Apple 10144 Published by

Passware, a vendor of forensics tools for recovering data for law enforcement, has issued a warning that its forensics tools can bypass the security of FileVault disk encryption in Mac OS X if the computer is left powered on, recovering decryption keys from memory.



From Apple Insider:
While catering to law enforcement, the company issued a warning to home users "of the vulnerabilities of Mac encryption solutions and advises users to shut down their computers especially when working with confidential data."

When a system using full disk encryption is powered on, even if the disk is later left encrypted its contents can reportedly be recovered by analyzing the data stored in memory, which Passware notes includes the keys to decrypt FileVault.
  Forensics vendor warns Mac OS X FileVault vulnerable to decryption