Page 1 of 1

Backup target without a drive letter for SECURITY

Posted: Fri Dec 04, 2020 8:03 am
by millsys
When a system is hacked, they usually damage/delete/encrypt data on all available drive letters. Is there a way for R-Drive Image to backup to an NTFS partition without mounting a drive letter?

create /a /o -tid=vpegtcuvdppmgwnva8c8mah1 -s="hdd_vtype=real+hdd_port_num=0+part_size=1000104525824+part_ofs=16777216+part_id=2+part_fs=ntfs+part_mounted=E:\+hdd_target_id=1+part_label=NVMe-DATA2+hdd_name=HPT DISK 0_1 4.00+hdd_bus_type=fibre+hdd_size=1000123400192+hdd_num=8" -a="N:\WCIMAIL-E-DRIVE.rdr" -c=3 -u -bs -bs-apply-before -bs-num-b="2" -s-xr

This script shows it backing up to a file on N:, but can I provide -a= a different value that will target the same partition and place the file on that partition WITHOUT the OS having the drive letter mounted to the target partition? This would be ideal because it would throw off the hacker or script from the true location of the backup data.

Yes I did try creating two mvadd.cmd and mvdel.cmd 'backup aux applications', the scripts work fine if you run them in a command prompt or thru windows explorer to mount and unmount the drive letter, but if you add the scripts to the before and after of a backup schedule and have it run as administrator it still says 'drive does not exist'. I'm assuming r-driveimage checks for the drive letter BEFORE running the backup aux app script!

Re: Backup target without a drive letter for SECURITY

Posted: Fri Dec 04, 2020 1:31 pm
by millsys
Found a workaround

Open the Task/Actions
Adjust -a="N:\WCIMAIL-E-DRIVE.rdr" under the arguments to -a="\\?\Volume{5c7c3bb3-d642-4b34-baaf-ca06b02a734e}\WCIMAIL-E-DRIVE.rdr

Now it will backup to the 'hidden no drive letter' volume.
I got the above volume name using mountvol n: /L

Please note, the task will 'disappear' from R-Drive Image GUI, which is a good thing! This way if anyone was looking for possible backup locations they wouldn't have a list to work from. A simple batch to mount/dismount (using mountvol) is used if I need to access N: instead of using computer manager to assign a drive letter. If a Hacker exploits a flaw in the system and gets onto the system or gets their software to run, there is a very good chance they will not notice the unmounted NTFS backup volume!