How do you delete files completely?

por | 21 junio, 2011

Article Source

Computer Forensics…

Well what your asking is how to write over the data in a file so that it can not be recovered by people like me. I am a Forensic Computer Crime Investigator. I recover files for criminal investigations.

The only way to make sure a file can not be recovered is to write over it with other data, let me explain.

You may be interested to know that when a file is deleted (and the recycle/trash bin is emptied or you use the delete button or menu choice of delete) the actual data is still sitting on your disk. This applies to magnetic storage such as Floppy disks, and the common hard disk and even flash storage devices such as Memory Sticks, Compact Flash, Micro Drives and similar technologies.

Here is what happens. Your operating system removes the reference to that file on the file system. This reference had details such as where on the disk the file was. Whilst marked and available as free space the old data didn’t move, its just not seen on the file system but physically exisits on the disk. The entire file remains on the disk until another data is created over the physical area, and even then it may be possible to recover data by studying the magnetic fields on the platter surface.

Since when a file is removed the data remains then we have software to un-delete this data.

Recovery tools do not read the actual file system. They read the contents of the actual disk, thus it can list the «deleted» files and offer an undelete option.

How do secure deletion tools work? The tool inspects the clusters on which the data exists and overwrites them with random data which is determined by complex mathematic algorithms. One «pass» means overwriting the clusters once and will render most commercial recovery tools useless. However even one pass is considered weak as agencies such as the FBI or CIA (who have the money) can probably recover most of the data. 7 passes is what’s considered as «military» grade. As the number of passes increase the chance of actually recovering the file with today’s technology decreases close to an exponential rate. Most tools allow you to delete files and can also «wipe» free space – that is overwriting clusters that were marked as free space.

Here is a link to a list of shareware secure file deletion tools that actually overwrite the data:

I use Secure Clean myself by WHiteCanyon.

Hope this helps explain it for you.

Sources: 15 years as a computer forensics expert..

Article Source