Wednesday, August 29, 2018

WHEN YOU DELETE FILES ON YOUR COMPUTER WHAT REALLY HAPPENS TO THEM

WHEN YOU DELETE FILES ON YOUR COMPUTER WHAT REALLY HAPPENS TO THEM



What a question you may say but as crazy as the question is most of you reading this post must have at one point or the other wondered where the heck all the files you deleted on your PC went. Did they go into thin or were these files just forgotten forever by your PC. Well, the answer might not be what you�ve been thinking all along.

When you delete a file, the computer sends it to a temporary directory (Recycle Bin or Trash) where it awaits your final decision as to whether you still need to resurrect the file (Restore it) or not.

But when you go ahead to delete the file from the Recycle bin (Empty the Trash), the space the said file occupied isn�t actually emptied but marked as empty and it�s now available for new files to move in. What actually happens is that the file hasn�t actually moved out, but the pointers to the particular file has been removed making it impossible for your Operating System to locate the said file. But with recovery tools, you could locate those file which were deleted because they still exist on your drive.

Now, when you get new data into your PC and your OS has no other space to place this data, it�s starts overwriting the space marked as empty, and that�s the reason when you restore some deleted files, they might appear corrupt since other files have overwritten some part of it�s data. Therefore the key to restoring a perfect file after having being deleted is to perform a recovery not long after you had deleted it.
Does this Mean You Can�t Actually Delete A File?

Well, not exactly. As you must have now known, deleting a file only removes pointers to the said file, but the file gets overwritten when new files occupy the space marked as empty. The only other perfect way to have a file deleted and return a zero file even when instantly recovered using recovery tools is to do what is called a � zero filling�.

What is Zero filling?
Zero Filling involves filling every byte of the original file with a �0�, and then deleting the file. That way, even if you do restore the data in the file table, all you�re going to get back is an empty file. It effectively ensures that the disk sectors are already overwritten at the time of deletion.
How to perform zero filling on Hard Drive
Time Needed: several hours (varies with size and speed of drive)
Software: Hard disk utility software from your drive vendor
Media: blank CD or floppy disk
Although writing zeroes across the entire hard disk surface (aka "zero-filling") is not sufficient to meet government data sanitation (disk wiping) standards such as DoD 5220.22-M or the more comprehensive Standards and Technologies (NIST) Special Publication 800-88, overwriting the entire hard disk prevents most types of data recovery from being successful.
Heres where to get zero-fill software from hard disk vendors:
Hitachi
Drive Fitness Test (see website for specific models supported)
http://www.hitachigst.com/hdd/support/do...
Select the Erase Drive feature to zero-fill your hard disk
Samsung
HUtil (see website for specific models supported)
http://www.samsung.com/global/busines...
Use Tool, Erase HDD to zero-fill your hard disk
Seagate (including Maxtor)
SeaTools for DOS (see website for specific models supported)
http://www.seagate.com/www/en-us/support/downloads/seatools
Use Full Erase to zero-fill your hard disk
Western Digital
Data Lifeguard Diagnostics (select drive model for specific version recommended)
http://support.wdc.com/product/downlo...
Use Write Zeros to drive to zero-fill your hard disk


1. Determine the brand and model of hard disk you want to overwrite.
2. Download a CD ISO image or a floppy disk image (depending upon your equipment) and use the image to create bootable media. The floppy disk image is self-contained: run it, insert a blank floppy disk when prompted, and the image is created on the disk. You will need to use a CD burning program that works with ISO images to convert the ISO image into a bootable CD.
3. Restart your computer with the bootable media you created in Step 2.
4. Select the hard disk to zero-fill when prompted.
5. Choose the option to zero-fill the hard disk.


6. When the program is finished, follow the on-screen instructions to shut down or restart your computer.
7. Remove the wiped hard disk; you can now reuse or recycle the hard disk.
Secure Wiping a Hard Disk
Secure wiping goes beyond zero-fill operations, and provides an extra level of security. Most secure wiping programs are designed to meet DoD 5220 standards, which require three passes of overwriting with a special numeric pattern and verification. More information about this and other secure standards are available from the DataErasure website.
(Note that the 2007 revision of the Defense Security Service, Updated DSS Clearing and Sanitization Matrix (June 28, 2007) (PDF) now recommends degaussing or drive destruction for maximum protection.


Stanford Universitys Disk and Data Sanitization Policy and Guidelines, a must-read for understanding data wiping issues, recommends Dariks Boot and Nuke (DBAN) for secure hard disk wiping.
Secure Wiping a Hard Disk with DBAN
Time Needed: several hours (varies with size and speed of drive)
Software: Dariks Boot and Nuke (DBAN); available from http://www.dban.org/
Media: blank CD (all versions) or floppy disk (version 1.0.7 and older versions)
1. Download the DBAN boot image ZIP file (we used version 1.0.7 and beta version 2.0 for this article); we downloaded the ISO image for CD burning, but a floppy disk builder is also available
2. Extract the contents of the compressed file.
3. Burn the ISO image file extracted in Step 2 to CD; see our article on how to do this, or use the built-in ISO CD image burning support in Windows 7. If you downloaded the floppy image builder, run the program to create a bootable floppy disk.
4. Restart the computer using the CD or floppy disk created in Step 3.
5. Press Enter to run DBAN in interactive mode.
6. Use up and down arrow keys to highlight the drive to wipe.
7. Press the space bar to select the drive.
8. Press M to select the wiping method.
9. Press F10 to begin the wipe process.


10. At the end of the process, shut down the system. You can reuse or recycle the wiped hard disk.
Note: if DBAN is unable to recognize your SATA hard disks, configure your system BIOS to use IDE mode rather than AHCI mode.
Wiping Flash Memory Cards and USB Drives
Programs such as DBAN or vendor-supplied hard disk utilities are limited in the devices they support: they are designed to work with internal ATA/IDE or SATA hard disks only. Programs that work with flash memory cards and USB flash drives often support hard disks as well, enabling you to use a single program for all disk wiping processes. Roadkils DataWipe can be used with any hard disk, floppy disk, or flash drive that has a drive letter.
Wiping Flash Memory Cards with Roadkils DiskWipe
Time Needed: Varies; from a few minutes to several hours, depending upon size and speed of drive and computer
Software: Roadkils DiskWipe, available from http://www.roadkil.net/
Media: Can be run from Windows desktop
1. Download Roadkils DiskWipe.
2. Extract the contents of the compressed file.
3. Open DiskWipe. If you are running Windows Vista or Windows 7, right-click the program icon and select Run as Administrator.
4. Select the drive to wipe.
5. Select the type of wipe to perform; DiskWipe can zero-fill the disk or write random data.
6. Enter the number of passes.
7. Click Erase to start the process.

8. At the end of the process, close the program. You can reuse the wiped disk.
Wiping SSDs
To solve write performance problems on drives that dont support TRIM (check with your drive vendor for firmware upgrades) is to use wiper.exe (included with some SSDs) or to run the Secure Erase feature supported in most recent ATA/IDE and SATA drives. The Secure Erase feature can be activated on many systems by running Secure Erase 4.0 (HDDerase.exe), available from http://cmrr.ucsd.edu/people/Hughes/.... Version 4.0 works with most recent ATA/IDE and SATA hard disks and SSDs, but if you use an Intel X-25M, X-25E, or X-18M SSD, follow this link to download Secure Erase 3.3 http://www.iishacks.com/index.php/2009/06/30/how-to-secure-erase-reset-an-intel-solid-state-drive-ssd/. Note that it is no longer being developed, and we were unable to use it on a system running an AMD 690 chipset.
Wiping Drives and Free Space with SDelete
SDelete is a free program from Microsofts TechNet Sysinternals collection. It runs from the command line, and can be used to wipe drives, wipe files, or wipe free space.
Time Needed: Varies; from a few minutes to several hours, depending upon size and speed of drive and computer
Software: TechNet Sysinternals SDelete, available from http://technet.microsoft.com
Media: Can be run from Windows desktop
1. Download SDelete.
2. Extract the contents of the compressed file.
3. Copy sdelete.exe to c:windowssystem32 (this will enable you to run it from any location)
4. Open a command prompt session with Administrator rights.
5. To wipe all files on drive X: and its subdirectories and to wipe free space, enter Sdelete -p 2 �s -z X:*.* (to see all command-line switches, enter Sdelete with no options)
6. Wait; the program displays status messages as it runs. When the program is finished, you can reuse or dispose of the drive.
Evaluating the Effectiveness of Disk Wiping Programs
We used demo versions of two popular data recovery programs to evaluate some of the disk wiping programs discussed in this article. To determine whether a typical data recovery program could recover files on a SD card wipe with Roadkils DiskWipe, we first of all formatted the card using a card reader. Ontracks EasyRecovery Data Recovery (available from http://www.ontrack.com) had no difficulty finding folders and files to retrieve.
However, when we used DiskWipe to wipe the drive using a one-pass blank disk (zero fill) operation, EasyRecovery DataRecovery was unable to find the file system, let alone any files or folders.
After reformatting the card, taking a few photos, and deleting the photos, EasyRecovery Data Recovery was able to find the new photos, but the contents of the card before running WipeDisk were unrecoverable.
To evaluate SDelete, we used SDelete to wipe all of the files on a hard disk, but omitted the �z switch; when �z is not used, SDelete deletes files and renames them, but does not clear free space. To determine what might be visible, we used a demo version of Disk Doctors NTFS Data Recovery software, available from http://www.diskdoctors.net.
Disk Doctors were able to locate the deleted folder and Outlook Express message folders, but SDelete had renamed them from their original names and DBX extensions (Outlook Express message folders). If you use SDelete, its very important that you take time to use the �z switch to clear free space on the disk (once a file is deleted, the space it occupies is free space).
We also used Disk Doctors to evaluate the effectiveness of a freeware program called Eraser, which can delete and overwrite files and folders from the right-click menu. We created a documents folder with a subfolder called Figures and used Eraser to overwrite the folder and subfolder using its default settings.
Disk Doctors was able to locate the folders, but the contents are files with garbage names and are zero bytes in size � except for leftover word processing temporary files (files that begin with $). These filenames were not changed, which could enable a snooper to figure out the names of the files in the folder � although the files themselves were destroyed. By using more overwrites or different methods available with Eraser, a more thorough wiping may be possible.
My take: Performing this option you have completely deleted the files with no Jupiter Option to bring it back.

Blog Archive