When did you last check what is in the Recycle bin of your Windows computer ?
If you have not done for a while, take a look in your recycle bin now. Go to Windows Explorer by right clicking on the Start Button (the Windows icon at the bottom left of your screen) then click Explore. Expand the folders tab on the left hand side then scroll down to Recycle Bin then click on it as if selecting any other folder.
Wait a few second for the screen to populate then check the right pane to see the deleted files. Some of these may be items you have forgotten or thought you had seen the back of forever.
Notice also how many temp files are in the Recycle bin. These files are created by applications and are usually deleted when an application is shut down properly, but can often end up as orphans in the main area of the hard disk drive too.
Some of these files contain snippets or entire blocks of readable text from documents such as Word Processors, Spreadsheets and other applications.
File deletion in Windows is a something of an illusion. This is because of the methods used by systems running Windows and how NTFS (the windows file system) stores information.
How to delete a file using Windows Explorer
To use Windows erase you would locate the file using Windows explorer, right click on that file and then click delete; or highlight the file and press the delete key. In order to delete the file by-passing the Recycle bin, you would right click on the file then hold down the shift key as you click delete. This will apparently permanently erase the file, but this has not made the file permanently inaccessible.
Imagine that you had at sometime written a resignation letter or an angry letter to someone, then changed your mind and used Windows erase to the file.
It could be embarrassing if the intended recipient of that resignation or Dear John letter, happened across that text whilst using your computer one day.
A worse situation is that if you delete these files from the Recycle bin, these can still be easily accessed.
There are many utilities for recovering files deleted with Windows erase. There are even utilities that can recover data after the hard disk drive has been formatted.
These files can be accessed after Windows erase because of the way systems running NTFS (the windows file system) store information.
Why files deleted with Windows erase can be recovered.
Windows stores your files by first making an entry in an index which will tell the hard disk drive controller the physical location on the hard disk drive where that file is can be stored.
This entry includes among other information:-
- The File name - as used for human identification.
- Start sector - a division of the hard disk drive formed drawing by a number of radials on the hard disk drive surface.
- Track number - a number of concentric circles formed on the hard disk drive surface.
- File size - how many sectors are required to store the file.
The hard disk drive controller then creates the file at the allocated location on the hard disk drive and then writes the actual data to it.
When you need the file again, for instance when you need to open a document for editing in your word processor program by requesting file open, the application asks the Operating system Windows - to fetch the file from the hard disk drive, the Operating system in turn asks the hard disk drive controller to recover the file.
The hard disk drive controller then looks up the relevant file entry in the file system index used by NTFS and finds the relevant hard disk drive sector and track number and the amount of data it has to recover (file size).
This information is then used to locate the actual data so that it can be read into you computers memory so you can continue working on your document.
When you use Windows erase to delete a file, it will only erase the file information in the ntfs index and then marks that the physical location is available for use to store a new data.
This means that the [actual contents of the file|the actual file data] is still on the hard disk drive and because of the huge size of modern hard disks drive it is unlikely to be over written with a new file for a very long time.
Windows NTFS also employs a journaling systems and a duplicate index that helps to keep your computer system running quickly and reliability. These items can be used to reconstruct data in near real time if the system requires it.
I will not go into details of how journaling works in this article but it is important to know that there is more than one way to recover files on your hard disk drive and to also note that when you use Windows erase to delete a file, you have not obliterated it from existence on you hard disk drive.
How to really erase a file in windows.
If you ever have information you would rather no one saw ever again,
whether that is an angry letter, embarrassing picture, or a recording of you singing for an X factor demo video, you need to know that using Windows erase to delete a file from Windows and even deleting that file from the Recycle bin, does not mean it is not recoverable.
The only effective way to delete files is to over write them with other data. But even writing new data at the location of the old file on the hard drive drive is still not enough to obliterate the data previously stored there.
In order to erase a file by over writing, it is recommended that the over writing is carried out using a specific patterns of one's and zero's, and that then entire area is over written with one's and zero's several times over.
In fact secure file deletion is such a import area that standards have been written to ensure that files cannot be recovered once deleted with Window erase.
Disposal of hard disk drives from environments where confidentiality is considered important, used to depend on physical disposal of hard disk drives by degaussing, furnace or crushing, now these disk must be securely erased using a program certified to standards such as Gutmann method, DoD 5220.22-M, AFSSI-5020 and AR380-19, before going to physical destruction.
Ezsoftware.co.uk provides a range of secure file deletion utilities to help you ensure that a file deleted with Windows erase is completely unrecoverable, even by high level methods used by many countries secret services and military intelligence.
Here are two of Ezsoftware.co.uk 's top ranked secure file deletion utilities.
Available for instant download from Ezsoftware.co.uk - Store
AEVITA Wipe and delete- Utilizes several certified secure file deletion methods
Clean-Disk-Security - Will remove safely remove data from the main file area, swap file and temporary files.
Charles London - IT Security analyst.
