Disk Encryption with TrueCrypt and Backups

it depends on where you do the backup..
if you do a offline backup (such as a complete disk (sector b
sector)backup then the backup will be encrypted..
if you are doing the backup from within the system then the backup won
be encrypted as the OS not encrypte

here is how trucrypt partitions should be backed-u
http://www.truecrypt.org/docs/?s=how-to-back-up-securel

> SYSTEM PARTITION
> Note: In addition to backing up files, we recommend that yo
> also back up your 'TrueCrypt Rescue Disk
> (http://www.truecrypt.org/docs/rescue-disk.php) (select -System-
> -Create Rescue Disk-)
> To back up an 'encrypted system partition
> (http://www.truecrypt.org/docs/system-encryption.php) securely an
> safely, it is recommended to follow these steps
>

> > >

- If you have multiple operating systems installed on you

> computer, boot the one that does not require pre-boo
> authentication.
>
> If you do not have multiple operating systems installe
> on your computer, you can boot a WinPE or 'BartPE
> (http://www.nu2.nu/pebuilder/) CD/DVD (i.e. 'live' Windows entirel
> stored on and booted from a CD/DVD; for more information, search th
> 'TrueCrypt FAQ' (http://www.truecrypt.org/faq.php) for the keywor
> 'BartPE')
>
> If none of the above is possible, connect your system drive as
> secondary drive to another computer and then boot the operatin
> system installed on the computer
>
> Note: For security reasons, if the operating system tha
> you want to back up resides in a 'hidden TrueCrypt volume
> (http://www.truecrypt.org/docs/hidden-volume.php) (see the sectio
> 'Hidden Operating System
> (http://www.truecrypt.org/docs/hidden...ing-system.php)), the
> the operating system that you boot in this step must be eithe
> another hidden operating system or a "live-CD" operating system (se
> above). For more information, see the subsection 'Securit
> Precautions Pertaining to Hidden Volumes
> (http://www.truecrypt.org/docs/hidden...recautions.php) in th
> chapter 'Plausible Deniability
> (http://www.truecrypt.org/docs/plausible-deniability.php)

- Create a new non-system TrueCrypt volume using the TrueCryp

> Volume Creation Wizard (do not enable the -Quick Format- option o
> the -Dynamic- option). It will be your -backup- volume so its siz
> should match (or be greater than) the size of the system partitio
> that you want to back up
>
> If the operating system that you want to back up resides i
> a 'hidden TrueCrypt volume
> (http://www.truecrypt.org/docs/hidden-volume.php) (see the sectio
> 'Hidden Operating System
> (http://www.truecrypt.org/docs/hidden...ing-system.php)), th
> -backup- volume must be a hidden TrueCrypt volume as well. Befor
> you create the hidden -backup- volume, you must create a new hos
> (outer) volume for it without enabling the -Quick Format- option. I
> addition, especially if the -backup- volume is file-hosted, th
> hidden -backup- volume should occupy only a very small portion o
> the container and the outer volume should be almost completel
> filled with files (otherwise, the plausible deniability of th
> hidden volume might be adversely affected)

- Mount the newly created -backup- volume
- Mount the system partition that you want to back up by followin

> these steps

> > >

- Click -Select Device- and then select the system partition tha

> you want to back up (in case of a 'hidden operating system
> (http://www.truecrypt.org/docs/hidden...ing-system.php)
> select the partition containing the hidden volume in which th
> operating system is installed)

- Click -OK-
- Select -System- > -Mount Without Pre-Boot Authentication-
- Enter your pre-boot authentication password and click -OK-

> > >

>

- Mount the -backup- volume and then copy all files from th

> system partition (mounted as a regular TrueCrypt volume since th
> previous step) directly to the mounted -backup- volume

> > >

> *IMPORTANT: If you store the backup volume in any location
> that an adversary can repeatedly access (for example, on a device kept
> in a bank's safe deposit box), you should repeat -all- of the above
> steps (including the step 2) each time you want to back up the volume
> (see below).*
> If you follow the above steps, you will help prevent
> adversaries from finding out:
>

> > > >

- Which sectors of the volumes are changing (because you always

> follow step 2). This is particularly important, for example, if you
> store the backup volume on a device kept in a bank's safe deposit
> box (or in any other location that an adversary can repeatedly
> access) and the volume contains a 'hidden volume'
> (http://www.truecrypt.org/docs/hidden-volume.php) (for more
> information, see the subsection 'Security Precautions Pertaining to
> Hidden Volumes'
> (http://www.truecrypt.org/docs/hidden...recautions.php) in the
> chapter 'Plausible Deniability'
> (http://www.truecrypt.org/docs/plausible-deniability.php)).

- That one of the volumes is a backup of the other.

> > >

>
>
> *General Notes*
>
> If you store the backup volume in any location where an
> adversary can make a copy of the volume, consider encrypting the
> volume with a 'cascade of ciphers'
> (http://www.truecrypt.org/docs/cascades.php). Otherwise, if the volume
> is encrypted only with a single encryption algorithm and the algorithm
> is later broken (for example, due to advances in cryptanalysis), the
> attacker might be able to decrypt his copies of the volume. The
> probability that three distinct encryption algorithms will be broken
> is significantly lower than the probability that only one of them will
> be broken (each of the ciphers in a cascade uses its own key).
> Neil Jones;922202 Wrote:
> Most companies these days are using disk encryption on their laptops. I
> am planning to use TrueCrypt for my laptop. The question I have now is
> about backups and the system restore procedures.
>
> I do my backups to an external disk and am assuming that the complete
> system backup is also going to be an encrypted image. My main concern
> is about the restore session. If I do have to restore my laptop from
> the backup, then how does the disk encryption crypto tools such as
> TrueCrypt work?
>
> Thank you in advance for any information.
>
> NJ

--
darkassain

it depends on where you do the backup..
if you do a offline backup (such as a complete disk (sector b
sector)backup then the backup will be encrypted..
if you are doing the backup from within the system then the backup won
be encrypted as the OS not encrypte

here is how trucrypt partitions should be backed-u
http://www.truecrypt.org/docs/?s=how-to-back-up-securel

> SYSTEM PARTITION
> Note: In addition to backing up files, we recommend that yo
> also back up your 'TrueCrypt Rescue Disk
> (http://www.truecrypt.org/docs/rescue-disk.php) (select -System-
> -Create Rescue Disk-)
> To back up an 'encrypted system partition
> (http://www.truecrypt.org/docs/system-encryption.php) securely an
> safely, it is recommended to follow these steps
>

> > >

- If you have multiple operating systems installed on you

> computer, boot the one that does not require pre-boo
> authentication.
>
> If you do not have multiple operating systems installe
> on your computer, you can boot a WinPE or 'BartPE
> (http://www.nu2.nu/pebuilder/) CD/DVD (i.e. 'live' Windows entirel
> stored on and booted from a CD/DVD; for more information, search th
> 'TrueCrypt FAQ' (http://www.truecrypt.org/faq.php) for the keywor
> 'BartPE')
>
> If none of the above is possible, connect your system drive as
> secondary drive to another computer and then boot the operatin
> system installed on the computer
>
> Note: For security reasons, if the operating system tha
> you want to back up resides in a 'hidden TrueCrypt volume
> (http://www.truecrypt.org/docs/hidden-volume.php) (see the sectio
> 'Hidden Operating System
> (http://www.truecrypt.org/docs/hidden...ing-system.php)), the
> the operating system that you boot in this step must be eithe
> another hidden operating system or a "live-CD" operating system (se
> above). For more information, see the subsection 'Securit
> Precautions Pertaining to Hidden Volumes
> (http://www.truecrypt.org/docs/hidden...recautions.php) in th
> chapter 'Plausible Deniability
> (http://www.truecrypt.org/docs/plausible-deniability.php)

- Create a new non-system TrueCrypt volume using the TrueCryp

> Volume Creation Wizard (do not enable the -Quick Format- option o
> the -Dynamic- option). It will be your -backup- volume so its siz
> should match (or be greater than) the size of the system partitio
> that you want to back up
>
> If the operating system that you want to back up resides i
> a 'hidden TrueCrypt volume
> (http://www.truecrypt.org/docs/hidden-volume.php) (see the sectio
> 'Hidden Operating System
> (http://www.truecrypt.org/docs/hidden...ing-system.php)), th
> -backup- volume must be a hidden TrueCrypt volume as well. Befor
> you create the hidden -backup- volume, you must create a new hos
> (outer) volume for it without enabling the -Quick Format- option. I
> addition, especially if the -backup- volume is file-hosted, th
> hidden -backup- volume should occupy only a very small portion o
> the container and the outer volume should be almost completel
> filled with files (otherwise, the plausible deniability of th
> hidden volume might be adversely affected)

- Mount the newly created -backup- volume
- Mount the system partition that you want to back up by followin

> these steps

> > >

- Click -Select Device- and then select the system partition tha

> you want to back up (in case of a 'hidden operating system
> (http://www.truecrypt.org/docs/hidden...ing-system.php)
> select the partition containing the hidden volume in which th
> operating system is installed)

- Click -OK-
- Select -System- > -Mount Without Pre-Boot Authentication-
- Enter your pre-boot authentication password and click -OK-

> > >

>

- Mount the -backup- volume and then copy all files from th

> system partition (mounted as a regular TrueCrypt volume since th
> previous step) directly to the mounted -backup- volume

> > >

> *IMPORTANT: If you store the backup volume in any location
> that an adversary can repeatedly access (for example, on a device kept
> in a bank's safe deposit box), you should repeat -all- of the above
> steps (including the step 2) each time you want to back up the volume
> (see below).*
> If you follow the above steps, you will help prevent
> adversaries from finding out:
>

> > > >

- Which sectors of the volumes are changing (because you always

> follow step 2). This is particularly important, for example, if you
> store the backup volume on a device kept in a bank's safe deposit
> box (or in any other location that an adversary can repeatedly
> access) and the volume contains a 'hidden volume'
> (http://www.truecrypt.org/docs/hidden-volume.php) (for more
> information, see the subsection 'Security Precautions Pertaining to
> Hidden Volumes'
> (http://www.truecrypt.org/docs/hidden...recautions.php) in the
> chapter 'Plausible Deniability'
> (http://www.truecrypt.org/docs/plausible-deniability.php)).

- That one of the volumes is a backup of the other.

> > >

>
>
> *General Notes*
>
> If you store the backup volume in any location where an
> adversary can make a copy of the volume, consider encrypting the
> volume with a 'cascade of ciphers'
> (http://www.truecrypt.org/docs/cascades.php). Otherwise, if the volume
> is encrypted only with a single encryption algorithm and the algorithm
> is later broken (for example, due to advances in cryptanalysis), the
> attacker might be able to decrypt his copies of the volume. The
> probability that three distinct encryption algorithms will be broken
> is significantly lower than the probability that only one of them will
> be broken (each of the ciphers in a cascade uses its own key).
> Neil Jones;922202 Wrote:
> Most companies these days are using disk encryption on their laptops. I
> am planning to use TrueCrypt for my laptop. The question I have now is
> about backups and the system restore procedures.
>
> I do my backups to an external disk and am assuming that the complete
> system backup is also going to be an encrypted image. My main concern
> is about the restore session. If I do have to restore my laptop from
> the backup, then how does the disk encryption crypto tools such as
> TrueCrypt work?
>
> Thank you in advance for any information.
>
> NJ

--
darkassain

Neil Jones wrote:

> Most companies these days are using disk encryption on their laptops. I
> am planning to use TrueCrypt for my laptop. The question I have now is
> about backups and the system restore procedures.
>
> I do my backups to an external disk and am assuming that the complete
> system backup is also going to be an encrypted image. My main concern
> is about the restore session. If I do have to restore my laptop from
> the backup, then how does the disk encryption crypto tools such as
> TrueCrypt work?

http://www.truecrypt.org/docs/
http://www.truecrypt.org/faq.php
http://forums.truecrypt.org/

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second
Copy which replicates my C drive to the eGo. I have found this equally
successful when encrypting the whole eGo or just a volume on it. Once the
drive is mounted and the (very strong) password entered, the data on the
encrypted drive behaves exactly the same as if it had not been encrypted.
Incremental backups work fine and I have had occasion to retrieve data after
a hard drive failure. I swap the portable drives weekly, one of them always
being off site in the boot of my car and the other in a different part of my
house except, of course, when I am backing up. These drives are robust and
yet so cheap that they can almost be regarded as consumables, so having one
for each day of the week might be considered.

"Neil Jones" <castellan2004-nschap@remove-this.yahoo.com> wrote in message
news:OKh$4dMaJHA.1268@TK2MSFTNGP04.phx.gbl...

> Most companies these days are using disk encryption on their laptops. I
> am planning to use TrueCrypt for my laptop. The question I have now is
> about backups and the system restore procedures.
>
> I do my backups to an external disk and am assuming that the complete
> system backup is also going to be an encrypted image. My main concern
> is about the restore session. If I do have to restore my laptop from
> the backup, then how does the disk encryption crypto tools such as
> TrueCrypt work?
>
> Thank you in advance for any information.
>
> NJ

you have to point out that you have to encrypt both drives...
otherwise the unencrypted will be have the data out in the open..

if you encrypt both drives then you are safe as you can right now o
software encryptio


Doug;923094 Wrote:

> I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Secon
> Copy which replicates my C drive to the eGo. I have found this equall
> successful when encrypting the whole eGo or just a volume on it. Onc
> th
> drive is mounted and the (very strong) password entered, the data o
> th
> encrypted drive behaves exactly the same as if it had not bee
> encrypted
> Incremental backups work fine and I have had occasion to retrieve dat
> afte
> a hard drive failure. I swap the portable drives weekly, one of the
> alway
> being off site in the boot of my car and the other in a different par
> of m
> house except, of course, when I am backing up. These drives are robus
> an
> yet so cheap that they can almost be regarded as consumables, so havin
> on
> for each day of the week might be considered
>
> "Neil Jones" <castellan2004-nschap@xxxxxx-this.yahoo.com> wrote i
> messag
> news:OKh$4dMaJHA.1268@xxxxxx> > >

> > > Most companies these days are using disk encryption on their laptops

> >

> > > am planning to use TrueCrypt for my laptop. The question I have no

> > i

> > > about backups and the system restore procedures

> >

> > > I do my backups to an external disk and am assuming that the complet
> > > system backup is also going to be an encrypted image. My mai

> > concer

> > > is about the restore session. If I do have to restore my laptop fro
> > > the backup, then how does the disk encryption crypto tools such a
> > > TrueCrypt work

> >

> > > Thank you in advance for any information

> >

> > > NJ >

--
darkassain

you have to point out that you have to encrypt both drives...
otherwise the unencrypted will be have the data out in the open..

if you encrypt both drives then you are safe as you can right now o
software encryptio


Doug;923094 Wrote:

> I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Secon
> Copy which replicates my C drive to the eGo. I have found this equall
> successful when encrypting the whole eGo or just a volume on it. Onc
> th
> drive is mounted and the (very strong) password entered, the data o
> th
> encrypted drive behaves exactly the same as if it had not bee
> encrypted
> Incremental backups work fine and I have had occasion to retrieve dat
> afte
> a hard drive failure. I swap the portable drives weekly, one of the
> alway
> being off site in the boot of my car and the other in a different par
> of m
> house except, of course, when I am backing up. These drives are robus
> an
> yet so cheap that they can almost be regarded as consumables, so havin
> on
> for each day of the week might be considered
>
> "Neil Jones" <castellan2004-nschap@xxxxxx-this.yahoo.com> wrote i
> messag
> news:OKh$4dMaJHA.1268@xxxxxx> > >

> > > Most companies these days are using disk encryption on their laptops

> >

> > > am planning to use TrueCrypt for my laptop. The question I have no

> > i

> > > about backups and the system restore procedures

> >

> > > I do my backups to an external disk and am assuming that the complet
> > > system backup is also going to be an encrypted image. My mai

> > concer

> > > is about the restore session. If I do have to restore my laptop fro
> > > the backup, then how does the disk encryption crypto tools such a
> > > TrueCrypt work

> >

> > > Thank you in advance for any information

> >

> > > NJ >

--
darkassain