Truecrypt Help

[ba9ag]

We are about to test trucrypt on some new laptops and have a couple of questions some of you may be able to offer some wisdom on:

1) We typically have two partions on our laptops the first is the sytem and all files and the second contains a ghost image of a factory setup (used to recover in disasters if needed!). Should we just encrypt the whole drive or ignore the backup partition and just encrypt the system partition?

2) Do people encrypt the Host Protected Area?

3) Does anyone have any experience with Ghosting an encrypted laptop. Just thinking if we set one up and encrypt it can we still image it to another identical laptop or is it best to image the laptops prior to running truecrypt and then run truecrypt individually on each laptop?

Would be interested in hearing peoples experiences on the above.

Thanks
Dimas

[TheLibrarian]

1/ Encrypting the backup partition would not be much use, you would have difficulty getting to it if you needed to restore the backup.

2/ We routinely destroy the HPA, but I'd say same as #1.

3/ If you want to Ghost an encrypted partition / disk you would use the -ia switch which would image the disk sector by sector this includes every sector, even unused ones, because Ghost can not tell what is needed and what isn't. We decided to go with a normal image and encrypt afterwards, particularly as some laptops now have >300Gb HDD's which is one heck of a large image when you use -ia.

[ba9ag]

Hi Librarian

Thanks for the info, just to confirm with the HPA would you recommend not encrypting it?

[TheLibrarian]

I would definitely not encrypt the HPA, getting access to it if you need it would be next to impossible if you encrypt it.

[ba9ag]

One other question if I may, how do you then reimage an encrypted laptop? Do you have to decrypt it prior to imaging as this would massively increase the reimaging time? Thanks

[TheLibrarian]

Decrypt I'm afraid, although I'm not sure what a hot image would do, I assume it would take an unencrypted image.

[powdarrmonkey]

Decrypt I'm afraid, although I'm not sure what a hot image would do, I assume it would take an unencrypted image.

If you leave it hot too long it might melt the case, you should watch out for that

[sted]

surely if you ghosted an image to an encrypted drive it would just overight it wouldnt it?

[ba9ag]

Yeah tried restoring a local image (unencrytped) to the encrypted system partition but it wouldnt boot afterwards and the TruCrypt bootloader was still present. I am just concered as to how we go about reimaging all these laptops six months down the line once they have been encrypted. I understand you can decrypt them and then send an image out and recrypt but the whole decrypt and recrypt process seems to take around 8 hours as opposed to one hour reimaging before!

[ba9ag]

Anyone know how to backup the boot sector prior to running truecypt and then possibly restoring the boot sector if I copy an unecypted image across? Thanks

[TheLibrarian]

If you had used the -ib switch when taking the image, that would have backed up the boot sector too. IIRC you have to use the -ib switch when you push to image out too.

Failing that, you can boot to the XP repair console on the CD and use fixboot IIRC.

You can also use GDISK or GDISK32.

[ba9ag]

OK thanks that switch sounds exactly what I after, will test it out.

[ba9ag]

Thanks the IB switch worked perfectly and an image taken with it could be restored to an encrypted partition (if it was pushed out using the IB switch again). Is there a way of using the IB switch or something else on partition imaging as we only seem to have it working on disk imaging?

Thanks

[TheLibrarian]

Thanks the IB switch worked perfectly and an image taken with it could be restored to an encrypted partition (if it was pushed out using the IB switch again). Is there a way of using the IB switch or something else on partition imaging as we only seem to have it working on disk imaging?

Thanks

Sorry I didn't get back to you, I've been off for a while.

As far as I know, there is no way of using the -ib switch when imaging partitions.