Where do deleted files go?
The answer: nowhere. They are still there.
Deleting a file does not actually erase it. Computer systems delete files by marking the storage space that the file occupies as reusable. The data is still there and remains intact until the space is reused. With the increasing size of hard drives, obsolete data may remain intact for months since computer disk storage systems try to to use fresh, unused space before reusing previously used space to ensure that the drives wear evenly.
While cyber security movies and TV shows seem to imply that the hero can magically resurrect deleted files from an impounded computer, the fact is that anyone can purchase forensic software and use it to view the deleted information, pictures, etc., on any system to which they can gain physical access. Just think of how much information (e.g., tax returns, banking information) would be available on a system that was discarded, recycled or given away. Many have had their identities stolen in this manner.
Preventing deleted information from being exposed
There are two types of software available that can be downloaded from the Internet to truly erase your obsolete data.
- Disk wipers can erase an entire storage medium - hard drive, USB drive, etc.
- File shredders can erase individual files and folders on demand.
By "truly erase", we mean that the space that the data occupies is overwritten one, three or seven times to ensure that the data is unreadable. Why would some one want to overwrite hard drive space seven times? The reason is that when a file is overwritten, there is enough residual magnetism from the erased data on the hard drive to enable someone with a piece of sophisticated equipment to actually read the magnetic residue, known as "magnetic bleed". The seven time disk overwrite is recommended by the Department of Defense for their data. Chances are that for most individuals not involved in international espionage, wiping the hard drive three times would be fine.
A disk wiper is a program that is intended to completely erase all of the contents of the computer's hard drive. Disk wiping software is intended to completely erase an entire disk drive. Since the hard drive contains the operating system normally used by the computer, disk wipers are set up to be executed from a bootable DVD or USB storage device that you insert into your computer before you start the computer up. Upon boot-up, the operating system on the removable device will be loaded into the computer's memory along with the disk wiping software that it subsequently executes. Upon execution, the disk wiping software will ask you to identify the drive to be wiped and the type of wipe you would like performed. Once the hard drive has been wiped, it can be safely discarded or given away. Any new owner of the computer would need to install the operating system before the computer could be used.
A file shredder is a program that you install on your computer to truly erase files and folders that are deleted using that tool. Typically, when you have file shredding software installed, you may choose to shred the file or to just perform a normal, non-shredded delete. If you select the shred option, the file will be overwritten. If you select the delete option, it will not be truly erased. One thing to keep in mind with file shredders is that, while the file content is shredded when you right click the file and select the "shred" option, the data is not shredded when it is moved from one location on disk to another as a result of a file update. Because of this, disk shredders provide a "shred unused space" function that you can execute periodically to overwrite all areas of your drive that are currently marked as "available for use."
Contact the Information Security Office through the OIT Support Center at extension 2828 or firstname.lastname@example.org for more information and guidance regarding appropriate file shredding or disk wiping tools.