- Dec 24, 2024
- 47
- 3
- 35
I need help with Macrium Reflect backups with veracrypt encrypted hard drives. Is this method safe for back ups?
I want to encrypt a full OS hard drive with the main OS. I just have a few questions. I did some side research on this.
The original plan was I wanted to partition the hard drive to be about 500GB for main os. But for some reason, I think that is a useless method.
Because you can use a usb copy of reflect to go outside the hard drive (not using the main OS). So now you will get two encrypted partitions. One is the MBR partition (it's encrypted) and the full OS partition (it's encrypted). Now realizing that is indeed encrypted. You can still actually clone it to an image using Reflect. The downside of this is that, it must encrypt the whole 500GB partition. I have indeed discovered, with another computer, that I can take a hard drive out. I had an old hard drive lying around that was encrypted with a copy of Win7 OS. I hooked up it up as a secondary hard drive.
Now I can indeed use veracrypt and use Select Drive. I select the drive. And then I can go to mount without preboot authorization. And indeed, you can access to the data.
But this is where my research comes in. So, if I do backups that are 500GB of an encrypted main OS partition and the MBR partition. And then let's say I restore it this way. Some people say it can still work with this method, but there is another guy that says this:
"I booted into the clone HDD, or tried to, and realized that I could not decrypt it. Somehow, the disk encryption in VeraCrypt uses the disk info as part of its security. Maybe disk serial number or something unique to the disk. Meaning, a perfect clone will not decrypt. As the software realizes it has become a clone and refuses to boot."
So not only is this method risky, it eats up too much space. So if you clone a primary OS, it will only make that image the size of what you used on the hard drive. I don't necessarily want to use that method.
Here is what I want to do.
Each time I have to do a backup of my full primary OS partition and MBR partition. I want to decrypt it. And then run Reflect from a USB or another OS. I will calculate the space that they both use. I will make an encrypted container the same size on a USB external drive. Then I will have Reflect make a backup image in that encrypted space. Now, if I restore it, I decrypt that container that I stored the image on. Load it into Reflect and have it restore that image on the primary OS partitions.
The only thing I don't know is, how Reflect restores it. If it overwrites or deletes it to restore it. Does that mean it now deletes all the files on that unencrypted OS partition. And now the deleted files are set on the hard drive. Which means, if you delete a file in an unencrypted volume. Now I might be at risk with my personal files. So I don't know if this is a safe method? Am I still safe as long as I don't delete files on my OS before I reencrypt it again. Is this an okay and safe method?
I want to encrypt a full OS hard drive with the main OS. I just have a few questions. I did some side research on this.
The original plan was I wanted to partition the hard drive to be about 500GB for main os. But for some reason, I think that is a useless method.
Because you can use a usb copy of reflect to go outside the hard drive (not using the main OS). So now you will get two encrypted partitions. One is the MBR partition (it's encrypted) and the full OS partition (it's encrypted). Now realizing that is indeed encrypted. You can still actually clone it to an image using Reflect. The downside of this is that, it must encrypt the whole 500GB partition. I have indeed discovered, with another computer, that I can take a hard drive out. I had an old hard drive lying around that was encrypted with a copy of Win7 OS. I hooked up it up as a secondary hard drive.
Now I can indeed use veracrypt and use Select Drive. I select the drive. And then I can go to mount without preboot authorization. And indeed, you can access to the data.
But this is where my research comes in. So, if I do backups that are 500GB of an encrypted main OS partition and the MBR partition. And then let's say I restore it this way. Some people say it can still work with this method, but there is another guy that says this:
"I booted into the clone HDD, or tried to, and realized that I could not decrypt it. Somehow, the disk encryption in VeraCrypt uses the disk info as part of its security. Maybe disk serial number or something unique to the disk. Meaning, a perfect clone will not decrypt. As the software realizes it has become a clone and refuses to boot."
So not only is this method risky, it eats up too much space. So if you clone a primary OS, it will only make that image the size of what you used on the hard drive. I don't necessarily want to use that method.
Here is what I want to do.
Each time I have to do a backup of my full primary OS partition and MBR partition. I want to decrypt it. And then run Reflect from a USB or another OS. I will calculate the space that they both use. I will make an encrypted container the same size on a USB external drive. Then I will have Reflect make a backup image in that encrypted space. Now, if I restore it, I decrypt that container that I stored the image on. Load it into Reflect and have it restore that image on the primary OS partitions.
The only thing I don't know is, how Reflect restores it. If it overwrites or deletes it to restore it. Does that mean it now deletes all the files on that unencrypted OS partition. And now the deleted files are set on the hard drive. Which means, if you delete a file in an unencrypted volume. Now I might be at risk with my personal files. So I don't know if this is a safe method? Am I still safe as long as I don't delete files on my OS before I reencrypt it again. Is this an okay and safe method?
Facebook
Twitter
Instagram