Gone But Not Forgotten?
Surprisingly, the answer in many cases may be "no."
While this can be great news for someone who accidentally deletes a file and needs to retrieve it; it can be quite problematic for those charged with securing sensitive business data or other confidential, personal or private files.
With the upsurge in active corporate espionage; retaliatory acts by disgruntled employees (including the appeal of quick dollars from competitors in a down economy), and myriad other vulnerabilities, it behooves computer users to ensure that the files they think have been erased from their computers, truly have been.
In the July issue of XBIZ World magazine, we feature a brief look at a software product called DiskDigger — a free forensic analysis utility that can scan all forms of media and recover "deleted" files. As part of writing that article, I put DiskDigger (along with my CCleaner utility and other tools) to the test in an effort to see just how good a job a top-rated piece of consumer software is able to do at scanning a disk drive and retrieving deleted files.
The results were impressive and eye-opening.
I first deleted all files on the test drive, using Windows Explorer. I then ran CCleaner on the drive to "fully erase" it — or so I hoped. Wrong. DiskDigger revealed thousands of files still on the disk drive. An NSA-level seven pass regimen still left recoverable files.
I ran a quick format of the drive, but still, DiskDigger uncovered (and was able to easily retrieve) "deleted" photos, videos, Word documents and more. I then ran a full format of the drive — yet the results were the same: DiskDigger was able to retrieve files and show thumbnail previews of everything it found.
While each of my disk erasure attempts resulted in fewer recoverable files, it's clear that the amount of data left over even after a robust cleansing regimen poses a serious personal and corporate vulnerability.
It was only after I laid the full Gutmann with a 35 pass free space wipe on that drive did DiskDigger finally have nothing to show for itself — though few computers indeed ever receive that extreme a level of deleted data sterility.
During this whole process, I kept thinking "If this is what free gets you, how much more effective are the tools of professional criminals, government agencies and private sector / workplace spies?"
The answer is simple: "good enough that you need to take deleted data security seriously."