Can Data Be Permanently Removed from a Computer?
In our last blog (Part 1), we discussed whether data was gone when you deleted it. We discussed the various ways that data can be recovered whether on a computer or cell phone, files, emails or text messages. We also discussed the various caveats with recovering the deleted data. Of course, that brings up the question: Can you permanently delete data on a computer?
Remembering back to the previous article, the simplest way to permanently delete data is to overwrite that data. But how does one go about overwriting data? Continue reading to learn how to permanently delete files on your computer.
1. Old School. Years ago, those that were aware of how computers stored and “deleted” data tried using internal controls in Windows to overwrite data, defragmentation. Files are stored on computers in blocks and when a file grows in size, the computer will grab a free block to store data, regardless of where that block is physically. The result can be thousands of files using blocks of data that are in no way contiguous. Defragmentation puts those blocks together but to do so the blocks have to be moved around and in doing so they overwrite other blocks of data. The hope is that in defragging a hard drive — you overwrite deleted data. This method is more effective with a lesser amount of data on the computer.
2. Tried and True, but You’ll Get Caught. Search the internet and you’ll find plenty of applications that can facilitate wiping of data, from the benign sounding CCleaner® to the wonderfully named Evidence Eliminator™. These hard drive eraser software options will securely delete a file by first overwriting the contents then deleting the file. Usually the process also entails scrambling the filename. These applications can also wipe unallocated space, where deleted files reside, rendering any deleted file unrecoverable. The drawback is nearly every one of these applications leaves behind a trace that a forensic expert can use to ascertain what occurred.
3. Hi-Tech Geek. Another method to overwrite data is to use a hard drive hex editor to pinpoint the physical location of a file and manually overwrite the data. This method is effective, may not leave a trace, but is akin to cutting your lawn with a pair of scissors.
Another way to “permanently” delete data from a hard drive is to start with what is called an encrypted file system. The new APFS (Apple File System) as well as iOS (file system used on iPhones and iPads) and newest Android file system have the ability to employ this technique. What occurs is that every file on the drive is encrypted with its own encryption key. When a file is deleted, the encryption key is destroyed. Since the file is deleted in the standard way, the data remains on the drive but since it is encrypted and the key to decrypt it is gone, the data is useless. (Side Note: the author of this article actually conceptualized an encrypted file system in 2010 or earlier but did not patent it, hence he’s only the author of the article and not an early retiree!)
Of course, there is another way to permanently delete data from a hard drive but if one is looking to just remove a couple of files, this method is like using a sledgehammer to swat a fly. This method involves overwriting the entire hard drive. In order to do so, the hard drive must be removed from the computer and attached to another computer as a second drive or the computer must be booted with what is called a “boot disk”. Namely, you can’t wipe a drive that is functioning as the operating system for a computer. If your hard drive is encrypted with something such as Windows BitLocker, a simple format of the entire drive and encryption with a new key will do the trick (similar to the discussion above with the encrypted file system). An Apple iPhone or iPad can be factory reset to accomplish the same.
If you think that this article has helped the “bad guy” remove their data, fear not. Each method has its plusses and minuses and nearly all of them cannot occur without being detected.
by Greg Kelley, EnCE, DFCP,
Chief Technology Officer at Vestige Digital Investigations
For more information CONTACT US.