I have Windows 10 which was encrypted by VeraCrypt.
There is no problems, errors or warnings with creating full image backup, but there is some troubles with deploying it on the same PC.
Full image backup is being restored, but I have an error with starting restored system:
firstly starting VeraCrypt Boot Loader in which I entered the password, nextly I have a message about automatic Windows recovery (because of loosing Windows Boot Manager). When I fixed Windows Boot Manager (/fixboot /fixmbr) - I have windows which is working ok, but without VeraCrypt Boot Manager.
How to create full image backup with VeraCrypt & Windows 10?
Does anybody have same problem?
When you power on PC for boot OS you input your password, drive becomes unencrypted and Windows boots normally, and Windows see all data at OS level unencrypted.
UrBackup create image backup of your drives using windows snapshots.
Inside Windows these snapshots unencrypted too.
Then UrBackup create image backup from unencrypted snapshot.
And when you restore image to hdd, data restores without encryption. VeraCrypt can’t decrypt it and you have an error with loader.
I’m not sure but I think with UrBackup you can’t create encrypted image which you have with VeraCrypt.
At least it looks like it correctly restored the VeraCrypt boot loader (contrary to Bare metal encrypted disk restore ). I implemented that but did not test restores.
To the OP: I beat my head against the wall trying to do what you are, but eventually realised this sort of backup strategy doesn’t make any sense.
There is precisely only one way to make a pristine backup and restore of an encrypted volume/disk, and that’s by blindly copying every raw sector using e.g. “dd” under Linux (or comparable DOS tool, offline under WinPE).
But that’s not the right approach, because you shouldn’t waste resources backing up the encrypted volume. It doesn’t compress, you have to copy everything including “empty” sectors, and incrementals are basically impossible. Not to mention that stuff like Changed Block Tracking on the underlying encrypted volume would be extremely inefficient if it worked at all.
The right approach is to backup the unencrypted (mounted) volume, restore it when necessary, then re-encrypt afterwards, skipping the crypto boot loader initially.
That way you get all the benefits of a regular backup, with none of the pointless complexity.
If you’re backing up Veracrypt/truecrypt & want to backup everything live (system booted) so it restores still encrypted you’re SOL.
Offline backup tools (DD from Linux, Clonezilla, or Macrium Reflect (with intelligent sector copy disabled & backing up booted from the rescue DVD) will all work… but the backups will eat space.
