Turn OFF the computer?
Well, in doing that, there is no evidence that the hard drive was removed.
Assume you have a GOOD backup battery or battery, and assume the machine/laptop is plugged into AC. If in suspend/hibernate/sleep you can get 24 to 90 hours of battery life if the main power goes away, then, so long as you return before the battery dies, you will know whether or not the machine was power off physically and the possibility the hard drive was deprived of power for its removal for copying/cloning/perusing.
I leave mine suspended or screen lock so that if it IS compromized, the intruder who leaves it behind HAS to know the password and the state of my session (behind a locked screensaver) to restore it without my knowing something happened.
Now, if my ports are compromized, and I am not protecting via the kernel, or not disabling them, that is a separate and still-real issue. Is there an easy script in the security and time-out routine to disable all peripherals ports, even the external keyboard and mouse? Maybe, and I think now I will revisit that and act on it.
And, as for the need to obtain the password, IIRC, that is accomplished feasibly by pointing one or more RF and or microwave antenna at the keyboard in question and at the display to capture the unique RF emissions each key spews into the air. RF/IR air-scanning the LCD or CRT might be able to help pick up reflections off a nearby keyboard's finger-presses. Or, un-masked passwords can be seen right on screen.
When riding the transit, sitting in a coffee shop, and in the company of those I will not know nor trust, I whip out my keyboard-covering oversized sheet of paper and cover my hands.
Another thing people i see on transit doing is working on files with the file path showing up on the titlebar of the app. App developers and marketing departments not considering this need to be SLAPPED for this privacy breach. There are plenty of cases when the user should be given an ability to mask the full file name and the directory the file sits in. Sometimes, I just rename the file and move it to a very base path or in a fake name so that if anyone gleans at what I'm working on and takes to searching on the Internet, they hopefully won't find anything. But, partly that relies on app devs allowing us to mask or hide the name of the app, too, and hide references to the branding so that nosy people cannot go peruse the forums looking for the locale and help/support/suggestion submissions of users in some bid to social engineer a target. But, company marketing will seethe and hiss at providing users a way to mask the branding, and probably sayi users THAT worried need a $50-$80 privacy screen, a lid hood, or a private working area.