Article 3 of 3: Can The FBI Recover Data You Deleted?

This is a guest post series written by Elena Pakhomova, Marketing and Development for the data recovery software company www.ReclaiMe.com.

There are three articles to this series that examines the method(s) of deletion at the user-level, at the operating system level, and at the hardware level. Please visit again to capture the rest of the story…

image

In light of recent high profile espionage events, subject of personal data protection has become very popular. In this article I will try to shed light on the subject of data deletion and answer the question how does one delete the data so that even the FBI fails to restore it.

There are three parts involved in data management on every device, be it a PC, phone, or some other gadget.

User who creates content, manages it, and finally deletes it. –  (SEE ARTICLE #1)

Operating system or more specifically a certain component of operating system called filesystem, which based on user commands stores, deletes, and performs other operations with data on the logical disk level. – (SEE ARTICLE #2)

Hardware – hard disk or other physical device which is responsible for storing data at the lowest level of electromagnetic fields and electric charge.

The behavior of each of the above parts determines how data is being deleted on a particular device and therefore what are the chances to restore it.


Deletion At Hardware Level

At the moment, there are two types of data storage devices differing in how writing, storing, and deleting data on them are implemented.

Rotational hard drives

This group includes familiar to all of us hard drives of various form-factors, vendors, and characteristics. The information on such drives is stored in magnetization which upon read request is transformed into set of bits (basic information units). Magnetized spot of the disk surface is read as 1, while non-magnetized spot produces 0. Although due to the specifics of disk magnetic head, new write does not always destroy the previous data completely, practically it is impossible to recover overwritten data from the modern high density hard drives1.
Thus, if data was overwritten at least once, data recovery for all practical purposes is not possible.

Flash-memory based devices

This group includes the data storage devices based on flash memory – memory cards, USB thumb drives, and solid sate drives (SSD).

Writing, storing, and deleting data on such devices differ from the same processes in the regular hard drives. First, data is stored in the bits as well but now 1 and 0 are the result of voltage in cells rather than magnetization of the surface in a regular hard drive. Unlike the magnetized surface, electronic cells retain no memory of the previous state of each individual bit. This means it is physically impossible to know what data was in particular place earlier.

One more SSD quirk is that new data can be written only to cells zero-filled beforehand. This led to creation of TRIM command which cleans the cells containing unnecessary data when SSD is idle. In case of a typical hard drive, if you do not use the drive for writing new data, most likely your deleted data is still on it. For SSD this trick won’t work because even if you do not use SSD, TRIM process deletes all traces of previous data at the first opportunity. This means that for SSD data recovery is typically useless, although each case has to be considered individually.

Conclusion

As you can see in order to delete files so that even the FBI cannot extract them, it is not enough just to press the “Delete” button. You need to know the specifics of your data storage device such as host operating system (filesystem type as well), what type of the device you deal with – hard drive or SSD, and so on.

Anyway the simplest way to check presence of the deleted data on the disk is to launch any data recovery software and see whether it finds data. You can use different tools and even paid tools (which in practice are more powerful) since in data recovery field demo versions of software fully discover data and often allow either to preview it or to save a small sample.

References

1. Wright, Craig; Kleiman, Dave; Sundhar R.S., Shyaam (December 2008). “Overwriting Hard Drive Data: The Great Wiping Controversy”. Lecture Notes in Computer Science (Springer Berlin / Heidelberg).

Thank You to Elena Pakhomova, Marketing and Development for the data recovery software company www.ReclaiMe.com for this GREAT ARTICLE!

[ COMMENTS ARE WELCOME – CLICK HERE ]


Be Sure To Visit Bookmarks4Techs.com

Bookmarks4Techs.com

About these ads

2 Responses to Article 3 of 3: Can The FBI Recover Data You Deleted?

  1. I use prevent restore,they claim after use that data cannot be recovered

  2. […] Article 3 of 3: Can The FBI Recover Data You Deleted? (whatsonmypc.wordpress.com) […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 245 other followers

%d bloggers like this: