ba9ag Posted May 25, 2010 Posted May 25, 2010 We are about to test trucrypt on some new laptops and have a couple of questions some of you may be able to offer some wisdom on: 1) We typically have two partions on our laptops the first is the sytem and all files and the second contains a ghost image of a factory setup (used to recover in disasters if needed!). Should we just encrypt the whole drive or ignore the backup partition and just encrypt the system partition? 2) Do people encrypt the Host Protected Area? 3) Does anyone have any experience with Ghosting an encrypted laptop. Just thinking if we set one up and encrypt it can we still image it to another identical laptop or is it best to image the laptops prior to running truecrypt and then run truecrypt individually on each laptop? Would be interested in hearing peoples experiences on the above. Thanks Dimas
Guest TheLibrarian Posted May 26, 2010 Posted May 26, 2010 1/ Encrypting the backup partition would not be much use, you would have difficulty getting to it if you needed to restore the backup. 2/ We routinely destroy the HPA, but I'd say same as #1. 3/ If you want to Ghost an encrypted partition / disk you would use the -ia switch which would image the disk sector by sector this includes every sector, even unused ones, because Ghost can not tell what is needed and what isn't. We decided to go with a normal image and encrypt afterwards, particularly as some laptops now have >300Gb HDD's which is one heck of a large image when you use -ia.
ba9ag Posted May 26, 2010 Author Posted May 26, 2010 Hi Librarian Thanks for the info, just to confirm with the HPA would you recommend not encrypting it?
Guest TheLibrarian Posted May 26, 2010 Posted May 26, 2010 I would definitely not encrypt the HPA, getting access to it if you need it would be next to impossible if you encrypt it.
ba9ag Posted May 26, 2010 Author Posted May 26, 2010 One other question if I may, how do you then reimage an encrypted laptop? Do you have to decrypt it prior to imaging as this would massively increase the reimaging time? Thanks
Guest TheLibrarian Posted May 26, 2010 Posted May 26, 2010 Decrypt I'm afraid, although I'm not sure what a hot image would do, I assume it would take an unencrypted image.
powdarrmonkey Posted May 26, 2010 Posted May 26, 2010 Decrypt I'm afraid, although I'm not sure what a hot image would do, I assume it would take an unencrypted image. If you leave it hot too long it might melt the case, you should watch out for that
sted Posted May 26, 2010 Posted May 26, 2010 surely if you ghosted an image to an encrypted drive it would just overight it wouldnt it?
ba9ag Posted May 26, 2010 Author Posted May 26, 2010 Yeah tried restoring a local image (unencrytped) to the encrypted system partition but it wouldnt boot afterwards and the TruCrypt bootloader was still present. I am just concered as to how we go about reimaging all these laptops six months down the line once they have been encrypted. I understand you can decrypt them and then send an image out and recrypt but the whole decrypt and recrypt process seems to take around 8 hours as opposed to one hour reimaging before!
ba9ag Posted May 28, 2010 Author Posted May 28, 2010 Anyone know how to backup the boot sector prior to running truecypt and then possibly restoring the boot sector if I copy an unecypted image across? Thanks
Guest TheLibrarian Posted May 28, 2010 Posted May 28, 2010 If you had used the -ib switch when taking the image, that would have backed up the boot sector too. IIRC you have to use the -ib switch when you push to image out too. Failing that, you can boot to the XP repair console on the CD and use fixboot IIRC. You can also use GDISK or GDISK32.
ba9ag Posted May 28, 2010 Author Posted May 28, 2010 OK thanks that switch sounds exactly what I after, will test it out.
ba9ag Posted June 6, 2010 Author Posted June 6, 2010 Thanks the IB switch worked perfectly and an image taken with it could be restored to an encrypted partition (if it was pushed out using the IB switch again). Is there a way of using the IB switch or something else on partition imaging as we only seem to have it working on disk imaging? Thanks
Guest TheLibrarian Posted June 14, 2010 Posted June 14, 2010 Thanks the IB switch worked perfectly and an image taken with it could be restored to an encrypted partition (if it was pushed out using the IB switch again). Is there a way of using the IB switch or something else on partition imaging as we only seem to have it working on disk imaging? Thanks Sorry I didn't get back to you, I've been off for a while. As far as I know, there is no way of using the -ib switch when imaging partitions.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now