Can Ghost capture an image of a drive that uses BitLocker Drive Encryption or other software based disk or volume encryption?
Last Updated October 27, 2013
You want to know if Symantec Ghost is able to capture an image of a drive using Windows Vista's BitLocker Drive Encryption.
Symptoms The compression option is not available when you take an image of a disk that uses BitLocker Drive Encryption. Instead, Symantec Ghost performs a sector-by-sector copy of the entire disk.
Symantec Ghost will capture an image of a drive that uses BitLocker Drive Encryption using Sector by Sector cloning. When the disk / volume is still encrypted the Image should be treated as a backup as Ghost does an ‘Image All’ capture / restore of the entire disk / volume. When using BitLocker Ghost knows to enable Image All cloning and turn off compression. When restoring the encrypted image, it should be restored back to the same drive size or larger.
When a disk / volume is unlocked it looks completely unencrypted to Ghost. Ghost (GSS2.5) should handle the image creation without issue. However Ghost can run into problems on restore. The issues that Ghost encounters are dependent on the approach that the encryption software uses to hide its metadata. Symantec Technical Supports recommendation for this is to restore to an unencrypted drive and then to encrypt the contents afterwards – specifically for deployment. In some cases it may be possible to restore to an encrypted disk / volume as long as it is unlocked, but it is software encryption dependent (and also dependent on the source image).
In the case of Bitlocker, Ghost should be able to do ‘Partition’ restores to unlocked (unencrypted) bitlocker volumes. However for most purposes Symantec Technical Support recommends restoring to a disk with no software encryption and then encrypting it afterwards.