A team of computer scientists has published source code that can in some circumstances bypass encryption used in Microsoft's BitLocker and Apple's FileVault and be used to view the contents of supposedly secure files.
We research, which describes how the contents of a computer's memory could be dumped to a hard drive and the encryption keys forcibly extracted.on their
The source code includes tools for imaging the target computer's memory through USB and Netboot, and analyzing the memory image to extract AES and RSA encryption keys, even if they're partially degraded. It was published to coincide with the Last HOPE hacker conference over the weekend in New York, where research team member Jacob Appelbaum gave a presentation.
This collection of utilities will be of special interest to security researchers and computer forensics specialists in law enforcement or working for police. (A Justice Department conference that starts Monday, for instance, includes two panels on computer forensics.) It allows police to seize a computer with an encrypted volume mounted that may be asleep or locked with a screensaver, plug in a UPS, and eventually extract its memory and encryption keys.
If you're worried about this threat or the possibility of, unmount your encrypted volumes when you're not using them or, better yet, completely power down your computer.
As more people use encryption--FileVault is built into all recent versions of OS X--finding ways to respond to it will become more of a challenge for law enforcement. In December, a federal judgea man charged with transporting illegal images could not be forced to turn over his PGP pass phrase.