Vestige Views

As part of Vestige's on-going commitment to educating our clients, potential end-users and our peers in the industry, Vestige Views blog reflects some of the industry's foremost thought leadership.


Deleted Still Isn't Deleted

Posted by Greg Kelley
Greg Kelley
As a co-founder of Vestige and its current CTO, Greg is instrumental to Vestige’s forensic and e-Discovery ser...
User is currently offline
in Business Management

Not a week goes by that I am not talking with a client about some computer forensic matter when the conversation drifts into discussions of how data is deleted. A few minutes later and the client says "well, I guess deleted isn't deleted".


Most of the public is familiar with that phrase. They understand through newspaper articles, talking with the local IT expert, working with companies such as us and even watching TV that data can be recovered by those of us with the skills and know-how.

This article, however, illustrates how any of your data, no matter who keeps it and where they keep it, may not be deleted when you think it is. In order for companies like Facebook, MySpace and others to recover from disasters they need to have backups or mirrors of your data. Disasters can range from data loss, server crash or power outage to buildings destroyed by flood or other natural disasters. The point is that your data is in multiple locations.

The data may not be kept just for backup purposes. It also may be kept because the provider has regulatory requirements that necessitate the need to keep the data. Maybe they are performing analytics on the data for future use. These steps may be made known to you or they may not be. Whatever the reason for keeping of the data, the fact remains is that it happens, quite often when one knowing.

When you request your data be deleted, you are relying that the provider is deleting any and all copies whether they be for analytic studies, backup or regulatory purposes. Needless to say from the article referrenced, that doesn't always happen. Maybe it is purposely kept. Maybe it is accidentally kept because the provider isn't aware of all the places it keeps your data.

Logic would hold that this issue isn't just a Facebook problem. Think about all of your cloud providers. Whether you keep just your email, financial data or large sums of data in the cloud, chances are there are multiple copies of it up there. Depending on who you talk to in customer service or tech support, they may not even be aware of it. I recall working on a client matter wherein I wanted access to certain logs. I asked multiple times for these specific logs and was told by the provider that they did not keep these logs. A few weeks later I brought the subject up again, only this time I found out that they did keep these logs (side note: unfortunately they didn't keep the logs for a long period of time so they claimed that they didn't have them from the time period I was looking for. I bet if I inquired further, I may have found that story to be inaccurate).

So what can you do?

  1. Start with checking your contract with your provider. This may be a written formal contract or it may be as simple as their terms of service.
  2. Inquire at multiple levels. Start with customer service, go to your sales contact, ask to speak to a support engineer. Not only may you be surprised, you may surprise your provider with what you discover.

You may find out at the end of the day that you have more discoverable information in a case then you realized. Quite often it may be helpful in proving your case but at the very least knowing this information will help you ward off spoliation claims.

0 votes
Tags: Untagged
As a co-founder of Vestige and its current CTO, Greg is instrumental to Vestige’s forensic and e-Discovery services. Greg’s responsibilities include overseeing day-to-day operations, internal Information Systems infrastructure and performing as well as help managing the computer forensic investigations performed by Vestige.

Greg has over a decade of experience working in the computer industry. Greg’s various positions and responsibilities included custom software design and implementation, network management and security, database programming, disaster recovery and end-user support. For the past several years Greg has helped Vestige, and its predecessors become one of the few companies capable of performing computer forensic investigations. Greg has worked on criminal and civil litigations covering areas such as intrusion and incident response, intellectual property theft, fraud and uncovering assets. Greg has testified in State court and Federal court in both civil and criminal cases.

Greg holds the professional designations of Encase Certified Examiner and Digital Forensics Certified Practitioner. He is an active participant in the computer forensics industry having spoken at conferences such as Techno Forensics, ISS World, CEIC and PFIC.

While headquartered in Cleveland, Ohio, Vestige supports litigation across the United States. Much of our work does come from the Great Lakes Region, including Ohio, Pennsylvania, Indiana, Michigan and Illinois, but routinely support cases on a Nationwide (and international) basis.


No events

"The records and evidence uncovered by your organization proved to be the decisive factor in the litigation, and gave our organization tremendous leverage in the settlement process."

Christopher S. Miller
Chief Executive Officer, Conrad Kacsik
Solon (Cleveland), Ohio