Can Ghost capture an image of a drive that uses BitLocker Drive Encryption or other software based disk or volume encryption?

Article:TECH109637  |  Created: 2007-01-23  |  Updated: 2013-10-26  |  Article URL http://www.symantec.com/docs/TECH109637
Article Type
Technical Solution


Issue



You want to know if Symantec Ghost is able to capture an image of a drive using Windows Vista's BitLocker Drive Encryption.

Symptoms
The compression option is not available when you take an image of a disk that uses BitLocker Drive Encryption. Instead, Symantec Ghost performs a sector-by-sector copy of the
entire disk.


Solution



Symantec Ghost will capture an image of a drive that uses BitLocker Drive Encryption using Sector by Sector cloning. When the disk / volume is still encrypted the Image should be treated as a backup as Ghost does an ‘Image All’ capture / restore of the entire disk / volume. When using BitLocker Ghost knows to enable Image All cloning and turn off compression. When restoring the encrypted image, it should be restored back to the same drive size or larger. 

When a disk / volume is unlocked it looks completely unencrypted to Ghost. Ghost (GSS2.5) should handle the image creation without issue. However Ghost can run into problems on restore.  The issues that Ghost encounters are dependent on the approach that the encryption software uses to hide its metadata. Symantec Technical Supports recommendation for this is to restore to an unencrypted drive and then to encrypt the contents afterwards – specifically for deployment. In some cases it may be possible to restore to an encrypted disk / volume as long as it is unlocked, but it is software encryption dependent (and also dependent on the source image).

In the case of Bitlocker, Ghost should be able to do ‘Partition’ restores to unlocked (unencrypted) bitlocker volumes. However for most purposes Symantec Technical Support recommends restoring to a disk with no software encryption and then encrypting it afterwards.

References
Please refer to the Symantec Ghost Implementation Guide, page 319, for more information.



Legacy ID



2007102308264760


Article URL http://www.symantec.com/docs/TECH109637


Terms of use for this information are found in Legal Notices