Quote from: Guru on August 09, 2012, 10:59 amQuote from: Delta11 on August 09, 2012, 04:09 amQuote from: sourman on August 09, 2012, 02:42 amThey can't break the encryption or a very strong passphrase, but they can still pull your master key from RAM if the encrypted container (or partition) is mounted while the computer is running. Then there are remote exploits, plug in keyloggers, and other tricks beyond that. The article you mentioned does show that they can't just magically open encrypted files, at least not for run of the mill criminal cases.They can also what is called a "cold boot attack." In cryptography, a cold boot attack (or to a lesser extent, a platform reset attack) is a type of side channel attack in which an attacker with physical access to a computer is able to retrieve encryption keys from a running operating system after using a cold reboot to restart the machine.Excellent post, thank you. I have always maitained that the best defence is to remain anonymous. By the time the cops are breaking down your door, you've already lost. GuruWell said Guru - of course the fact that full disk encryption may be your last layer of defence makes it all the more important! To any interested parties, I sugges you use a Keyfile as well as a decent size password and try to practise plausible denial in encryption i.e encrypt a disk such that it the Truecrypt bootloader isn't stored on it so it's not immediately apparent it's been encrypted. (USB sticks lend themselves very well to this). You can also use a hidden partition so if you're compelled to hand over one password you can give the one way to your main volume, leaving your most confidential data safe.V.