Passware Forensics Kit is much advertisement, less action. Its capabilities may be divided in two categories: recovering passwords and obtaining encryption keys. To put it simple, these are bruteforce and firewire attacks respectively. Any encryption software ever created is vulnerable to these attacks, however with sufficient limitations.
1. Bruteforce attack. This attack is based on the exhaustive search method, when every possible combination is being tried as your password. This attack usually takes lots of time and resources, and for long and secure passwords created keeping these recommendations in mind:
the process would take hundreds of years. Also, with BestCrypt v.9 you may change the so-called key-stretching parameters to set 1 attempt to guess your password take several seconds instead of common thousand's part of a second. This require thousand years for bruteforce to succeed.
2. Firewire (Cold Boot) attack. This attack works smoothly and no encryption software is protected. However, to make it work, one would need the following:
a. Target computer is turned on, encrypted drives are mounted.
b. Intruder has physical access to the target machine.
c. Target computer has firewire port.
d. Intruder has another computer with him, it also has a firewire port.
If these conditions are met, the attacker may succeed.
For me, it sounds like nonsense. If I am worried about security enough to encrypt my drives, why would I leave my computer turned on with encrypted drives mounted? In that case, it is easier to just access the data directly, not by dumping memory or scanning for keys. OK, let's assume someone breaks in unexpectedly.
In the context of "Cold Boot Attack", our recommendations are:
1) Do not leave your computer with opened BestCrypt containers.
2) Do not send your computer with opened containers to hibernate mode.
3) In case of an alarm, use "Hot key" functionality for fast dismounting BC containers.
4) In case of forced power-off, if you have UPS device, you will have the great advantage – because you will have a time to dismount the containers or to perform smooth shutdown.
So even though both these attacks are real threat, they can be hardly implemented in real life, only if user is careless enough to use weak password or let his machine exposed.