![]() Is the backup encrypted?Ī sector-by-sector backup is, by definition, encrypted using whatever whole-disk encryption technology is being used. I think it’s important that you be able to back up from within Windows. Not only does that take significantly more time, but it also can’t be automated and, quite honestly, doesn’t make much sense to me. Some backup programs state you must decrypt the drive (remove BitLocker, for example) to back it up, after which you can re-encrypt it. Some fail to backup an encrypted drive or partition even though the partition is mounted and accessible. Backup program confusionįor reasons unknown, not all backup programs work as I’ve described. Unfortunately, things still aren’t quite so simple.Ĭurious how disks get encrypted in the first place? How Do I Encrypt a Disk? will tell you. The only option the backup program has is to back up sector-by-sector. Outside Windows: if you instead boot from a backup program’s recovery disk to perform a backup (an option in many backup programs), then you’ll not have mounted your Windows system disk, and its contents will not be accessible to the backup program.It should be able to perform a content-aware backup just as if the system drive were not encrypted. The system drive is completely accessible, not only to Windows but to all the programs you run, including your backup program. Inside Windows: if you install a backup program in Windows and run it from within Windows, it works because you’ve mounted the system drive and supplied the password.If your system drive is encrypted, there are two scenarios for backing up. The only thing it can back up is each physical sector on that disk because it might contain data. Sector-by-sector: when a backup program cannot understand the contents of a disk, it has no way to locate individual files or folders and no way to understand what’s on the disk.Most backup programs work: they locate and back up only the files currently stored on the disk. Content-aware: this means the backup program can see all files on the disk and can back up using that information.Without the decryption key, the data appear to be random. Not mounted: the disk contents are just a collection of sectors, each containing encrypted data.Mounted: a password or key has been supplied, and the contents of the disk are accessible.There are two ways to “see” an encrypted hard disk: This leads to an interesting dilemma when it comes to backing up. If it’s your system drive, you can’t even boot Windows until the correct password or key is supplied. Without the encryption password or key, you can’t access the drive’s contents, period. To access the disk’s encrypted contents, disks encrypted using whole-disk encryption are “mounted” using the encryption password or key. Whole-disk encryption encrypts more than files it encrypts information about the files, including the information allowing the operating system to locate the files on the disk. Whole-disk encryption bypasses it all by ignoring files completely and encrypting everything at the next level down, when the data is written to disk. There are many approaches to encrypting files. (More correctly, it encrypts everything in a partition.) ![]() Whole-disk encryption (of the type performed by Bitlocker and other software) encrypts everything on your hard disk. The alternative is a sector-by-sector backup of the drive in its encrypted form, which would require both a complete restore and a separate encryption key in order to recover its contents. The most common and recommended approach is to back up the files on the disk in their unencrypted form, and then secure the backup some other way. There are two ways to back up an encrypted hard disk. ![]()
0 Comments
Leave a Reply. |