I've recently decided to ditch BestCrypt Volume Encryption and return to my old favorite FDE solution, DiskCryptor. After years of development inactivity, it has recently been taken over and updated (some months ago) by a guy named David Xanatos, and now it includes full UEFI/GPT support as well, even Secure Boot if you're willing to use a Linux-based intermediary shim loader. And it has a fully portable bootloader that doesn't have to reside in any MBR (ISO boot). Furthermore, it is fully compatible with dualboot scenarios. I just had too much trouble getting a BCVEed Windows 10 to boot within a G4D/SVBus-controlled VHD, and I was never able to get BCVE to stop overwriting GRUB4DOS.
However, I don't want to fully commit to it yet. Anyone that has used an FDE solution in the past, already knows the importance of having a sound backup/recovery strategy. Without those, you're fucked if and when the shit hits the fan. As the old adage goes, anything that can go wrong, eventually will.
Getting to it, I now need to devise some kind of personalized recovery solution that I can boot in an emergency. I've considered WinPE, BartPE, WinBuilder, probably I missed something along the way.
I've gradually come to the conclusion that having a portable, fully deployed and ready-to-use alternate Windows 10 is the way I want to go. It would essentially act as an onboard recovery solution. Ideally contained within an ISO, WIM file, or VHD/IMG, which I could boot either as a filedisk or ramdisk with G4D/SVBus. I would want to have this stored in a separate partition on disk for fastest booting, I have 3 NVMe SSDs and 2 SATA SSDs, all internal. Booting externally from USB is just going to slow down the booting process, they (external HDDs or flash drives) cant compete with an SSD's disk access speed/boot speed.
So the plan is this (not yet finalized and open to revision):
1. Customize a Windows 10 ISO with something like NTLite or MSMG Toolkit, to strip out as much as much unnecessary BS as possible
2. Deploy this customized ISO into a VM
3. Install all the essential softwares I would need, to be able to recover my primary Windows installation. DiskCryptor, like pretty much every FDE solution out there, requires a disk filter driver to be installed, and this driver needs a reboot to take effect. Without it being integrated, I can't encrypt/decrypt other volumes.
4. Capture this VM installation into an ISO/WIM/VHD
5. Use an external bootloader like G4D to boot this recovery environment, which is actually a fully installed Windows, but portable and self-contained
That's pretty much what I'm aiming at, but I need ideas on how to proceed.