File Vault is the encryption mechanism used to protect user accounts on Apple’s Mac OS X file system. While disabled by default, many people rely on file vault to protect their personal data. Many criminals, no doubt, also use file vault to encrypt content that would otherwise be incriminating. The security offered by an encrypted volume comes at a price – Apple’s closed source approach has left a significant amount of ambiguity about how the system actually works, and many erroneous assumptions have left holes for data to be recoverable. Among these misconceptions are the idea that raw data inside a vault cannot be accessed, and the erroneous belief that mechanisms such as Apple’s free space wipe will remove deleted data. This brief how-to shows you how to obtain a raw disk image from a file vault, and illustrates that deleted data can be recovered. It also shows that mechanisms like Disk Utility’s “Erase Free Space” option doesn’t affect the deleted contents inside a vault.