I’ve used several iterations of Acronis TrueImage over the years and have
recently upgraded to Acronis TrueImage Home 2013. I’ve had some minor issues
with waking the PC from sleep mode to run backups, etc., but nothing really that
serious. However, in a recent back and forth with Acronis support, I’ve been
told that I cannot use TrueCrypt with Acronis software. I don’t get this and
the language with their support guys makes it even more difficult to
understand. What’s more, I’ve already restored disk images with this software
on two different occasions and everything seems to have restored correctly.
What are they talking about?
In this excerpt from
Answercast #77, I look at possible issues that backup programs, such as
Acronis, may have in backing up encrypted volumes.
]]>
Backing up TrueCrypt volumes
To be honest, I’m not sure. Using TrueCrypt with any backup software – be it Acronis or Macrium or any of the others? I just don’t see how there would be a problem.
There are two approaches that we might take. One is with the TrueCrypt containers not mounted; it’s just a file! It’s just another file on your hard disk – and the backup software should be able to backup “just another file.”
If the TrueCrypt container is mounted, the only thing I can think of is potentially a small conflict if the backup software is trying to access the file “exclusively” – or what I would actually say is, “in the wrong way.”
In other words, when TrueCrypt has your volume mounted, it actually has exclusive ownership of the file: the file on the “outside”; the container file. What that means is while TrueCrypt has it opened, you can’t delete it. You can’t write to it; you can’t rename it; you can’t do anything to it. You can do everything you want in the mounted “volume,” but the actual volume file that contains all that is locked by TrueCrypt.
Maybe what they’re concerned about is that Acronis can’t access the file while it’s mounted. There are technical work-arounds for them that they should be able to do, but maybe that’s what they’re concerned about.
Back up the encrypted contents
The other approach to backing up your TrueCrypt data is not to backup the container, but to actually backup the contents of the container.
What that means is that the TrueCrypt volume would be mounted and you would then instruct your backup software to backup the volume, the mounted container. So for example, if on my C drive I have Foo.tc (which is my TrueCrypt container), look at that and it’s just encrypted noise.
When you mount it with TrueCrypt, TrueCrypt will assign a drive letter (I’ll just say F) and if you then take a look at F, what you’ll find is the contents of your TrueCrypt volume: all of the files within it. You could then backup the contents of F and you would be backing up the unencrypted files to your backup.
That’s a very valid way of doing it – as long as you have your backups themselves properly secured in some other manner.
It’s possible, I suppose, that Acronis doesn’t like to backup mounted volumes like that. I’d be surprised, but it’s possible.
Unmounted volumes are just a file
Ultimately, my approach has always been to backup the unmounted volume. In other words, the first scenario where what we’re dealing with here is “just another file.”
I know that some backup programs can use services, which will allow you to backup the file even if it’s mounted. I’m not sure why Acronis wouldn’t necessarily be using that.
So, I can hypothesize some issues that they might have with TrueCrypt, but ultimately, I’m not really sure what they’re saying. In my opinion, the proof here is in the pudding. You’ve been doing it; it’s been working for you. That’s great!
You might want to double check that things are working properly since you upgraded to Acronis 2013, but ultimately, if it works, then I’m happy with what you’ve got running.
I am currently (as you know) recommending Macrium Reflect in lieu of Acronis, mostly because of Acronis’ support. But I believe that Macrium also handles all of this properly as well.
(Transcript lightly edited for readability.)
Next from Answercast 77 – How can I read an epub formatted book on a Kindle?
It may have to do with an incremental backup. Acronis has an option to preserve a time stamp of a container unchanged even if its content was changed. In this case an incremental backup will not see a necessity to copy a new version of this container to the backup.
Sorry about an error. Oviously I was writting in my previous post about an option in TrueCrypt not in Acronis!
By default, TrueCrypt preserves the time stamp of the TC volume as a security measure to make it appear that the file has not been updated. This is a problem also with using TrueCrypt volumes inside of DropBox folders. To get around this, the setting in TrueCrypt can be changed to allow the time stamp to be updated every time a file on that volume has been changed.
http://ask-leo.com/why_wont_my_truecrypt_volume_backup.html
http://ask-leo.com/how_do_you_run_truecrypt_with_dropbox.html