IMPORTANT: If you store the backup volume in any location that an adversary can
repeatedly access (for example, on a device kept in a bank’s safe deposit box), you should
repeat all of the above steps (including the step 1) each time you want to back up the
volume (see below).
If you follow the above steps, you will help prevent adversaries from finding out:
•
Which sectors of the volumes are changing (because you always follow step 1). This is
particularly important, for example, if you store the backup volume on a device kept in a
bank’s safe deposit box (or in any other location that an adversary can repeatedly access)
and the volume contains a hidden volume (for more information, see the subsection
Security Requirements and Precautions Pertaining to Hidden Volumes
in the chapter
Plausible Deniability
).
•
That one of the volumes is a backup of the other.
System Partitions
Note: In addition to backing up files, we recommend that you also back up your TrueCrypt Rescue
Disk (select
System
>
Create Rescue Disk
). For more information, see the section
TrueCrypt
Rescue Disk
.
97
To back up an encrypted system partition securely and safely, it is recommended to follow these
steps:
1. If you have multiple operating systems installed on your computer, boot the one that does
not require pre-boot authentication.
If you do not have multiple operating systems installed on your computer, you can boot a
WinPE or BartPE CD/DVD (‘live’ Windows entirely stored on and booted from a CD/DVD;
for more information, search the section
Frequently Asked Questions
for the keyword
‘BartPE’).
If none of the above is possible, connect your system drive as a secondary drive to another
computer and then boot the operating system installed on the computer.
Note: For security reasons, if the operating system that you want to back up resides in a
hidden TrueCrypt volume (see the section
Hidden Operating System
), then the operating
system that you boot in this step must be either another hidden operating system or a "live-
CD" operating system (see above). For more information, see the subsection
Security
Requirements and Precautions Pertaining to Hidden Volumes
in the chapter
Plausible
Deniability
.
2. Create a new non-system TrueCrypt volume using the TrueCrypt Volume Creation Wizard
(do not enable the
Quick Format
option or the
Dynamic
option). It will be your
backup
volume so its size should match (or be greater than) the size of the system partition that
you want to back up.
If the operating system that you want to back up is installed in a hidden TrueCrypt volume
(see the section
Hidden Operating System
), the
backup
volume must be a hidden
TrueCrypt volume too. Before you create the hidden
backup
volume, you must create a
new host (outer) volume for it without enabling the
Quick Format
option. In addition,
especially if the
backup
volume is file-hosted, the hidden
backup
volume should occupy
only a very small portion of the container and the outer volume should be almost completely
filled with files (otherwise, the plausible deniability of the hidden volume might be adversely
affected).
3. Mount the newly created
backup
volume.
4. Mount the system partition that you want to back up by following these steps:
a. Click
Select Device
and then select the system partition that you want to back up (in
case of a hidden operating system, select the partition containing the hidden volume
in which the operating system is installed).
b. Click
OK
.
c. Select
System
>
Mount Without Pre-Boot Authentication
.
d. Enter your pre-boot authentication password and click
OK
.
5. Mount the
backup
volume and then use a third-party program or a Windows tool to create
an image of the filesystem that resides on the system partition (which was mounted as a
98
regular TrueCrypt volume in the previous step) and store the image directly on the mounted
backup
volume.
Dostları ilə paylaş: |