Re: "hidden volumes are detectable"
The two provided articles are non sequitur.
The first concerns forensic evidence of hidden containers within a running OS, such as VSS records, and has no bearing on booting into a secondary hidden volume, which the OS on the first outer volume knows nothing about (and thus contains zero forensic evidence).
The second is merely an assumption that, whilst booted into a hidden volume, the user might choose to write plaintext data somewhere outside of that volume, leaving a forensic trail that somehow proves the existence of the hidden volume. This is highly speculative, not particularly common (I've personally never heard of anyone doing that), and such an obvious blunder that it's very unlikely that anyone who would go to the effort of setting up an encrypted hidden OS would do it.
Nothing is ever perfectly secure, but I've seen nothing in those articles that would lead me to question the security of properly executed hidden volumes.
Biting the hand that feeds IT
