I'm rather baffled by this one.

I am using Windows Vista and am running truecrypt version 6.2a system encryption with pre-boot authentication for the C: only. I have a D: which is not encrypted.

Using knoppix I have booted my machine into Linux and used the dd command to copy byte-by-byte the encrypted C: drive onto a USB drive partition of the same block size.

Booting back into Windows Vista and using the truecrypt GUI, I have selected my USB drive partition as the volume to mount (\Device\Harddisk1\Partition2). I then have tried any combination of options including "Mount as read-only", "Use backup header", and "Mount partition using system encryption without pre-boot authentication". I expected this last option to work. However I enter my password and every time I get the message: "Incorrect password or not a TrueCrypt volume".

So, questions:

  1. has anyone successfully made a true partition copy of their encrypted system drive and subsequently mounted it using the TrueCrypt GUI?
  2. do I need to mount using a keyfile instead of the password I use during boot?
  3. do I need to back up the boot partition as well as the C: drive partition?
  4. is there another way of achieving this goal of backing up and mounting my system partition?

Many thanks.

This is very important! TrueCrypt system encryption partition DOESN'T CONTAIN TRUECRYPT HEADER. Non-system Truecrypt encrypted partition or file container contain header at first 128 blocks and backup copy at last 128 blocks of file/partition. So it's to impossible to decrypt systen encryption partition without backup header. Header of system partition is at the last block of hdd's first track. You can backup header:

dd if=/dev/sdx of=header.img bs=512 count=1 skip=62

If you want to access partition backup you have to clone partition to same size primary partition to different hdd and mark it as bootable. Then you have to restore header. First check if the first track is empty:

sfdisk -l /dev/sdy

If first partition strats at block 63 or more it's ok but if it's lower block number you can't continue. Restore your header

dd if=header.img of=/dev/sdy bs=512 count=1 seek=62

The you can access your backed up system partition using "Mount partition using system encryption without pre-boot authentication".

Theoretically you can convert Truecrypt system partition to standard Truecrypt parition or file container but you would have to chage some bytes in encrypted header. (decrypt header, change and encrypt again) http://www.truecrypt.org/docs/?s=volume-format-specification byte 124 and 252

  Best answer so far; I gave up hope a while ago. It would be nice if there was an easier way. Backing up the system partition is very important in case your laptop gets attacked by virus.
    – PP.
    Commented Oct 8, 2010 at 9:08

Try cloning the C: partition, once it has been unlocked, to the USB disk and then re-encrypting it using TrueCrypt when you're back in Windows.

In Knoppix:

truecrypt --text --keyfiles="" --protect-hidden=no --mount-options=system --filesystem=none /dev/sdxN

where sdxN is your C:\ drive, it probably is sda1

After you enter your password, the volume will be mounted without mounting the filesystem (required for cloning). Then clone it to your USB disk (assuming your USB disk is sdb1):

ntfsclone -o /dev/sdb1 /dev/mapper/truecrypt1

Unmount the truecrypt volume

truecrypt -d

sdb1 is now an unencrypted clone of sda1. In TrueCrypt, in Windows, follow the same procedure you used to encrypt sda1.


I don't encrypt my C: (system) partition, however, I believe you can copy an encrypted partition into a file in an ext2/ext3 filesystem on your USB drive.

As a first test, you should verify that you can mount the encrypted partition from Linux (mount it read-only for ntfs). If that works, you should be able to mount an image of that partition in a file.

For exmaple, if your usb partition is mounted at /mnt/large and your encrypted C: partition is the second partition on drive /dev/sda, you could do something like:

(unmount sda2 first)

dd if=/dev/sda2 of=/mnt/large/sda2_image

Note that this would require the partition mounted at /mnt/large to be a bit bigger than the size of sda2. Also, the filesystem at /mnt/large would probably have to be a linux ext2 or ext3 filesystem because your C: (system partition) may be larger than 4GB.

After the image file is created, direct truecrypt to mount the image file (/mnt/large/sda2_image). Unfortunately, this image-file will not be directly accessible once you boot back to windows.

  Interesting idea; to copy from a partition into a file. And there'd be no reason why I couldn't copy that file from ext2/3 into NTFS. Just name the file something.tc. I can give this a go however I don't see why mounting the file would be any different from mounting the partition.
    – PP.
    Commented Nov 23, 2009 at 8:06

