I tried to read and understand the manual, FAQs, and discussions here but am still uncertain about backup.
My needs are simple. I am not worried about big-time adversaries, only minor crooks/hackers.
Windows 7 Pro, SSD drive has C: and D:. The D: partition has dozens of folder trees containing data files. One tree is encrypted using EFS. Others, like my photos, equipment manuals, etc., aren't encrypted.
I then use VC for a duplicate copy of my EFS-encrypted data files. (No system or partition encryption with EFS or VC.) I want to be sure that if I experience some major hard drive corruption or theft so I can't access EFS files, I've got a good copy of my VeraCrypt
volume that I can access anywhere with VeraCrypt program). I also have a subset of critical files copied to an IronKey.
Reading the docs and faq got me worried because it sounds like storing the VC envelope file on a USB drive at my bank safe deposit box is risky. I have three, rotating, HD Passport hardware encrypted usb drives. The current on stays at home, the other two at
My backup routine is two-pronged. I dismount VC and do a full system backup with Macrium Reflect. Until a few months ago, I just used Windows built in backup. I also do a backup copy of all my data files. They are decrypted in copying and re-encrypted by the
hardware on the USB drive. However, the VC volume is not decrypted in copying since it is unmounted and thus copied simply as a file.
Am I ok so far or am I missing some serious vulnerability? I am pretty sure that the IronKey is safe, but I don't really know how good the HD hardware encryption is.
If I am vulnerable, would this help: Remove critical files from the EFS partition and only store them in the VC volume? This will crfeate some added inconvenience since right now I don't even mount the VC volume unless I am doing backups.