quote: I highly recommend TrueCrypt
quote: Passware Kit scans the physical memory image file ( acquired while the encrypted BitLocker or TrueCrypt disk was mounted , even if the target computer was locked), extracts all the encryption keys, and decrypts the given volume. Such memory images can be acquired using Passware FireWire Memory Imager (included in Passware Kit Forensic), or third-party tools, such as ManTech Physical Memory Dump Utility or win32dd.If the target computer with the BitLocker/TrueCrypt volume is powered off, encryption keys are not stored in its memory, but they could be possibly recovered from the hiberfil.sys file, which is automatically created when a system hibernates.NOTE: If the target computer is turned off and the TrueCrypt/BitLocker volume was dismounted during the last hibernation, neither the memory image nor the hiberfil.sys file will contain the encryption keys. Therefore, instant decryption of the volume is impossible . In this case, Passware Kit assigns Brute-force attacks to recover the original password for the volume.