From VeraCrypt's documentation (here, section "System Partitions"), it sounds like one should be able to:
1) Boot a PE (or secondary OS),
2-3) Create & mount a new, empty encrypted volume (destination for cloning),
4) Mount an encrypted system volume (source for cloning),
5) Clone the mounted, encrypted system volume to the mounted, encrypted destination volume.
However, none of the clone/imaging software I've thus far tried has been able to see the mounted volume (Macrium Reflect, Norton Ghost, and Acronis True Image). I can mount the volumes and they're seen by the PE (i.e. I can navigate around the source filesystem) - but the cloning software does not see them as an available partition/source for cloning.
My question: Am I somehow misunderstanding the documentation? How can I clone an encrypted system volume in this way, as the VeraCrypt documentation seems to indicate?
Note that I'm not attempting to do the following:
- Clone the raw host partition (which would require cloning the entire partition, including all empty space, as the data is encrypted & the cloning software cannot see the filesystem)
- Clone while the encrypted OS is running (i.e. shadow copy). I need to be able to do this from a separate, external bootable media (aka doesn't require installing the cloning software on the OS to be cloned)
- Decrypt, clone the unencrypted data, then re-encrypt the source volume (for obvious reasons).