File Deletion
Did you know that when you delete a file, all the actual data is still available and easily retrievable, even though you can’t see the file by conventional means? This is pretty basic computer info, but I don’t think that most people realize that it is the case.
So deleting a file doesn’t actually delete the file? Rest assured, it does….. the confusion comes when what most people think deletion means what a computer thinks it means.
Here’s what actually happens when you delete a file: The file gets marked as deleted and the space is considered to be free and hence OK to write data to. That’s basically it. All your data is still actually on the disc until some other piece of data gets written on top of it. With the right software, you (or anyone else) can recover part or all of the files (parts of deleted files may be overwritten by new data, so they may not be fully (or at all) recoverable). The first thing that always comes to mind with programs like that is the word “undelete”, as dos used to contain a command bearing that name that was for just this purpose.
Speaking of dos, it had an interesting way of deleting files. It would actually just delete the first letter of the filename. When you went to undelete a file, you actually had to specify the missing letter. Other types of filesystems use different methods for marking a file as deleted, but the basic idea is the same.
It should be noted as well that windows has an extra layer of “deletion” in the form of the recycling bin (which is a stolen version of the Mac trash can. Not being a Mac user though, I won’t speculate as to the actual function of it). When files are deleting through normal means (i.e. using explorer) they are not deleted at all but simply moved the recycling bin, which is an area set aside for data recovery. The recycling bin has a fixed size, and will actually delete old items to make room for new ones, or of course the user can manually empty the bin.
Of course, when people think of deleting a file, they usually think of destroying the data. When you think of it from a computer’s (or rather perhaps, a computer scientist’s) perspective though, that doesn’t make any sense. Actually overwriting the entire file would be very slow, for starters. It’s much quicker to mark the file as deleted and allocate the area it was written to as free space and call it good. On top of that, to the computer, the space is either in use or free. If it’s free (deleted), it doesn’t matter what’s there, just that it’s free to be written to. Also, a file is just a label for a set of sectors on the disc that store a specific piece of data. Deleting the file just disassociates label from the underlying structure.
So what do you do if you actually want a file permanently deleted with no hope of recovery? You need a program capable of doing so. The operation is usually referred to as file “wiping”. The program that I use for this purpose, which nicely integrates into the shell, is the GPL’d Eraser. (This is really a bad name though, as in some environments there is an “erase” command that is synonymous with the regular delete command). Programs like this will completely overwrite the data, several times.
Did I say up there that once the data is overwritten it’s gone? Yeah, well, not really. Anybody can run a download and run an undelete program that will recover files that haven’t been overwritten. However, even after being overwritten, there is a kind of magnetic residue left behind on the disc that can tell someone what was once stored there. This is the type of thing that is beyond 99% of the population. This basically leaves you with governments and rich people. To properly ensure the data cannot be recovered, you have to overwrite the data again and again and again. A guy named Peter Gutmann determined that you actually need to overwrite the data something like 35 times before all traces are gone. It’s really, really slow to do it that way. It should probably be noted that the DoD only overwrites like 7 or 9 times.
Now if you want to get technical about it, modern filesystems are bit more complex than I’ve let on, and you can’t just overwrite the data on the disc where the file was stored at because it keeps records of the data elsewhere for short periods of time and this could interfere with the whole process…. But I digress.
The gist of it is, if you actually want to delete files so no one else can ever see what was there, then you need a program that can do file wiping. Of course, you probably shouldn’t use that type of utility for everything you do. Lots of things that you delete probably aren’t all that sensitive and will tell no one anything they don’t already know if they get their hands on it. The recycling bin really is a good way to recover data that you accidentally deleted. If you go and overwrite the file 30 times, it’s never coming back, not even for you.
No TagsPopularity: 3% [?]
Hey Lucas!! I have a question for you then … I just bought this laptop from a pawn shop (cheap and awesome but anyway). How can I find out what was on it before I got it?? The previous owner deleted a bunch of files but I have found somethings here and there. Can I undelete anything on the hd????
Try free undelete. It may help you find something of interest. Keep in mind though that as you use the computer and it writes information to the disk it’s going to end up overwriting parts of those previously deleted files. Therefore, if you’ve had the laptop for a whiel and have been using it, you may not find a whole lot of usable data from before you bought it.