Given that enabling PGP encryption is as easy as ticking a few boxes in both Mac OS X and Windows, it’s no surprise that the authorities are now increasing their efforts to combat the scourge of people wanting to keep their private data private. For starters, new Secret Service recruits are given a one-week crash course in computer forensics, presumably so agents will be able to say with confidence, “Oh, dear, this drive is encrypted, better call my supervisor.”
As you can imagine, trying to get the data off a drive that’s been encrypted—PGP is the preferred method—isn’t the easiest thing in the world. Beyond begging the owner for the decryption password, which the FBI did back in 2009 when it wanted to inspect the contents of a hard drive suspected of having child pornography, you can try to bruteforce it, but who has the time? You can expect border patrol to have the computing power to bruteforce a PGP’d drive right there on the spot. An average length password (seven or eight characters) would take as long as an entire year to crack. That’s not exactly practical.
There are other options. Whereas the traditional way of saving data on a malfunctioning hard drive would be to turn the system off, thinking that you could “freeze” in place whatever data is on there, the best course of action when dealing with an encrypted drive is to keep the system on. At least there’s a chance the decryption password is still loaded in memory, and then you can try to retrieve said password.