Most companies these days are using disk encryption on their laptops. I
am planning to use TrueCrypt for my laptop. The question I have now is
about backups and the system restore procedures.

I do my backups to an external disk and am assuming that the complete
system backup is also going to be an encrypted image. My main concern
is about the restore session. If I do have to restore my laptop from
the backup, then how does the disk encryption crypto tools such as
TrueCrypt work?

Thank you in advance for any information.

NJ

it depends on where you do the backup...
if you do a offline backup (such as a complete disk (sector by
sector)backup then the backup will be encrypted...
if you are doing the backup from within the system then the backup wont
be encrypted as the OS not encrypted

here is how trucrypt partitions should be backed-up
http://www.truecrypt.org/docs/?s=how...ck-up-securely

SYSTEM PARTITIONS
Note: In addition to backing up files, we recommend that you
also back up your 'TrueCrypt Rescue Disk'
(http://www.truecrypt.org/docs/rescue-disk.php) (select -System-
-Create Rescue Disk-).
To back up an 'encrypted system partition'
(http://www.truecrypt.org/docs/system-encryption.php) securely and
safely, it is recommended to follow these steps:


- If you have multiple operating systems installed on your
computer, boot the one that does not require pre-boot
authentication.

If you do not have multiple operating systems installed
on your computer, you can boot a WinPE or 'BartPE'
(http://www.nu2.nu/pebuilder/) CD/DVD (i.e. 'live' Windows entirely
stored on and booted from a CD/DVD; for more information, search the
'TrueCrypt FAQ' (http://www.truecrypt.org/faq.php) for the keyword
'BartPE').

If none of the above is possible, connect your system drive as a
secondary drive to another computer and then boot the operating
system installed on the computer.

Note: For security reasons, if the operating system that
you want to back up resides in a 'hidden TrueCrypt volume'
(http://www.truecrypt.org/docs/hidden-volume.php) (see the section
'Hidden Operating System'
(http://www.truecrypt.org/docs/hidden...g-system.php)), then
the operating system that you boot in this step must be either
another hidden operating system or a "live-CD" operating system (see
above). For more information, see the subsection 'Security
Precautions Pertaining to Hidden Volumes'
(http://www.truecrypt.org/docs/hidden...recautions.php) in the
chapter 'Plausible Deniability'
(http://www.truecrypt.org/docs/plausi...niability.php).
- Create a new non-system TrueCrypt volume using the TrueCrypt
Volume Creation Wizard (do not enable the -Quick Format- option or
the -Dynamic- option). It will be your -backup- volume so its size
should match (or be greater than) the size of the system partition
that you want to back up.

If the operating system that you want to back up resides in
a 'hidden TrueCrypt volume'
(http://www.truecrypt.org/docs/hidden-volume.php) (see the section
'Hidden Operating System'
(http://www.truecrypt.org/docs/hidden...g-system.php)), the
-backup- volume must be a hidden TrueCrypt volume as well. Before
you create the hidden -backup- volume, you must create a new host
(outer) volume for it without enabling the -Quick Format- option. In
addition, especially if the -backup- volume is file-hosted, the
hidden -backup- volume should occupy only a very small portion of
the container and the outer volume should be almost completely
filled with files (otherwise, the plausible deniability of the
hidden volume might be adversely affected).
- Mount the newly created -backup- volume.
- Mount the system partition that you want to back up by following
these steps:

- Click -Select Device- and then select the system partition that
you want to back up (in case of a 'hidden operating system'
(http://www.truecrypt.org/docs/hidden...ng-system.php),
select the partition containing the hidden volume in which the
operating system is installed).
- Click -OK-.
- Select -System- -Mount Without Pre-Boot Authentication-.
- Enter your pre-boot authentication password and click -OK-.


- Mount the -backup- volume and then copy all files from the
system partition (mounted as a regular TrueCrypt volume since the
previous step) directly to the mounted -backup- volume.

*IMPORTANT: If you store the backup volume in any location
that an adversary can repeatedly access (for example, on a device kept
in a bank's safe deposit box), you should repeat -all- of the above
steps (including the step 2) each time you want to back up the volume
(see below).*
If you follow the above steps, you will help prevent
adversaries from finding out:


- Which sectors of the volumes are changing (because you always
follow step 2). This is particularly important, for example, if you
store the backup volume on a device kept in a bank's safe deposit
box (or in any other location that an adversary can repeatedly
access) and the volume contains a 'hidden volume'
(http://www.truecrypt.org/docs/hidden-volume.php) (for more
information, see the subsection 'Security Precautions Pertaining to
Hidden Volumes'
(http://www.truecrypt.org/docs/hidden...recautions.php) in the
chapter 'Plausible Deniability'
(http://www.truecrypt.org/docs/plausi...iability.php)).
- That one of the volumes is a backup of the other.



*General Notes*

If you store the backup volume in any location where an
adversary can make a copy of the volume, consider encrypting the
volume with a 'cascade of ciphers'
(http://www.truecrypt.org/docs/cascades.php). Otherwise, if the volume
is encrypted only with a single encryption algorithm and the algorithm
is later broken (for example, due to advances in cryptanalysis), the
attacker might be able to decrypt his copies of the volume. The
probability that three distinct encryption algorithms will be broken
is significantly lower than the probability that only one of them will
be broken (each of the ciphers in a cascade uses its own key).
Neil Jones;922202 Wrote:
Most companies these days are using disk encryption on their laptops. I
am planning to use TrueCrypt for my laptop. The question I have now is
about backups and the system restore procedures.

I do my backups to an external disk and am assuming that the complete
system backup is also going to be an encrypted image. My main concern
is about the restore session. If I do have to restore my laptop from
the backup, then how does the disk encryption crypto tools such as
TrueCrypt work?

Thank you in advance for any information.

NJ


--
darkassain

Neil Jones wrote:

Most companies these days are using disk encryption on their laptops. I
am planning to use TrueCrypt for my laptop. The question I have now is
about backups and the system restore procedures.

I do my backups to an external disk and am assuming that the complete
system backup is also going to be an encrypted image. My main concern
is about the restore session. If I do have to restore my laptop from
the backup, then how does the disk encryption crypto tools such as
TrueCrypt work?

http://www.truecrypt.org/docs/
http://www.truecrypt.org/faq.php
http://forums.truecrypt.org/

Malke
--
MS-MVP
Elephant Boy Computers - Don't Panic!
FAQ - http://www.elephantboycomputers.com/#FAQ

I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second
Copy which replicates my C drive to the eGo. I have found this equally
successful when encrypting the whole eGo or just a volume on it. Once the
drive is mounted and the (very strong) password entered, the data on the
encrypted drive behaves exactly the same as if it had not been encrypted.
Incremental backups work fine and I have had occasion to retrieve data after
a hard drive failure. I swap the portable drives weekly, one of them always
being off site in the boot of my car and the other in a different part of my
house except, of course, when I am backing up. These drives are robust and
yet so cheap that they can almost be regarded as consumables, so having one
for each day of the week might be considered.

"Neil Jones" wrote in message
...
Most companies these days are using disk encryption on their laptops. I
am planning to use TrueCrypt for my laptop. The question I have now is
about backups and the system restore procedures.

I do my backups to an external disk and am assuming that the complete
system backup is also going to be an encrypted image. My main concern
is about the restore session. If I do have to restore my laptop from
the backup, then how does the disk encryption crypto tools such as
TrueCrypt work?

Thank you in advance for any information.

NJ

you have to point out that you have to encrypt both drives....
otherwise the unencrypted will be have the data out in the open...

if you encrypt both drives then you are safe as you can right now on
software encryption



Doug;923094 Wrote:
I use TrueCrypt with a pair of Iomega eGo USB2-powered drives and Second
Copy which replicates my C drive to the eGo. I have found this equally
successful when encrypting the whole eGo or just a volume on it. Once
the
drive is mounted and the (very strong) password entered, the data on
the
encrypted drive behaves exactly the same as if it had not been
encrypted.
Incremental backups work fine and I have had occasion to retrieve data
after
a hard drive failure. I swap the portable drives weekly, one of them
always
being off site in the boot of my car and the other in a different part
of my
house except, of course, when I am backing up. These drives are robust
and
yet so cheap that they can almost be regarded as consumables, so having
one
for each day of the week might be considered.

"Neil Jones" wrote in
message
news:OKh$4dMaJHA.1268@xxxxxx
Most companies these days are using disk encryption on their laptops.
I
am planning to use TrueCrypt for my laptop. The question I have now
is
about backups and the system restore procedures.

I do my backups to an external disk and am assuming that the complete
system backup is also going to be an encrypted image. My main
concern
is about the restore session. If I do have to restore my laptop from
the backup, then how does the disk encryption crypto tools such as
TrueCrypt work?

Thank you in advance for any information.

NJ


--
darkassain