A common misconception when deleting files is that they are completely removed from the hard drive. However, users should be aware that highly sensitive data can still be retrieved from a hard drive even after the files have been deleted because the data is not really gone. Files that are moved to the Recycle Bin (on Microsoft Windows) or Trash (on macOS) stay in those folders until the user empties them. Once they have been deleted from those folders, they are still located in the hard drive and can be retrieved with the right software.
Deleting vs. erasing files
When a file is deleted from a hard drive, it is not erased. What is erased is the bit of information that points to the location of the file on the hard drive. The operating system uses these references to build the directory tree structure (the file allocation table), which consists of the file path for every other file on the hard drive. When the path is erased, the file essentially becomes invisible to the operating system. The file still exists, but the operating system doesn’t know how to find it. It is, however, relatively easy to retrieve deleted files with file recovery software.
Where do deleted files go?
As mentioned above, files that have been deleted still remain on a computer’s hard drive. The operating system does not know where to locate the file, so it becomes virtually invisible. Sometimes the file’s data remains intact after it’s been deleted, but sometimes it is broken into smaller pieces. If a user tries to recover a file after significant time has passed, they may only be able to recover fragments of the original instead of the whole file.
The only way to completely erase a file with no trace is to overwrite the data. The operating system will eventually overwrite files that have no pointers in the directory tree structure, so the longer an unpointed file remains in the hard drive the greater the probability that it has been overwritten. There are also many “file erasing” software products like Eraser (for Windows) and CleanMyMac X (for macOS) that will permanently erase files by overwriting them.
For Windows users, Eraser is a free tool that will overwrite your private data with random patterns until the data is no longer recoverable. It works with almost every version of Windows and offers multiple methods of overwriting your data. The program adds itself to File Explorer, so you can easily select a file, folder, or drive to erase.
For Mac users, files can be permanently deleted without a third-party tool. (Although there are tools available for permanently deleting files if that route is preferred.)
Vulnerable information is also stored on mobile devices such as tablets and phones. These devices rely on flash storage similar to that used in SSDs, meaning there is no foolproof way to securely delete the file. The data stored on the mobile device must instead be encrypted.
Because mobile applications have limited control over the file systems on phones and tablets, it’s difficult to recover deleted files. Once a file is deleted, it likely will not make an unwanted return.
Since secure deletion isn’t a large concern with mobile devices, users should instead focus on protecting their device from unwanted visitors. They should ensure a fingerprint or face ID or PIN code is enabled to prevent an unwanted user from accessing the device. All iOS and Android devices apply encryption by default, so as long as the lock screen is protected, the data is protected as well.
Even though deleted data is difficult to recover on a mobile device, a user should still perform a factory reset to securely wipe the data if they’re getting rid of the device.