Re: Defeating Draconian laws
This is an older one, but there are others:
also this has some brief summary:
The first is interesting, but assumes that the decoy OS contains "restore points" that has copied parts of the encrypted data of the hidden volume. This is in fact pretty unlikely seeing that the decoy OS will quite possibly not have any restore points, and if it has there is no reason to believe that any restore point would copy data from a part of the HDD that the decoy OS sees as free space. It in any case assumes that the OS is Windows Vista or later, and the best choice for a dummy OS would definitely be Windows XP.
The second is complete nonsense, as it depends on the hidden OS writing data to the decoy OS while it is running, when in fact the hidden OS has no access to the decoy OS so applications running on the hidden OS could never write "e.g. filenames" to the decoy OS.
The thing I was thinking of is that a dummy OS would (a) have a FAT32 file system and (b) not have any recognisable file fragments beyond the limit of a fairly low sector of the HDD. While a HDD that has both these attributes would raise suspicions, they are far from being proof that a hidden OS exists. At best they show that a hidden OS *could* exist