I think the weak link in the chain is only after decryption, but before uncompression (for lossy formats, so books excluded). See, for example, [1] and [2], where the authors look at randomness and entropy measures of I/O to find where the decrypted-but-compressed buffers are.

[1] http://moyix.blogspot.de/2014/07/breaking-spotify-drm-with-p...

[2] https://www.usenix.org/node/182951