38631: Cloning Encrypted (BitLocker) Hard Drive

6 replies [Last post]
David Zevchak
Offline
Beginner
Joined: 2013-01-02
Posts: 2

Up to now I have been cloning my hard drive with the various versions of Acronis TI (now version 2013) without any issues. Unfortunately, I now need to clone my BitLocker encrypted drive. It appears from searching the forums that TI does not support this. Does anyone know if it will and if so when? Otherwise I have found another program Casper Secure Backup (http://www.fssdev.com/products/caspersecure/) that does clone an encrypted hard drive. I am now using the 30 day trial version and it works well, but I really don't want to buy it for $90 when TI has been working well for me for so long. Does anyone know of a solution with TI 2013 that I am missing? I really need to be able to clone the hard drive since it allows quick drive switch-out so I can be up and running in a matter of minutes not hours or even a day. Unfortunately, drive encryption is not a option - the data has to be protected.

Pat L
Offline
Acronis MVP Volunteer
MVP
Joined: 2010-11-30
Posts: 7849

You can create a backup of an encrypted disk using ATI in Windows when the disk is mounted in Windows. The image will not be encrypted. When you restore that image, you might have to repair the startup of the computer and you will have to reencrypt the drive.

Alternatively, you can use the 2013 recovery CD and do a sector-by-sector or clone and that should work.

I would strongly recommend you try to accomplish what you want using either of the 2 methods to make sure it is working on your hardware and security devices and settings.

__________________

Win 8.1 Pro x64 SSD + Software RAID 0 - ATI 2014 6614

Pasan Hapuarachchi
Offline
Beginner
Joined: 2013-01-02
Posts: 3

I am interested in the same feature.

Pat, speaking for both myself and David, the 1st solution that you proposed is not ideal from a security perspective. The resulting image file will have unencrypted data within it and anyone that gets hold of that image will have access to this data.

Of course, anyone who creates such an image could encrypt the resulting image file himself afterwards with some other tool (e.g. TrueCrypt), but this is very tedious. Also, such an encrypted image cannot be used as a basis for any incremental backups as it is post-encrypted after creating the ATI image and ATI will not be able to process such an encrypted image file.

The 2nd solution that you proposed - sector by sector - may be more promising. I haven't done such a back up yet, but I am presuming it doesn't need to get ANY data/tables from the partition - as everything is encrypted. I am not an expert on Bit Locker or hard drive structures, but I am presuming Bit Locker encrypts all the "structural" information on the drive as well.

Either way, this feature needs to be introduced to ATI soon, since it is not ideal to have to do different types of backups for different partitions. For example, I tried to do a full system backup yesterday, and ATI complained that it couldn't access my Bit Locker drive, which was encrypted at the time. I unencrypted it for the purposes of the backup since I didn't have anything substantially important in that drive. ATI should not force users to make separate backups for the regular partitions (regular backup) and Bit Locker partitions (sector-by-sector). It should figure this out itself automatically and create a single backup file without the user having to provide any sort of instructions. Although, if it sees that a partition is a Bit Locker partition and it is unencrypted at the time of the backup, it would be nice if ATI warns the user that the Bit Locker should be re-locked for the purposes of the backup. I hope someone from Acronis is reading this.

Thanks.

David Zevchak
Offline
Beginner
Joined: 2013-01-02
Posts: 2

I agree with Pasan's comments about an unecrypted image. I also don't think the recovery CD idea will work either since when I boot my computer it boots into the TPM and I have to enter a PIN as an unlock key. This mode is supposed to provide boot protection - so I don't think it will work.

What I can also add to this is that many companies (mine included) are requiring data encryption of their employees laptops to prevent data loss, theft, and leaks. This is now the condition for my laptop which uses the hardware TPM with BitLocker. My company does not provide backup services and I am left to back up the data on my own. (It is ironic that they go to lengths to protect the data but don't worry about backing up the data - but that is a discussion for another time). So I hope Acronis won't tell me the answer is to use their industrial grade product. I can not afford that - remember I am doing this on my own.

I too hope Acronis can see the handwriting on the wall and figure out a solution. I find it hard to believe that my company is the only one doing this. And my company is not a small business - it is big in supplying transportation products.

Pat L
Offline
Acronis MVP Volunteer
MVP
Joined: 2010-11-30
Posts: 7849

Note that you can encrypt the image that you would do from Windows, so it is protected as an encrypted TIB file. Therefore there is no security issues. Just use the archive encryption of Acronis.
It is when you restore it that the restored disk becomes not encrypted.

For, I guess, understandable reasons, Microsoft doesn't provide third party integration to the bitlocker encryption system, although it lets partners and Customers review the code (per wikipedia).

I don't know of any backup software, aside from Microsoft Backup, that can integrate with the Bitlocker security system. Your best option is to backup the content inWindows when it is logically decrypted and encrypt the archive.

__________________

Win 8.1 Pro x64 SSD + Software RAID 0 - ATI 2014 6614

Anton
Anton's picture
Offline
Forum Star
Joined: 2009-04-01
Posts: 4897

Hello Everyone,

Thank you for your posts and your detailed explanation Pat.

Just in case, here is an article that explains how our software works with encryption software.

I have forwarded your feedback to our Development team via Acronis Customer Listening system. We really appreciate your time taken to share your feedback with us.

Please let us know if there is anything else we can do for you.

Thank you.

__________________

Anton Deev

Acronis Customer Central | Acronis Backup Software

For more answers to your questions, try our Knowledge Base and Video Tutorials.

Check our Corporate and Consumer Handbooks and Online Documentation for help on managing your account, products and support.

Our mission is to create Customer success. Our management team welcomes your comments and suggestions on how we can improve the overall support we provide to you. Please send your comments, suggestions, or concerns to Managers or submit your feedback here.

Oleg
Oleg's picture
Offline
Acronis QA Engineer
Joined: 2009-04-16
Posts: 3003

 Hello all,

Thank you for your reports.

David,

Could you please confirm that you are speaking about the Clone option, not about the Backup feature? You can backup encrypted partition from within Windows.

Pasan,

Quote:
Either way, this feature needs to be introduced to ATI soon, since it is not ideal to have to do different types of backups for different partitions. For example, I tried to do a full system backup yesterday, and ATI complained that it couldn't access my Bit Locker drive, which was encrypted at the time. I unencrypted it for the purposes of the backup since I didn't have anything substantially important in that drive. ATI should not force users to make separate backups for the regular partitions (regular backup) and Bit Locker partitions (sector-by-sector). It should figure this out itself automatically and create a single backup file without the user having to provide any sort of instructions. Although, if it sees that a partition is a Bit Locker partition and it is unencrypted at the time of the backup, it would be nice if ATI warns the user that the Bit Locker should be re-locked for the purposes of the backup.

We will check what we can do in  this case and will update the thread. 

Thank you.

PS

Pat, 

Thanks a lot for your help. 

__________________

Oleg Lee

Acronis QA Team