Deleting files permanently
Submitted by YbiGames on February 13, 2012 - 20:56.
Most people think that when something is not visible it does not exist anymore, but this is far from truth, especially when we are talking about computers, which only show a tiny bit of what happens inside of them.
In the case of deleted files in the hard disk; the computer or actually the operation system lies; since when a file is sent to the recycle bin despite Windows says it has been permanently erased, it actually is not deleted but just tagged as overwritable.
Because of this fact, the restoration of any file (even after being sent to the recyble bin) is possible, however this is a fact that also leads to privacy problems. In order to delete permanently a file from your hard disk you need special applications; in this article I'll explain you which applications you need and how they work.
But before continuing you must understand the structure of hard disks and how files are stored in them.
How files are stored on disk
Inside the hard disk there is a platter divided in tracks, which are concentric circles; each track is divided in pie-shaped sectors as it can be seen in the image below.
The tracks are the concentric circles like the one shown in yellow while the sectors are the pie-shaped divisions of the tracks, like the one shown in light blue.
Sectors have a fixed size with a fixed number of bytes, so each sector can have a size of 512, 1024, 2048 or 4096 bytes. If you multiply the number of sectors per track by the total number of tracks by the size in bytes of each sector you get the total size in bytes of the hard disk.
NUMBER OF SECTORS PER TRACK x NUMBER OF TRACKS x SIZE OF EACH SECTOR = HARD DISK SIZE
In Windows sectors are grouped into clusters; that vary in size and number of sectors; in large disks the default size is 4 KB.
Files are stored in groups of sectors and each sector is numbered; so if we have a 1 MB file and each sector has a fixed size of 4096 bytes (4 KB), that file will be allocated 256 sectors, say for instance from sector number 400,244 to sector number 400,500.
For files smaller than a sector size a whole sector is allocated; for instance if we have a 4000 bytes file, if the size of each sector is 4096 bytes, that file will be allocated 4096 bytes, taking up the whole sector.
If we have a 20000 bytes file it will be allocated 5 sectors (20480 bytes), even when there is a spare space of 480 bytes in the fifth sector it will take up the whole 5 sectors or 20480 bytes.
Deleting files process
When a file is deleted and sent to the recycle bin; it is not actually deleted but the sectors it has been allocated are tagged as overwritable; meaning that those sectors can be overwritten at any time by other data if the operating system considers that space as convenient for a new file; but until that happens the data of the file we "deleted" remains untouched.
Now you may wonder why the operation system doesn't delete it permanently instead of just tagging it as overwritable and leaving it untouched; the reason is simple; overwriting fully the sectors of a deleted file with new data (perhaps filling it with zeros 0s) each time a file is erased, it would be a costly and slow process that would take a lot of time, decreasing the overall performance of the disk and the operation system.
For instance if we delete the file of one of the previous examples, the 1 MB one; that has been allocated 256 sectors, from the number 400,244 to the number 400,500; those 256 sectors will be tagged as overwritable; allowing the operation system to allocate those sectors to a new file at any time.
In practice this system is useful since most users don't require a full data deletion for security reason, thus making the deletion process really fast. But in some cases a permanent and irreversible data deletion might be necessary.
For example governmental organizations and intitutions or big companies that handle sensitive data, might need the permanent destruction of that information for different reasons. In the case of common users the permanent destruction of data might be a necessity related to privacy preservation.
In such cases some special tools and applications are required in order to achieve the permanent deletion of sensitive information.
How to permanently delete data from the hard disk
As mentioned before deleting a file and sending it to the recycle bin is not enough to achieve its permanent destruction; even partitioning and formatting the hard drive is not enough; as there are forensic information technology applications and tools that if used correctly can easily restore all the deleted information.
That's why in order to remove permanently sensitive data; companies, agencies and institution might require the use of different methods like the Gutmann algorithm and the DoD 5220 method; these permanent data destruction methods differ in efectiveness and performance.
Both methods perform complex tasks in order to remove all the previous data of a hard drive, a process that usually requires a long time to be finished. For example the Gutmann method can perform 35 passes, overwriting all the hard disc over and over.
But for most average home users the complex methods described previously are not necessary, so for them there is a series of different applications that can perform secure permanent data deletion in their hard disks. For example these applications are very useful in cases when the user wants to sell a computer preventing identity theft, or when the user needs to totally clean the operation system of strong recurrent viruses and spyware. Here is a list with some of the best tools available:
In more drastic cases there is a very powerful tool for Windows that can wipe your hard drive completely, very useful for emergencies. This tool is DBAN (Darik's Boot And Nuke). You can download it from here: http://www.dban.org