Also AES has never been directly broken when it is used as a symmetric encryption algorithm with a 128 bit or higher key anyway. But anyway they will just forensically recover the key after it leaks from memory, this can happen in a ton of different ways (did you even take any technical steps against any of the numerous ways keys can leak to RAM?) and one person claimed in the security forum that it is more likely for this to happen in a VM guest than an OS running on hardware, but I don't know if this is true and they have still not yet given me a link to a citation. Even if it isn't true about key leaks being more probable in a VM, it is certainly true that key leaks are very probable even if you are not using a VM especially if you are taking zero precautions against this. So even though you are using freeware that implements strong encryption algorithms, you are not implementing it in a way that is fool proof (or even that secure) against forensics. Secure against cryptanalysis , yes, against forensics, no. Anyone who has done intelligence work related to computer security would recognize the difference between the two methods of attack, but you seem to be using forensics and cryptanalysis interchangeably. Live computer forensics will pwn you by hacking your system and doing a memory dump, dead computer forensics will pwn you when they recover your key that leaked all over the drive from memory.