Last week there was quite some discussion about “successful attacks” on Bitlocker. Those discussions are often quite interesting for me as they show sometimes that people are looking for one technical solution for all the problems.
Bitlocker has a clear threat model it wants to protect you from. This is mainly the loss of your computer. If it is running and the attacker is admin – well Bitlocker cannot protect you. To quote a blog post of our Windows Security Team: Our discussions of Windows BitLocker have always been to communicate that it is intended to help protect data at rest (e.g. when the machine is powered off).
So, if you want to read the whole post, it is definitely worth it: Windows BitLocker Claims
That's exactly the point. However there is at least one scenario, in which fresh-stolen notebook may be decrypted even if it's locked (not hibernated or turned of, of course) - if we have FireWire port enabled onboard - it gives access to memory =(