existing Reflect image.  This failed  with the error "At least one partition in the Image to append to cannot be found".  The solution was to use the Windows command line tool DISKPART (or any number of tools) and restore the Disk ID to that of the original disk. (The Disk ID can be foundat the end of the 000.mrimgfile and the end of any of the 'initial files' of an incremental backup).

Test 3:

Use the Rescue Environment to clone an encrypted disk.  Since the encrypted disk is NOT mounted, the backup must be a 'Forensic' (sector by sector) backup.  I would have thought this bit by bit clone would simply boot as my original encrypted HD. It did indeed boot with the encrypted password.  The problem was that Windows considered the system not to be genuine. The disk was essentially unusable.

I was able to fix this situation by using the Rescue Environment, mounting both the original HD and the restored HD (using VeraCrypt), and copying C:\BOOT\BCD from the original HD to the target.   The Disk ID was not restored during the restore (which also confused me), btw.  The 'notgenuine windows' error could not be fixed by ONLY changing the Disk ID. 

Please note, apparentlyVeraCrypt leaves certain bits unencrypted on a HD, even when the entire disk is encrypted. Using Reflect's tool to fix the Boot Sector, in this case, made the disk unbootable. In this case I did not try to manually restore the BOOT directory from the original disk.

Test 4:

Repeat Test 2 on the HD I restored in Test 3. As long as the DISK ID was restored to the original, I was able to append an additional increment to the backup.

Test 5:

Using the extended backup created in Test 2 or Test 4, I was successfully able to restore a HD, just asin Test 1.

As Imentioned before in Test 3, I am still confused why the Forensic copy did not boot correctly.  I do not know what Windows does during the boot cycle, what information it reads from the boot sector and what information it changes. I did not try restoring the DiskID before booting; perhaps that would have been enough.



dyhs
dyhs
Proficient Member
Proficient Member (267 reputation)Proficient Member (267 reputation)Proficient Member (267 reputation)Proficient Member (267 reputation)Proficient Member (267 reputation)Proficient Member (267 reputation)Proficient Member (267 reputation)Proficient Member (267 reputation)Proficient Member (267 reputation)
Group: Forum Members
Posts: 164, Visits: 640
That's all very interesting, but--what are you trying to do?
Do you want to clone or to image the drive?
Is it a Windows 7 system disk?





Edited 15 July 2017 9:24 PM by dyhs
mc40638
mc40638
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)
Group: Forum Members
Posts: 3, Visits: 13
Hi,
I am set. I was just reporting on my success in cloning a HDD will retraining VeraCrypt disk encryption AND having the clone be able to add incremental backups to a existing Macrium backup. 
I outlined my steps so others would not have to reinvent the wheel. There are some gotyas
a) creation of a bootable WINPE pendrive containing Macrium and Veracyrpt
b) Forensic clone is required
c) Restoring the boot/bcd file
d) Restoring the original DISK ID.
Thanks for your input.




Frankie1
Frankie1
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)
Group: Forum Members
Posts: 9, Visits: 15
Hello,
I was able to use Macrium Reflect for an imaging back up and restore of a Jetico Best Crypt Volume Encrypted SSD. It performed seamlessly inside the rescue environment at boot.
The reason for doing it was to eliminate having to decrypt the drive prior to imaging and reencrypting the drive after.
Thanks to Macrium for a great product!
Frank

Saul
Saul
Macrium Representative
Macrium Representative (48 reputation)Macrium Representative (48 reputation)Macrium Representative (48 reputation)Macrium Representative (48 reputation)Macrium Representative (48 reputation)Macrium Representative (48 reputation)Macrium Representative (48 reputation)Macrium Representative (48 reputation)Macrium Representative (48 reputation)
Group: Moderators
Posts: 23, Visits: 215
Frankie1 - 5 October 2017 10:29 PM
Hello,
I was able to use Macrium Reflect for an imaging back up and restore of a Jetico Best Crypt Volume Encrypted SSD. It performed seamlessly inside the rescue environment at boot.
The reason for doing it was to eliminate having to decrypt the drive prior to imaging and reencrypting the drive after.
Thanks to Macrium for a great product!
Frank

Hi Frank, Thanks very much for posting this - we really appreciate it BigGrin

Dreamer2004
Dreamer2004
Talented Member
Talented Member (166 reputation)Talented Member (166 reputation)Talented Member (166 reputation)Talented Member (166 reputation)Talented Member (166 reputation)Talented Member (166 reputation)Talented Member (166 reputation)Talented Member (166 reputation)Talented Member (166 reputation)
Group: Forum Members
Posts: 89, Visits: 361
Frankie1: I also use BestCrypt Volume Encryption. You restored the image to the same disk (or to a disk of the same size) - not to a new disk with a larger size, didn't you?

Frankie1
Frankie1
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)
Group: Forum Members
Posts: 9, Visits: 15
Dreamer2004 - 6 October 2017 8:59 PM
Frankie1: I also use BestCrypt Volume Encryption. You restored the image to the same disk (or to a disk of the same size) - not to a new disk with a larger size, didn't you?

Hello Dreamer2004, I was able to restore to the same drive using the image that was backed up. Not to a New disk....I haven't used the cloning function of Macrium as of yet. I am sure however it will work fine based upon the imaging function of the program, which worked  very well.

Frankie1
Frankie1
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)
Group: Forum Members
Posts: 9, Visits: 15
Saul - 6 October 2017 10:05 AM
Frankie1 - 5 October 2017 10:29 PM
Hello,
I was able to use Macrium Reflect for an imaging back up and restore of a Jetico Best Crypt Volume Encrypted SSD. It performed seamlessly inside the rescue environment at boot.
The reason for doing it was to eliminate having to decrypt the drive prior to imaging and reencrypting the drive after.
Thanks to Macrium for a great product!
Frank

Hi Frank, Thanks very much for posting this - we really appreciate it BigGrin

Most definitely! I am kind of new to posting in forums and am happy to contribute what I can! Thank you!
 

jphughan
jphughan
Macrium Evangelist
Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)Macrium Evangelist (6.2K reputation)
Group: Forum Members
Posts: 4.3K, Visits: 31K
Hey Frankie and Dreamer,

Great to hear that you're enjoying Reflect! Smile  I know the thread title is about cloning while retaining encryption, but since imaging was also brought up, just in case you might be interested in an alternative for that scenario, another option is to unlock (not permanently decrypt) the partition before capturing the image, and then enable Reflect's own encryption for the image file.  Doing this from Rescue requires that your chosen encryption application support running in WinPE in order to unlock the disk; VeraCrypt Portable works, but I'm not familiar with Jetico, so I'm not sure about that -- although if you're comfortable with this approach, then you'd be able to capture image backups from within "real" Windows, so you wouldn't need to use Rescue for this purpose to begin with.  The other advantage to this approach is that your images will likely be MUCH smaller.  Again, I'm not familiar with Jetico, but VeraCrypt fills the entire partition with ciphertext when encryption is enabled.  This means that a) when the partition is locked, Reflect will believe that the partition is completely full, and b) compression will be basically ineffective because proper ciphertext appears as pseudorandom noise, which isn't meaningfully compressible.  By contrast, when the partition is unlocked, Reflect will be able to see how much of the partition contains actual data and capture only those sectors, AND it will be able to compress it before applying its own encryption.

The catch to this approach is that when you restore the partition, it will restore unencrypted, so you will have to remember to re-enable that manually. The benefit on the restore side is that if you have an image that was captured from an unlocked source AND you unlock the destination before performing the restore, Rapid Delta Restore can work, assuming you're restoring to the original source partition rather than a brand new disk.

Similar logic applies for clone operations, i.e. if you unlock the source first, the target will be unencrypted (but the clone will be faster), whereas if you keep the source locked, the destination will also be locked, but all selected partitions will need to be cloned forensically.

Edited 6 October 2017 11:34 PM by jphughan
Frankie1
Frankie1
New Member
New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)New Member (12 reputation)
Group: Forum Members
Posts: 9, Visits: 15
Hello,
I just wanted to post the method used for creating the image and successful restoration using Macrium Reflect.
Asus Laptop Windows 10 64 bit system with 250gb SSD

Inside the rescue environment at boot:

While being prompted for imaging and under advanced settings:
Compression--set to medium compression level and checked for "make exact copy of partition".
File Size--set for automatic.
Password--None
Auto Verify Image--checked
Comments--None
Shutdown--Not checked

Restoring Image from inside rescue environment at boot:

While being prompted for restoration and under advanced settings:
Rapid Delta--checked
SSD Trim--checked
Verify Image--Not checked
MBR--Replaced from backup is checked

Being that I am making an "exact copy of an encrypted drive" it takes a little longer than the un-encrypted.
--Unencrypted Imaging is about 2 hrs & Restoration approximately 10 minutes with rapid restore.
--Encrypted Imaging is about 2.75 hours & Restoration approximately the same at 2.75 hours with rapid restore checked.
But again Rapid restore is slow I believe because of the encryption......

All in all.............Works very well........better than the well known competitor........not mentioning any names........ACRONIS!

I hope this helps!


Best Regards,
Frank






GO

Merge Selected

Merge into selected topic...



Merge into merge target...



Merge into a specific topic ID...




Similar Topics

Reading This Topic

Login

Explore
Messages
Mentions
Search