How can I perform a sector to sector backup of an unmounted encrpted drive?
Open source disk encryption with strong security for the Paranoid
Brought to you by:
idrassi
Menu
▾
▴
It occurs to me that this would be a very efficient way of backing up an encrypted partition or drive: boot into another OS, and do a sector by sector backup from the unmounted main drive to an unmounted backup drive. It would also have the security advantage of not having to leave a mounted encrypted drive unattended for 12 to 24 hours during a backup. How may I go about this?
PinkBL -- I'm not sure why you consider a sector-by-sector backup to be more efficient than a more typical backup, although you may have some unusual factors that might influence that comparison. I can see by your estimate of "12 to 24 hours" backup time, you must be talking about a huge data drive and not just a typical system drive, barring unusual factors in play. But even with a huge data drive, it still seems like a compressed backup of the mounted drive would be a more efficient method, both in terms of time taken and size of the resulting backup file(s). One of the most notable of several potential reasons is the simple fact that sector-by-sector backups include all free space on the drive, which could be ignored when backing up a mounted drive. Unless the drive is nearly full, this alone can have a huge impact on the time and space taken by the backup. Then, there's the compressibility factor as well. Sector-by-sector backups of an encrypted drive are virtually uncompressible (including all that free space), whereas the data on a mounted drive is sometimes highly compressible and sometimes not -- your mileage may vary.
However, if you must leave your computer unattended in an insecure place for 12-24 hours during the backup process, the security advantage you cited is spot-on. I agree, and this may qualify as an overriding concern.
So how do you do these sector-by-sector backups while booted on a second OS? Nearly any backup program (even free programs) will let you create a rescue media disk, usually linux-based, and some (usually less free) will also let you create a Windows PE disk with a rescue program. The rescue disk should perform both sector-by-sector backups and restorations, although some programs may not necessarily be able to back up a "RAW" partition, so you won't know for sure until you test. I confess I have extremely limited experience with this, primarily because I've always had an extreme preference for compressed backups of mounted drives, and immediately dismissed any backup program unable to perform them. I've nearly always used Acronis True Image or Macrium Reflect (my current fav), but you should have an easier time finding a suitable (possibly free) backup program. Macrium Reflect even has a stripped-down free version that may very well suit your needs. As with any backup solution, and doubly so because of its encrypted nature, be sure to test the backup-restore round trip so you're certain that you're getting what you think you are.
One more thing -- just in case you use this backup procedure for a system drive, also make sure you have a backup program that saves and restores the boot record, which will be crucial in restoring from a sector-based backup of an encrypted system drive. The boot record is where VeraCrypt works some of its critical boot-time magic.
You described my issue well: backup of encrypted drives, often large data drives. I'm still seeking a program that can do what I'm looking to do.
Thanks
Another approach you can consider instead of cloning the drive (sector-by-sector) to a backup drive which is very time consuming, is to create another VeraCrypt volume on the another HDD that is being used for backup.
Example:
Source Data drive is 6 TB with a VeraCrypt partition of 5 TB.
Backup Data drive is at least 6 TB with a VeraCrypt partition to match or exceed the source 5 TB VeraCrypt partition above.
.
This is will allow you to synchronize the data between the two mounted VeraCrypt partitions very quickly.
Last edit: Enigma2Illusion 2018-12-03
I can only succesfully use acronis backup for full disk encryption. But Veracrypt wont let me verify my backup, without 2nd physical disk (no less as backup size ofc, which can be TB of data) with restored backup on it. This is very annoying