Why Your Deleted Data Might Not Actually Be Deleted

Eric TateBlog

Why Your Deleted Data Might Not Actually Be Deleted

Why Your Deleted Data Might Not Actually Be Deleted

There are many reasons why you may choose or need to delete a file from your computer’s hard drive. Whether the file is no longer needed or it contains sensitive data, deleting a file is a standard practice performed by most computer users. When you delete files (and empty your recycling bin when applicable), they’re no longer accessible to you and the space taken up by them becomes available for other uses. As far as you can tell, your data is gone for good! You may not see the data anymore but does that mean that it is truly gone? With effort, could someone recover files that you have deleted? Read on to learn about why your deleted data might not actually be deleted.

Disclaimer

Everyone’s hardware setup is unique. In this discussion, we’ll be focusing on the most common computer setups out there. Later, we’ll discuss exceptions as well as ways to further protect your data.

If you have accidentally deleted data that you still need and found this while looking for recovery options, we hope that your recovery attempt is successful. But in this post, we’ll be focusing on how and why deleted data may still be available, not how to recover it.

Setting the Stage

The following information applies to the most common of computer configurations:  A standard hard disk drive without system-level encryption. For other types of situations, please refer to the exceptions below.

We’ll be keeping the explanations as simple as possible here by avoiding all the fancy technical terms like platters, file allocation tables, etc.

What happens when I delete data?

Your hard drive is comprised of a wide array of physical components that it uses to write, modify, and delete your data as needed. When you store information on your computer, it is written to your hard drive within bits of data. Those bits are mapped out and tell the computer how to access the data and where it is located.

When data is deleted from a computer, the operating system such as Microsoft Windows, tells the hard drive that the data is no longer needed. When browsing your files, you no longer see the file that had been deleted. But the bits of data holding that file aren’t actually erased from the hard drive itself just yet. Instead, the bits are marked as available for new data when needed.

Why exactly does this happen? There are a few different reasons why the data itself may reside within the hard drive’s storage even after erased. Data on the hard drive is consistently being read, modified, and written to while the computer is in use. In order to reduce the amount of activity on the drive, certain activity such as physically erasing the bits of data that hold deleted files is not performed. This helps increase the hard drive’s lifespan and helps keep its performance stable.

After a file is deleted from your computer, the bits of data it is stored on are marked as deleted. The hard drive’s mapping makes it so that the file is not visible when browsing files. Those bits on the hard drive are now available and can be overwritten with new data at any time. If new data gets written to the hard drive and happens to use those same bits as the previously deleted file, the bits will be overwritten and the deleted file will be gone for good. But because hard drives don’t just go in a specific order for the allocating of their data, there is no guarantee that any new data will target those available bits anytime soon.

If the bits haven’t been overwritten, is that file still there?

If none of the bits of data have been altered/overwritten since the file was deleted, it is possible for the data to be recovered. When working with a team of certified I.T. professionals such as our team here at Diligex, we can use various tools and methods to help recover data when applicable in that state.

It’s important to note though, that the same methods used by qualified and helpful technicians can be used by malicious individuals looking to recover sensitive data. If your computer’s hard drive were to fall into the wrong hands, any data within it such as those already deleted could be theirs for the taking.

How can I protect my data and keep people from recovering my deleted information?

The following are a few tips that you can use to help protect your data.

  1. Secure it – Make sure that your computer is stored in a safe place such as within your residence. If using a laptop, never leave it unattended when out in public.
  2. Encrypt it – Most modern computers include the native ability to encrypt the data that is on the hard drive. Doing so means that the hard drive can only be read by the computer it is connected to as long as its security prerequisites have been met. Attempts to remove the hard drive and read it manually would be unsuccessful.
  3. Destroy it – If you replace or are no longer going to be using a computer, the hard drive should be removed prior to recycling or donating the computer. The hard drive itself should then be physically destroyed using a valid data destruction vendor.

What are the exceptions?

There are certain cases where the above information does not apply.

  1. SSD drives with TRIM – Each day, the use of SSD (solid state drive) disks are becoming more common. These types of disks forgo the platters and physical writing associated with traditional hard disk drives in favor of persistent memory similar to devices you may be used to already such as memory cards or USB flashdrives.
    When configured correctly, modern SSD drives use a command feature called TRIM which helps maintain the integrity of the drive. Part of that command is to automatically wipe the bits of data associated with deleted files at the time that they are deleted. This means that data that is fully deleted from within the operating system is no longer available for recovery once the TRIM back-end command has completed.
  2. Hard drive encryption – This one is a partial exception. If you are utilizing a traditional hard disk drive, encryption on the drive will help prevent data from being able to be recovered from the drive itself if it were to fall into the wrong hands. However, recovery may still be possible if someone attempts it while logged into the secured computer itself after the access to the drive has been granted.
  3. If the hard drive is no longer being used actively and has completed a full overwriting reformat (sometimes referred to as a zero wipe), then all of the drive’s data bits have been overwritten with zeroes in order to prevent recovery.

Conclusion

Our team here at Diligex takes your data security very seriously. We provide managed backup solutions designed to prevent the need for tedious hard drive recovery processes and utilize the best of today’s data storage standards to help keep your data as safe as possible.

If you are a Diligex Managed IT subscriber and have questions regarding your data security or would like to learn more about how we can help enhance your systems, please reach out to us at https://diligex.com/contact. If you’re not a Diligex Managed IT subscriber, feel free to reach out to us as well at https://diligex.com/contact to learn about how our team of highly skilled and passionate I.T. professionals can help your business succeed.