State of affairs: A Home windows person with Bitlocker-encrypted OS drive makes use of Win+L shortcut to lock their laptop, however leaves it powered on. At this level, their home is raided (by police, or thieves, or FBI, merely somebody with need to achieve entry to the info and technical means to mount a correct try to do it).

Query: Was there ever a recognized case, the place an attacker with bodily entry to operating laptop with Bitlocker turned on was capable of bypass the Home windows login display screen and achieve entry to Bitlocker-protected information on the pc, whereas the pc was already operating and was solely locked, and with out powering the gadget down throughout the course of?

Word: I’m conscious of DMA and coldboot assaults, and even the tactic of wiring the TPM to a FPGA board. These assaults normally require the goal gadget to be powered off, at which level some other mounted volumes (for instance, by way of VeraCrypt) would have been misplaced. My level is that any attacker making an attempt to beat the Bitlocker shouldn’t be going to preemptively guess that there is a mounted VeraCrypt quantity behind the Bitlocker and can energy the gadget down in some unspecified time in the future in an try to get by way of the Bitlocker first. Different questions on this website additionally pertain to eventualities the place delicate information is saved on the Bitlocker-protected gadget itself, however my query stems from state of affairs the place information is saved on totally different disks, utilizing totally different encryption and Bitlocker-enabled Home windows OS is only a gateway.