When you delete data off your hard drive, is it truly gone? Well, yes and no, depending on where it’s deleted from. Basically, the answer is a bit complicated but here’s the short version: you should assume that data is never truly deleted unless the device has had a complete wipe.
To understand why this is this case, you need to look at how data is generally “Deleted” (and those quotes are intentional) from devices. Generally speaking, when you delete a file from your computer (and subsequently empty it from the recycle bin), that doesn’t always mean the file is actually gone. What it means is that the reference to the file is gone. When you delete a file, the reference to that file in the master file table (MFT) is removed, which is a much quicker operation than actually erasing the data. It tells the system that “Hey, this part of the drive is available to store data” so the system can eventually overwrite that data, but it doesn’t actually erase the data.
Basically, it’s like if you removed a page of the table of contents of a reference book. The data is still in the book, it’s just difficult to find.
Eventually, the space will be overwritten by something else, but how/when that happens is anyone’s guess. This is what is file recovery software like recuva, DMDE, or Disk Drill or services like DriveSavers use to their advantage: They’ll search those bits of your hard drive that are supposedly empty to see if any lingering data is around.
So how do you make sure your deleted data is truly deleted and inaccessible? Here are a few things we recommend:
- Encrypt your Drive: If you use full disk encryption on your drive (which we recommend for everybody, whether you are in a regulated industry or not), your data will not be recoverable should the drive get pulled from the computer and recovery attempted using the tools above. All they’d be able to recover is encrypted gibberish. This is by far the easiest way to keep your deleted data from prying eyes.
- Wipe Free Space: As mentioned above, free space on your drive could still have potentially recoverable data on it. To wipe that free space of any old data, you basically need to write over it again. You could use a third-party tool or the Windows Cipher command line tool to accomplish this.
- Full Disk Wipe: When you decommission, recycle, or dispose of your computer, we recommend you remove the hard drive and do a full disk wipe (we do this as part of our recycling services). Basically, you take the drive out of the system and hook it up to a tool that will write gibberish data to every sector of the hard drive multiple times. When we wipe drives, we follow the three-pass Department of Defense DoD 5220.22-M wipe process, which wipes the data on the drive the following way, making it unrecoverable:
- Pass 1: Writes zeroes and verifies the write.
- Pass 2: Writes ones and verifies the write.
- Pass 3: Writes a random character and verifies the write.
Interested in learning more about how Weston can help secure your data (and our backup and disaster recovery solutions, in case you delete something you shouldn’t)? Contact your local IT professionals today.
Leave a Reply