Backup target without a drive letter for SECURITY

Disk backup and restore, partition imaging and cloning, and drive copy using R-Drive Image.
Forum rules
Discussion on the R-Drive Image software
millsys
Posts: 5
Joined: Mon Feb 25, 2019 10:44 pm

Backup target without a drive letter for SECURITY

Post by millsys » Fri Dec 04, 2020 8:03 am

When a system is hacked, they usually damage/delete/encrypt data on all available drive letters. Is there a way for R-Drive Image to backup to an NTFS partition without mounting a drive letter?

create /a /o -tid=vpegtcuvdppmgwnva8c8mah1 -s="hdd_vtype=real+hdd_port_num=0+part_size=1000104525824+part_ofs=16777216+part_id=2+part_fs=ntfs+part_mounted=E:\+hdd_target_id=1+part_label=NVMe-DATA2+hdd_name=HPT DISK 0_1 4.00+hdd_bus_type=fibre+hdd_size=1000123400192+hdd_num=8" -a="N:\WCIMAIL-E-DRIVE.rdr" -c=3 -u -bs -bs-apply-before -bs-num-b="2" -s-xr

This script shows it backing up to a file on N:, but can I provide -a= a different value that will target the same partition and place the file on that partition WITHOUT the OS having the drive letter mounted to the target partition? This would be ideal because it would throw off the hacker or script from the true location of the backup data.

Yes I did try creating two mvadd.cmd and mvdel.cmd 'backup aux applications', the scripts work fine if you run them in a command prompt or thru windows explorer to mount and unmount the drive letter, but if you add the scripts to the before and after of a backup schedule and have it run as administrator it still says 'drive does not exist'. I'm assuming r-driveimage checks for the drive letter BEFORE running the backup aux app script!

millsys
Posts: 5
Joined: Mon Feb 25, 2019 10:44 pm

Re: Backup target without a drive letter for SECURITY

Post by millsys » Fri Dec 04, 2020 1:31 pm

Found a workaround

TASK SCHEDULER
Open the Task/Actions
Adjust -a="N:\WCIMAIL-E-DRIVE.rdr" under the arguments to -a="\\?\Volume{5c7c3bb3-d642-4b34-baaf-ca06b02a734e}\WCIMAIL-E-DRIVE.rdr

Now it will backup to the 'hidden no drive letter' volume.
I got the above volume name using mountvol n: /L

Please note, the task will 'disappear' from R-Drive Image GUI, which is a good thing! This way if anyone was looking for possible backup locations they wouldn't have a list to work from. A simple batch to mount/dismount (using mountvol) is used if I need to access N: instead of using computer manager to assign a drive letter. If a Hacker exploits a flaw in the system and gets onto the system or gets their software to run, there is a very good chance they will not notice the unmounted NTFS backup volume!

Post Reply