Yes. It is always possible to dump memory and find an encryption key if it currently held in RAM.
In the case of something like WinRAR where you need to enter the password every time you decrypt/encrypt a file, the key is likely erased from memory after it is finished with. (You'd hope it was, but WInRAR is closed source, so this isn't independently known).
With bitlocker, the key has to be held in RAM while the OS is running, so that files can be immediately decrypted/encrypted.
If you use a hacking technique to dump RAM (e.g. use a firewire hacking tool - an oversight during the design process of firewire, allows a firewire peripheral direct access to system RAM, bypassing all OS and CPU RAM protection systems. You can now buy tools that use this). A dongle containing a hard drive is connected to a firewire port and a button pressed on the dongle. The Dongle reads the entire host system RAM and saves it to a hard-drive connected to the dongle. You can then use a forensic analysis tool to examine the snapshot and recover encryption keys - e.g. there are commercially available (under $500) tools that can scan a snapshot file and retrieve bitlocker keys. Theoretically, the same could be done with Truecrypt, but I don't know if any commercial tools are available for it - although I'm sure certain consultancy firms could provide a custom tool, or extract truecrypt keys manually from a dump, for a price.
If you really are handling highly confidential information, firewire ports are a massive security hole. If you don't need them for work, keep them disconnected or fill them with glue to deactivate them.
As to encryption techniques:
AES-128 is known to be very strong, and is overkill for any conceivable commercial and most government needs. The algorithm is sufficiently simple that it has been subject to very extensive analysis with no real significant weaknesses.
AES-256 is similar to AES-128, but it was designed rather as an afterthought, and several weaknesses have been discovered in the bit of algorithm changed between 128 and 256. It is still thought to be at least as strong as AES-128 in all cases. However, because of the more complex algorithm, it has had less extensive analysis than AES-128.
As AES-128's strength is already ludicrous overkill, and the algorithm is simpler and has been most thoroughly analysed, there's a lot to be said for preferring AES-128 over AES-256. There is little benefit in going to AES-256 from AES-128. AES-128 is already such extreme overkill that any additional theoretical strength from AES-256 is negligible when compared to other unrelated security issues (e.g. a hidden microphone picking up the sounds of you typing your password, and allowing a listener to decode the password from the sound).
The same goes for multi-algorithm encryption or the use of alternative algorithms in software such as TrueCrypt. Twofish is arguably a significantly better algorithm than AES (Twofish was a finalist against AES in the competition, but AES won because it was simpler and better suited to smart-cards and ultra-low power mobile devices/RFID chips). However, most security experts would advise the use of AES rather than Twofish (even the inventors of Twofish recommend this), for the simple reason that AES has been better examined and investigated, and no relevant defects have been found despite this intense scrutiny.