A common misconception when deleting files is that they are completely removed from the hard drive. However, users should be aware that highly sensitive data can still be retrieved from a hard drive even after the files have been deleted because the data is not really gone. Files that are moved to the Recycle Bin (on Microsoft Windows) or Trash (on macOS) stay in those folders until the user empties them. Once they have been deleted from those folders, they are still located in the hard drive and can be retrieved with the right software.
Deleting vs. erasing files
When a file is deleted from a hard drive, it is not erased. What is erased is the bit of information that points to the location of the file on the hard drive. The operating system uses these references to build the directory tree structure (the file allocation table), which consists of the file path for every other file on the hard drive. When the path is erased, the file essentially becomes invisible to the operating system. The file still exists, but the operating system doesn’t know how to find it. It is, however, relatively easy to retrieve deleted files with file recovery software.
Where do deleted files go?
As mentioned above, files that have been deleted still remain on a computer’s hard drive. The operating system does not know where to locate the file, so it becomes virtually invisible. Sometimes the file’s data remains intact after it’s been deleted, but sometimes it is broken into smaller pieces. If a user tries to recover a file after significant time has passed, they may only be able to recover fragments of the original instead of the whole file.
Erasing files from the cloud
Most cloud storage solutions operate on a data redundancy model that duplicates all data so it can be restored in the event of a disaster. Some providers also have a data retention policy that allows them to store data on the provider’s servers for an extended amount of time after a user deletes a file.
For most backup and file sharing services like Google Drive or OneDrive , you can delete files either locally or directly on the cloud server, typically through a browser or app. This action does not remove it from the cloud server, but instead just marks the file as deleted and keeps the file around in case recovery is needed. However, most services also offer the ability to permanently delete files—irrevocably removing the file from the system.
Here’s how to delete files from popular cloud service providers OneDrive and Google Drive. If you find you aren’t able to delete files from your cloud provider, contact the provider directly to ensure the data has been completely erased.
Read also: Network File Recovery: How To ‘Undelete’ A Delete
The only way to completely erase a file with no trace is to overwrite the data. The operating system will eventually overwrite files that have no pointers in the directory tree structure, so the longer an unpointed file remains in the hard drive the greater the probability that it has been overwritten. There are also many “file erasing” software products like Eraser (for Windows) and CleanMyMac X (for macOS) that will permanently erase files by overwriting them.
For Windows users, Eraser is a free tool that will overwrite your private data with random patterns until the data is no longer recoverable. It works with almost every version of Windows and offers multiple methods of overwriting your data. The program adds itself to File Explorer, so you can easily select a file, folder, or drive to erase.
For Mac users, files can be permanently deleted without a third-party tool. (Although there are tools available for permanently deleting files if that route is preferred.)
Vulnerable information is also stored on mobile devices such as tablets and phones. These devices rely on flash storage similar to that used in SSDs, meaning there is no foolproof way to securely delete the file. The data stored on the mobile device must instead be encrypted.
Because mobile applications have limited control over the file systems on phones and tablets, it’s difficult to recover deleted files. Once a file is deleted, it likely will not make an unwanted return.
Since secure deletion isn’t a large concern with mobile devices, users should instead focus on protecting their device from unwanted visitors. They should ensure a fingerprint or face ID or PIN code is enabled to prevent an unwanted user from accessing the device. All iOS and Android devices apply encryption by default, so as long as the lock screen is protected, the data is protected as well.
Even though deleted data is difficult to recover on a mobile device, a user should still perform a factory reset to securely wipe the data if they’re getting rid of the device.