I usually get the reverse of this question: “how do I recover files I deleted?”. But it’s absolutely worth looking at how things can be recovered, so that if you actually want something to be deleted and stay deleted you can take appropriate steps.
In general, there are three things that contribute to data “rising from the dead”, so to speak:
I’ll look at each of those in turn.
It’s Not Deleted
The best example I can give of this is your web browser’s cache, and I suspect that’s responsible for most of what you’re seeing. People are often surprised at the files, pages and images that are left behind on your machine after you’ve browsed the web for a while. IE, Firefox and others all make use of what’s called a “cache”, a place where files can be downloaded once and kept “for a while”, so that in case you need to view that file again, it need not be downloaded again.
A good example is the Ask Leo! logo at the top of this page. The first time you visit Ask Leo! it’s downloaded and shown to you, but also placed in your browser cache. Then, when you visit a different page that references the same image there’s no need to get it again, it’s already in your cache. The result is a faster experience.
The result is also that days or sometimes even weeks later you’ll find those images in your browser’s cache. If you don’t recall visiting the site, you’ll wonder where they came from.
Anything you visit on the web might well be saved in your browser’s cache. In addition, anything you viewed in email might be there as well, as some email programs use the browser cache for caches of their own when viewing pictures, html emails or attachments.
The browser cache is just one example. Different programs often manage their data in different ways, and can easily decide not to delete or clean things up until sometime later, based on whatever that program decides is important.
It’s Deleted, but Not Really
Two words: Recycle Bin.
When you delete a file using Windows Explorer that file is typically not actually deleted. Rather, it’s moved into the recycle bin. The recycle bin is then managed separately and files are physically deleted only when the bin becomes full, or you manually empty it.
The point, of course, is to allow you to say “oops” and retrieve the file from the Recycle Bin if you make a mistake.
The side effect is that the files are still on your machine until they’re removed from the Recycle Bin.
This same approach is occasionally used by other programs. Quite often email programs will also have their own internal Recycle Bin into which they’ll move deleted messages.
It’s Really Deleted, but …
Depending on which side of “I deleted something, I want it back” versus “how do I make sure it’s really gone” you happen to be on this might be good news or bad news.
When a file is deleted the contents of the file remain behind. It’s kind of like moving out of an apartment by just taking your name off the door; you might still be in there, but no one can find you.
Well, they can find you … by checking every unlabelled apartment. Only if someone else has moved into your old apartment will you and your stuff truly be gone.
The same is true … sort of … for deleted files. A file deletion does nothing more than remove the file’s name from the list of files occupying the drive. It’s not until another file “moves in” and overwrites the data that it’s actually gone. And naturally there are tools that will search for and reconstruct the files whose data has not yet been overwritten.
Making Sure Gone is Gone
So the question is what do you do to ensure that when you delete something it’s really gone? Several steps, that all follow from the various scenarios above:
- Understand how your application handles files, and either configure it to not keep files around, or manually force them to be really deleted. As perhaps the most common example, in the case of things like web browsers that means emptying the cache of saved items.
- Empty the Recycle Bin. You could go so far as to disable it, I suppose, if you’re very concerned, but I’d be satisfied with reducing the size of the Recycle Bin, and periodically emptying it manually.
- Use a secure delete tool. Either use such a tool to overwrite the “unused” space on your hard disk (think of this as cleaning out all the empty unlabelled apartments), or use it to actually delete files and erase the space they used on the spot.
And finally, no discussion of data security and recovery would be complete without discussing even briefly high tech low level data recovery. Even after data has been overwritten once by other data – even the secure delete utility – it’s possible to send a drive in for detailed (and expensive) recovery that might uncover and restore the previously overwritten data. It’s not part of the scenario you described, since it involves removing the hard disk drive and taking it apart. Prevention is actually relatively simple: either store your data encrypted (such as using a TrueCrypt volume), or make sure to use a multiple-overwrite feature of your secure delete program. Overwriting the data even twice makes the original data nearly unrecoverable.