The reason being a software called “ Forensic Disk Decrypter “ by Elcom soft which claims to decrypt major 3 encryption software namely BitLocker, TryeCrypt & PGP.
So where does that leave us ?
" Three Ways to Acquire Encryption Keys
Elcomsoft Forensic Disk Decryptor needs the original encryption keys in order to access protected information stored in crypto containers. The encryption keys can be derived from hibernation files or memory dump files acquired while the encrypted volume was mounted. There are three ways available to acquire the original encryption keys:
By analyzing the hibernation file (if the PC being analyzed is turned off);
By analyzing a memory dump file *
By performing a FireWire attack ** (PC being analyzed must be running with encrypted volumes mounted).
* A memory dump of a running PC
can be acquired with one of the readily available forensic tools such as MoonSols Windows Memory Toolkit
** A free tool launched on investigator’s PC is required to perform the FireWire attack (e.g. Inception)"
1. If you don't have a hibernation file (hiberfil.sys), there's one way that foils the program. How to delete the hibernation file is detailed here: http://www.howtogeek.com/howto/15140/wh ... delete-it/
2. If you have memory dumps set to not write (Start -> Settings -> Control Panel -> System -> Advanced System Settings -> Startup and Recovery Settings -> uncheck the "Write an event to the system log" box) then there won't be any memory dumps to view. Either that, or regularly check for memory dumps (file extension .dmp) and erase them. Besides, the encrypted volume has to be mounted in order for Elcomsoft to work. Why not just read the mounted volume?
3. If your PC is unattended and turned off, you have no hiberfile.sys and no TrueCrypt encrypted volumes are mounted, the Elcomsoft software does not work and TrueCrypt will protect your data so long as your password is sufficiently secure.
Need some more help.
First, I am sending this Hard Disk to someone else, so if it gets stolen, would it be possible for someone else to retrieve any data from it ?
Even if the Hard Disk was in my PC & Volumes mounted, my upload speed really sucks ( Few Kbps only ) so it would take a long time to steal considerable amount of data, right ?
I do use Folder Lock to encrypt smaller very important files, so that would give me added protection, right ?
How about the hidden Volumes created by TrueCrypt ? Would that make it difficult to access them by Elcom software ?