>How To Backup True Crypt Data To Be Prepared For Emergencies


I have been using the encryption software True Crypt for years and ran only once into a situation where I nearly lost all the data on one of the partitions. Back then the header of the volume became corrupt, but since I had a backup of the header I was able to restore it so that I could access the data on the volume again.

Generally speaking, you have three different situations that you need to be prepared for: Corrupt or overwritten headers, data loss on the hard drive and forgetting the True Crypt password.

A few years ago a friend of mine accidentally quick formatted a True Crypt encrypted partition on his computer which had the consequence that all data on the disk became inaccessible since he did not have a backup header.

To avoid those horror scenarios, backups are important. Here is what you can do to prepare for True Crypt emergencies:

True Crypt Password

If you forget the password, the data on the True Crypt volume becomes inaccessible. You have two options here to avoid this worst case scenario. You can either write down your password in a secure location, or create a backup header with a different, basic password. Both options are not ideal as it gives attackers more options to discover the password.

After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password)

It is generally not advised to create a second header with a different weaker password for emergencies. You could write down the password and store it in a safe location, for instance at your parent’s house or a friend’s house.

Backing Up True Crypt Headers

True Crypt headers can be backed up and restored. This is important if the partition header becomes corrupt or is changed by malicious code or tools like format that modify the header. A click on Tools in the main True Crypt application window displays the options to backup and restore the True Crypt header.

The header is worthless without the password, keep that in mind. To Backup the header select Tools > Backup Volume Header after selecting an unmounted True Crypt volume (via Select File or Select Device). The Restore Volume Header function works in a similar fashion.

Backup data on a True Crypt volume

The third and final preparation is to backup the data that is stored on a True Crypt volume. True Crypt volumes are affected by hard disk failures just like any other storage device. You should therefor back up important data regularly. Since the data is encrypted, it is recommended to back up the data on another encrypted volume.

The suggested way is to create another encrypted True Crypt volume that matches or exceeds the size of the original volume. You then mount both volumes and copy the data from the old volume to the new volume. It is highly suggested that the new volume is located on another drive, local or network, or backup up on backup media like external hard drives, optical discs or the cloud / ftp servers.

The True Crypt documentation contains a guide on how to backup both standard True Crypt volumes and system volumes.

Closing Words

These three steps ensure that you can restore data or the full True Crypt volume in case of corruption or hard drive failures. Anything to add? Let me know in the comments.


About nonerox

Btech Student
This entry was posted in Windows. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s