About Us
Advertise With Us
Contact Us

David A. Wimsett
Providing Technological Solutions

David's interest in technology extends back to his teen years with science fairs and amateur radio. He is fascinated with hardware, but his real interest is how people use technology. David's goal in providing technological solutions has always been to listen to the end users.

Did You Really Delete That File?

You've created a sensitive spreadsheet at work. The project is over and you need to remove all traces of the file, so you delete it. You are donating your old home computer to a school and don't want your personal finance data to be seen, so you delete the files. Think you're protected? Think again. Because of the way that computer hard disks work, just deleting data does not actually get rid of it.

On both Windows and Mac computers, deleting a file does not destroy it. Rather, it moves the file to a special place called the trashcan, referred to as the Trash on Macs and the Recycle Bin in Windows. You won't see the deleted file listed, but it is still there. As you can throw a piece of paper in the waste paper basket next to your desk and then bend down to retrieve it, so files deleted and placed in the Recycle Bin or Trash can be retrieved and viewed again. This can be done by clicking (Mac) or double clicking (Windows) the trashcan icon on your desktop. The desired file can then be selected and restored as if it had never been deleted. This is a safety net in case you accidentally delete a file that you really want to keep. But, it means that anyone who gains access to your computer can view everything you have deleted.

To get rid of a file, you must empty the Recycle Bin or Trash in the same way you might take your waste paper basket out to the curb side can. For Macs, choose Finder and then Empty Trash from the menu bar. For Windows, right click on the Recycle Bin icon and select Empty Recycle Bin from the pop-up menu.

But, your deleted file can still be read even after the Trash or Recycle Bin has been emptied, much the same as someone could go through your curb side can when it is put out for collection. To destroy sensitive papers, you have to shred them. To purge electronic files, you must perform an electronic shredding.

Although computer disks are often compared to filing cabinets, they work very differently, To store a paper report in a filing cabinet, you place all of the pages sequentially in a folder and file it in a drawer. When you retrieve that folder, the pages are still physically together.

On a hard disk, the electronic equivalent of pages in a filing cabinet are referred to as allocation units. The size of an allocation unit varies depending on the operating system and its setup. In Microsoft Windows XP, for example, they are typically 4096 bytes long. One byte is generally equivalent to a single character, although, in actuality, a byte can hold elements of a picture, music, or several numbers.

In working on a spreadsheet, word processing document, digital photograph, or any other file, everything appears on the screen or printout as a continuous report or picture, but on the hard disk the electronic pages could be spread out over many non-contiguous areas.

When a file is saved, it is broken up into fragments that are the same size as the system's allocation units. Each fragment is written, in turn, to the next available allocation unit on disk. The operating system keeps a list of all the files on disk along with the physical location of all the allocation units that make them up. This is called the disk directory. The computer also keeps a list of all available allocation units on the disk where new files can be saved or existing ones expanded to. This is called the free space list. A file could be written to contiguous allocation units where all of the fragments of the file are stored physically next to each other on the disk. This might happen when the computer is new or after a process called defragmentation has been performed (see below).

However, it is more likely that there won't be enough allocation units grouped together to hold all of the file fragments and they will have to be spread out over many non-contiguous areas. This is because, as files are added and deleted, they leave holes in the stream of allocation units.

Imagine three files, “A” that occupies 100 allocation units, “B” that uses 24 units, and “C” that uses 2100. If file “B” is deleted and emptied from the Recycle Bin or Trash, the 24 allocation units it occupied are removed from the disk directory and listed in the free space list as being available for other files to use.

If a new file named “D” requires 1465 allocation units, the computer will not go out and search for 1465 allocation units that are next to each other. Instead, it will assign the first 24 fragments of file “D” to the space formally used by file “B” and the remaining 1441 to other allocation units on the disk. File “D” might be spread over dozens of non-contiguous allocation unit groupings at different physical locations across the disk. The spreading of files over non-contiguous allocation units is called fragmentation.

When a disk becomes highly fragmented performance suffers because the read/write heads that retrieve the data must move across the disk platter repeatedly, a relatively slow process for the computer. Commercial programs are available that defragment disks by rewriting all of the fragments of the files into contiguous allocation units. Most operating systems also include utilities to perform this task, though they may not be as effective.

As stated above, the disk directory keeps track of all the files and where their fragments are physically located on disk. Each byte of an allocation unit is made up of 8 bits. Each bit can have a binary value of 0 or 1 that makes up the digital code used by computers to store and manipulate data. Deleting a file only marks it with a code in the disk directory that says it has been moved to the Trash or Recycle Bin and not to display it. The physical data remains unchanged inside the allocation units. That's why you can delete a file and still not free up physical disk space, because the data still exists and takes up room.

When you empty the Trash or Recycle Bin, the file is removed from the disk directory and the allocation units are returned to free space where they can be assigned to new files. However, the physical bit values of 0 and 1 that made up the file's data are not cleared. They remain behind and can be retrieved using commercially available software. It is not until a new file is written into the allocation units that the old data is destroyed.

One of my clients was a lawyer who had been given a disk by a defendant in a law suit. It was supposed to contain the only set of financial records for a company. Upon examining the disk, however, I found a whole other set of records that had been deleted and emptied from the trashcan but not overwritten. They showed that the plaintiff's claim was in the right and the lawyer won the case. Your sensitive data could be revived in a similar fashion if your computer was stolen, donated, or thrown out.

To truly remove a file with the same assurance as shredding documents, you must write over the existing data to clear it.

One way to do this is to run a defragmentation program. These tools gather all the file fragments into contiguous segments and compress them on the disk, overwriting empty allocation units with new data as they go. However, this is not a very reliable method of clearing sensitive data. Some unused allocation units can be skipped in the process while others that are located at the end of the disk might not be touched.

The surest way to reliably delete a file so it cannot be retrieved is to use a secure deletion program. Sometimes these utilities are referred to as Wipe programs. They go to each physical allocation unit of where a specified file sits and write a pattern of bits in each byte to obliterate the old data. Some write a random pattern while other write all zeros or all ones. The best programs write different patterns multiple times because a bit can still retain a phantom image when overwritten just once. These phantom images can be read with special equipment. Military and some financial security specifications require sensitive data to be purged with secure erase programs that perform multiple passes.

On a Mac, you can select Finder then Secure Empty Trash from the menu bar. This writes a random pattern of 0 and 1 binary values over the data after removing it from the Trash, a nice feature that Windows would do well to adopt for its Recycle Bin. The process can take a long time to complete if the file is large because every bit of every allocation unit must be overwritten. Apple claims Secure Empty Trash makes the file unrecoverable, however, they do not elaborate on whether they write the pattern multiple times for the added security required for highly sensitive data such as that found in a military or financial environment.

Some people believe that formatting a disk will delete all of the data on it. This is not always the case. Standard formatting rewrites the disk directory and sectors, but not the data in each sector. With the right equipment and software, that data can be retrieved from the formatted disk.

You can purchase programs that perform a secure format in which all of the data is destroyed as the disk is formatted. This, of course, would be a radical step as secure formatting erases everything on a disk; files, programs, and operating system.

Visit you local office supply store or use your favourite web search engine to look for “secure delete” or “secure format” to find vendors who supply these products.


Main page - David A. Wimsett