I've recently read about the cold boot method, where it's possible to obtain the key for an encrypted filesystem from DRAM. This can be done even after the computer is turned off, but it requires special equipment that is very difficult for most people to obtain. Then it occurred to me that there's a security risk where an attacker could gain the key to an encrypted disk without having access to expensive hardware: if the page containing the key is ever swapped out to the hard drive, the attacker would only need to read the swap space to get the key. I don't think on-the-fly disk encryption programs encrypt the swap space, since it's conceptually part of RAM, so an attacker would be able to read the unencrypted contents of the swap space and get the key.
I've been thinking of using FileVault to encrypt my Macbook's data in the future, since I'm one of those paranoid types. I came to this decision after learning that it uses AES encryption, which IMO is the best cipher out there. But I'm just concerned about this vulnerability. Do programs like FileVault have a means to protect against the key being swapped out to an unencrypted swap space for an attacker to read? If so, what is it?
EDIT: Actually, I just realized, that, at least on Mac OS X, the swap space is part of the filesystem, and it's stored in /var/vm as I just recently discovered, so in the case of OS X, FileVault would probably encrypt any pages that are swapped to the hard drive. This might not be the case with Linux, since swapping is done with a separate swap partition. I'm not sure how it's done in Windows.
