This project has moved. For the latest updates, please go here.

Veracrypt compatibility with Windows System Images

Topics: Technical Issues, Users Discussion
Feb 21, 2015 at 12:34 PM
If I encrypt my system partition using VeraCrypt, will I still be able to make Windows 7 System Image Backups?
If yes, What will happen if I need to restore Windows from a System Image backup that I made?
Will that system image be encrypted or not? 
     If so, how will the windows rescue disk be able to read the encrypted system image file?
If no, what are my alternative options?

Thanks
Feb 21, 2015 at 2:56 PM
I would avoid using Windows Backup and Restore since it does not encrypt the resulting backup files.

Which leads to the next question you may ask about using VeraCrypt to encrypt the external drive/partition holding your backups.

If you encrypt a partition on an external drive and you need to perform a restore of a system image, you will be unable to access/mount the encrypted partition on the external drive in order to perform the restore using the system image unless your backup software allows loading third party applications on a boot recovery disk which is not possible with the Windows backup and restore utility.

You will need to look at third party backup applications that can produce system image encrypted backups to your external drive and/or allow you to create a boot recovery disk with VeraCrypt installed as a third party app to mount an VeraCrypt encrypted external drive/partition.

Be aware that when performing system drive backups/images while the OS is running (Windows is booted), the resulting backup is not a VeraCrypt encrypted image. Meaning that you are relying the backup software's encryption to safeguard the data in your backups from being accessed which is usually protected by a password you provide. When you perform a restore, you will press ESC key at the bootloader and allow Windows to boot. Then decrypt the system drive and re-encrypt the system drive. Be sure to create a new VeraCrypt Rescue disk after re-encrypting the system drive.

If the backup of the OS is taken by using a CD/DVD/USB boot disk (Windows OS not running), then the backup image should literally be an exact copy of the system drive which has the drawback of including all the unused system drive space resulting is a larger backup file and taking more time to perform the image backup. If you are restoring to a different hard drive, this can get complicated as the third party app may attempt to resize and change the disk drive identifier for the OS.

As you can see from above, this is not a simple yes/no answer. However, it is important to start considering all the various nuances.

Be sure to read the documentation on Back Up Securely.

You can read more detail in Macrium Reflect's document Understanding Disk encryption and Macrium Reflect. Even though this document includes TrueCrypt, it is still applicable to VeraCrypt.
Feb 21, 2015 at 11:17 PM
Thanks for the detailed info. I am still confused however. I want to encrypt my system partition (the one with Windows installed). I also want to then have windows create automatic system image backups, which I understand will not be encrypted from what
you have said. However, those system image backups will be saved to an external drive with hardware RSA encryption built in. Even if you think this is not secure, i don't mind that. The question is, will windows even be able to create the system image backups
if the partition is encrypted with veracrypt? If yes, then if my system ever crashes and i need to restore windows from a system image backup, i would follow the normal procedure: boot windows from a recovery disk, tell the recvery software to restore windows
from one of the system image backups I had previously created (as per above). will this work? if yes, will be system partition now be unenrypted and I will have to reencrypt with Veracrypt after the system recovery? Thanks On Sunday, February 22, 2015 12:56:43
AM, Enigma2Illusion wrote:
Feb 21, 2015 at 11:26 PM
You will not be able to perform a restore using the Windows backup and restore utility if you encrypt the external drive.

I cannot answer your question regarding your hardware RSA encryption. You will need to contact the manufacturer regarding your question or perform a test to see if Windows backup and restore utility can access the backup files.