Article 2 of 3: Can The FBI Recover Data You Deleted?

This is a guest post series written by Elena Pakhomova, Marketing and Development for the data recovery software company www.ReclaiMe.com.

There are three articles to this series that examines the method(s) of deletion at the user-level, at the operating system level, and at the hardware level. Please visit again to capture the rest of the story…

image

In light of recent high profile espionage events, subject of personal data protection has become very popular. In this article I will try to shed light on the subject of data deletion and answer the question how does one delete the data so that even the FBI fails to restore it.

There are three parts involved in data management on every device, be it a PC, phone, or some other gadget.

User who creates content, manages it, and finally deletes it. –  (SEE ARTICLE #1)

Operating system or more specifically a certain component of operating system called filesystem, which based on user commands stores, deletes, and performs other operations with data on the logical disk level. – (SEE ARTICLE #2)

Hardware – hard disk or other physical device which is responsible for storing data at the lowest level of electromagnetic fields and electric charge. (SEE ARTICLE #3)

The behavior of each of the above parts determines how data is being deleted on a particular device and therefore what are the chances to restore it.


Data Deletion In Different Operating Systems

Each operating system stores user data in a specific way. A method of data organization is called filesystem. Each filesystem, in turn, stores and deletes data differently. However, for many filesystems the following principle is true – if you actively use the disk to write new files after the deletion the chance to recover the deleted files decreases.

Microsoft Windows

Microsoft has developed not so many filesystems, the most famous being FAT, NTFS, and ReFS. NTFS is the most “recoverable” filesystem meaning that if you delete a file from an NTFS volume and then do not write new data to the volume you have a great chance to recover the deleted data. As for FAT filesystem, only non-fragmented files can be recovered (typically these are small files).

ReFS is a comparatively young filesystem (about a year old); however, our research revealed that ReFS is about the same as NTFS in terms of recoverability.

Linux

Most well known Linux filesystems are ext2/3/4. Only with ext2 filesystem you have some chance to recover deleted data. Due to specifics of storing data on ext3 and ext4, the probability to get the deleted data in acceptable condition is very small. Surely, searching the disk directly for fragments of certain files can bring some result but it’s impossible to recover the deleted data in original state as it was on the disk before deletion. If you know what you are after, you can detect data traces; get the data as it was before deletion is impossible.

Apple HFS/HFS+

Apple Mac OS uses HFS and HFS+ filesystems. A file deletion in these filesystems as usual boils down to the deletion of information about where file content is located on the disk, rather than actual deletion of file content. Technicalities of these filesystems make it impossible to predict in advance whether data is deleted immediately or the filesystem postpones the deletion for some time. Anyway, deleted file contents on the disk will not be actually erased until the filesystem needs the place occupied by these files to write new data.

Thank You to Elena Pakhomova, Marketing and Development for the data recovery software company www.ReclaiMe.com for this GREAT ARTICLE!

[ COMMENTS ARE WELCOME – CLICK HERE ]


Be Sure To Visit Bookmarks4Techs.com

Bookmarks4Techs.com

About these ads

4 Responses to Article 2 of 3: Can The FBI Recover Data You Deleted?

  1. […] User who creates content, manages it, and finally deletes it. –  (SEE ARTICLE #1) Operating system or more specifically a certain component of operating system called filesystem, which based on user commands stores, deletes, and performs other operations with data on the logical disk level. – (SEE ARTICLE #2) […]

  2. Samer says:

    In depth information about data recovery in different situations, good post Elena, always nice to read articles on WhatsOnMyPC.

  3. Samer says:

    Great, i’m glad to hear that,

    thanks Ramblinrick,

    Samer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 295 other followers

%d bloggers like this: