You’ve recently spent some time on deleting files. I understand that just
hitting Shift+Delete doesn’t rid the hard disk of the file, but I’ve long
wondered about some other things: Suppose I have an Excel or Word file that
contains personal info (say a list of passwords or other sensitive
information) and I decide that’s not such a good idea. If I delete all of the
information, then save the file, is that information gone forever? Likewise,
suppose this file is called “password.xls,” and I create a new (even
blank) spreadsheet, save it as the same file (password.xls), and click
‘Yes’ to “Replace existing file?” Have I successfully hidden those passwords
(or whatever) forever? Are they off my disk now? Any chance that life could
be this simple?
Let me put it this way: when it comes to computers, life is rarely
This situation is no exception.
The short answer to your question is of course not – the data might still
The longer answer is all about why.
Overwritten files aren’t overwritten
The assumption in your question is that when you update a file with new data, or even removing everything within the file, the new file will be written into the exact same place on the hard disk as the original.
That’s a bad assumption. In fact, it’s not really even what you want the programs to do.
The steps to update a file
I’m going to run with your “password.xls” example; it’s possibly one of the most common user-generated files in existence as we all try to manage our online world.
This is just a conceptual example – I’m not claiming that Excel, any other spreadsheet program, or any specific program for that matter works in exactly the way that I’m going to describe. However, I know that many do (or do so in very similar ways).
Let’s say that you make a change to password.xls – it could be either a small change or a large change, like deleting all of the entries.
Here’s how Excel might operate:
You open password.xls.
You make your changes.
You click Save.
Excel opens a temporary file in the same folder as the original.
Excel writes the updated spreadsheet to the temporary file.
Excel closes the temporary file.
Excel deletes the original password.xls.
Excel renames the temporary file to password.xls.
See what happened there? In the next to the last step, “Excel deletes the original password.xls.” That’s a plain old delete, not a secure one. The areas on the hard disk that the original password.xls occupied were not overwritten and could potentially be recovered.
It’s all about error handling
You might be tempted to ask why any program would go through such a convoluted series of steps to just update the contents of a file.
It’s something software engineers have to think of constantly: what if something goes wrong?
What if the program crashes? What if writing to the disk fails? What if, what if, what if?
If the program were updating the file in-place and crashed during the operation, the result might well be a corrupt, garbled, or destroyed original file with nothing to back it up.
By writing to a new file and not deleting the original until that new file has been successfully written, the program ensures that the original remains intact for as long as possible.
In fact, many programs don’t delete the file at all. They simply rename the original to the original.bak.
It’s not just saving in the application
Almost anything that looks like you’re about to overwrite the file has the high probability of operating as I’ve just described:
Using Save As… to overwrite an existing file.
Using Windows Explorer to copy a file “on top of” your original.
Using most command-line copy utilities to copy a file on top of your original.
And probably several other ways to overwrite a file that I can’t think of right now.
Even “Replace existing file?” is really talking about the file name and doesn’t imply that the old data is being physically overwritten.
The bottom line
If it matters to you, a secure delete or free-space wipe remains the technique of choice to make sure that the contents of the files that you delete – whether by actually deleting them or overwriting them – are actually overwritten on the hard drive.
I said above that password.xls is perhaps one of the most popular user created files in existence for the obvious reason that spreadsheets are a pretty useful way to keep track of passwords.
Yes, I even have password.xls.
The problem is that it’s also one of the least secure ways to store passwords if not done properly. Even if the spreadsheet is itself password-protected, it still isn’t considered really secure; there are apparently ways to crack password-protected spreadsheets.
I keep mine in a TrueCrypt volume. When the update process that I outlined above happens, the new file and the old file both exist only in the encrypted partition. While file recovery tools could be used to access the old file, they would work only if the encrypted volume were actually mounted using the passphrase – at which point the latest and greatest is right there anyway.
By putting it into an encrypted volume, the need for multiple-pass secure delete is also eliminated as the information that’s actually written to my hard disk is always encrypted. What could perhaps be recovered from the hard disk is useful if and only if you already have the volume’s encryption passphrase.
One final consideration
I bring up password.xls and using an encrypted volume to raise another possibility.
The program that you’re using to edit the file could work like this:
You click Save.
The program opens a temporary file in the system temp folder.
The program writes to the temporary file.
The program closes the temporary file.
The program deletes the original file.
The program copies the temporary file to the original file.
The program deletes the temporary file in the system temp folder.
So even though the file exists on a secure encrypted drive, it is possible that the program being used to modify it may have made a copy in another temporary location – a temporary location that is not encrypted and from which the data could be recovered.
Once again, if it matters (and it may not), a secure delete or free space wipe is the answer.