When is data on a drive that uses full-disk encryption at the greatest risk?

The greatest risk to data on a drive that uses full-disk encryption occurs when the system is logged in and in use. During this state, the operating system has access to the encryption key, allowing the data to be decrypted and used by applications and users. If an unauthorized individual gains access to the system while it's logged in, they can easily access the unencrypted data, making it vulnerable to theft or compromise.

When the system is turned off, the encryption protects the data since it cannot be accessed without the key, thereby posing minimal risk. Even when data is backed up, it can be secure if those backups are also encrypted and protected adequately. Storing the encryption key externally can be risky, as it may involve additional security concerns. However, the data itself remains secure as long as it leverages encryption. Hence, the most critical vulnerability occurs when the system is actively being used and the data is decrypted and accessible.