When you delete a file from your system, it takes reasonably less time than the time it took for copying it. So what happens when you delete? It won’t delete each bit/byte of information it copied to disk when file created; rather it just delete the link in File System Table so that it will be invisible for Operating System. Here you might get a doubt, “Why it is taking considerable amount time (though less than original creation time) for deletion if it has to delete just a link?”. In fact, it is my doubt and the I self-answered that, it might be because, there are many links in file system table that needs to be deleted. When you copy a file to your disk, there is no guarantee that all the file bites information will be stored at same location(sectors/cylinders) in hard disk. Operating system will spread the parts of file information to various locations of disk to utilize the free fragmented space. That is why we get more links in FAT and more time to delete links FAT. Fine, let’s come back to our original topic of file deletion and continue the rambling. So, for this reason, when you delete(Shift + Del) a file from system, it is NOT deleted from storage originally and there will be traces of your deleted files in disk. Your OS will not see them but by using third party utilities you can see these files. These third party utilities will directly talk with disk in raw language instead of going through file system table table and gets the list of files which are available on it. This is how some of the Data Recovery software’s will work and fetch the Shift+Deleted items for you. Similar thing happens when you move the files (move is an operations which includes deletion at source and creation at destination if you are doing between different systems — it’s a different story when you move files within same file system).
Well, now we know that files will still reside in disk though you permanently delete them; but for how long? Life time?. Simple answer is, “NO” not for life time. If it does like this, there won’t be any space for your new files.
At the same, these deleted files will reside in your disk for a specific period of time. This time will be based on your system usage. If you are daily user of system and do lot of file copy stuff, your disk will end up with no free space and then it will start writing the data into the sectors where previous shift deleted items are residing. Operating System won’t mind writing the files into these locations as it sees those blocks as free space (remember when we deleted the file, it cleared the links and marked that space as free in FAT). So, when such overwrite happens, you cannot get that deleted items back. In other words, your permanently deleted data will still reside in disk until that space is used by operating system to store some other file.
Clear?
Now let’s take a step forward. For some reason, you want to get deleted data back. Simply Google for recover deleted files and you will get lot many. Some of them will be free and some will charge you. Whatever is the tool, it will look for files in drive which are not part of your OS file system table to get list of deleted files. I am not sure exactly how it will be getting this list from drive, but I think drives will have some low level tables maintained for data.
So, if the deleted files physical location is overwritten with some data by OS, can’t I get it back?
Looks like answer is “yes” here. I read in this blog that you can recover the data which was overwritten up to 10 times. This might be dependent on your disk type as well.
I am worried about my data confidentiality if retrieval of deleted items is possible like this.
It’s not only you, but many organizations and individuals worry about this. So, solution here is, you should use a tool/software which completely wipes the traces of your permanently deleted data from disk. Last month I read about such a tool named “Eraser” in TechNet Magazine(Dec-2009 edition). You might want to give a try…
My rambling ends here….
Happy Learning..,
Sitaram Pamarthi