I have spent some time reading around this forum but I need some help. Be patient I am new and trying here. I hope Steve6375 finds this post because his brains would come in handy about now. There are many great folks here and I readily admit I am a newbie. In fact I am using a "fossil" grub4dos but it is working great.
This is not just another TrueCrypt thread. I am currently using grub4dos on a bootable usb as needed. I mount 7 Pro as a normal unencrypted system disk and a hidden encrypted 7 OS on half my machines using grub4dos. On these machines I remove the TrueCrypt bootloader and run an unencrypted 7 OS in sda1. I use a grub4dos bootable usb to mount the hidden OS when needed -- its in sda2. Its basic stuff really but I'll paste here for reference:
title TRUECRYPT RESCUE DISK
find --set-root /tc.iso
map --mem /tc.iso (hd32)
map (hd0) (hd1)
map (hd1) (hd0)
map --hook
root (hd32)
chainloader (hd32)
I have used and helped scores of folks with TrueCrypt and now I want to take this to another level. I made a sector by sector image of sda2. I have acid tested the image by destroying sda2 in the original location and then replacing it with the saved image. It works perfectly so its ready to go and accurate.
My project: is to redeploy the sda2 image to somewhere else on the disk better concealing the fact that there is a hidden OS in play. Then I can overwrite the current sda2 and put something else in its place. The TC code goes to the following address to find the hidden OS: For system encryption, bytes 65536–66047 of the first partition located behind the active partition* are read into RAM. Since my image is exact when I redeploy it the header address will be the same (65536-66047). By not changing the original size of the normal system disk, the cloned hidden OS will match size with the original donor, meeting many of the TC parameters so it should pass any crc tests.
Using Grub4dos how can I either hide,make active/inactive, etc so that when the grub4dos usb is booting it will completely ignore sda2 and look at sda3 instead? (sda3 is an example so lets use it). I don't need TC to see anything other than sda3 in this example and ignore sda2 completely. Maybe a command line structure could make TC think that sda3 is sda2 (re-map?). I am open to any combination that would accomplish this task. In a perfect world this use of grub4dos won't change a single byte on the actual hard disk leaving no forensic loose ends!
From reading here I know that windows tends to find hidden partitions, but I am hoping that using grub4dos on a bootable usb, will allow me to hide them long enough to mount the hidden OS as positioned in my example above. I don't think this method will mess with the partition table since all three partitions already exist on my drive and its working fine now.
I could really use some help here. Thanks.