CryptoExpert uses an on-the-fly encryption system to encrypt and decrypt data. Data is stored in the encrypted form, but when it is requested by any application, it gets decrypted on-the-fly. Conversely, unencrypted data to be stored is encrypted instantaneously and then stored. The CryptoExpert system mounts a volume file to create a "virtual drive" that appears to applications and users like any other physical drive. Any data that the user attempts to write to this drive is intercepted by CryptoExpert, encrypted, and written to the volume file. Attempts to read from this volume are also intercepted, and the relevant data is read by CryptoExpert from the volume file, decrypted, and presented to the application trying to read the data.
Dismounting the CryptoExpert "virtual drive" ensures that data cannot be read from or written to it. All data is stored encrypted within the "container". As far as windows is concerned, there is a 'new' disk that has suddenly appeared. When the program exists or the volume is unmounted, the file system stays encrypted and there is absolutely no way anyone can recover/get the data without the pass phrase.