Deleting a file in Windows (or even older DOS) removes it from your system — right? As many a computer criminal as found out the answer is absolutely not. The file itself can often be easily recovered simply by using Windows, or recovered using other programs if the file was “permanently” deleted. Let’s look at what happens when you delete a file.
The Simple Windows Delete
Most people will delete a file by clicking on the file and then pressing the delete key. Under Windows this brings up a dialog box asking if you want to recycle the file…
Answering Yes to this dialog causes Windows to move the file into the Recycle Bin which is really a hidden folder called Recycled. The original full pathname to the file is stored in the Recycle Bin index and the file itself is renamed to a unique name so it becomes possible to store many files of the same original name into the single folder without naming conflicts. Opening the Recycle Bin causes the index to be read and the file names still in the Recycle Bin and available for restore to be displayed.
The Recycled folder is unique in that its given a maximum size where most other folders have no such limit. Files stay in the Recycle Bin for a variable amount of time which largely depends on the size of the file, the size of the Recycle Bin, and the age of the file. Many are not even certain Microsoft knows the exact algorithm used to clear files from the Recycle Bin :-).
But, regardless the exact algorithm, if a file is in the Recycle Bin then it should be an easy matter to recover the file. The suggested recovery method is to right click on the file in the Recycle Bin dialog and then select “Recover” from the context menu that pops up…
This puts the file back to its original location. Or, if you wish to have the file in a different location all you really have to do is left click on the file and drag it to an open Windows Explorer window showing that location (or just to the desktop if that’s more convenient).
The key point to remember here is that any file “deleted” in the standard way is not really deleted in the way most people think of deletion (i.e., destruction). So, how can you better delete a file to force it to be gone? Windows provides one way that’s not very good and there are programs that can be used to do a much better job.
Windows “Permanent” File Deletion
If you click on a file and then press Shift-Delete on the keyboard Windows will give you a slightly different dialog…
Note the question: “Are you sure you want to permanently delete this file?” In this case if you say Yes to the dialog Windows will actually delete the file and not move it into the Recycle Bin. But, does this really delete the file? Again, no. The file remains on the disk; only the directory pointers to the file are eliminated and the space the file occupies is made available to the operating system to reuse. Often, this reuse only takes place after a fair amount of time has passed so the “deleted” file just sits on the disk available for recovery using software able to find the start of the file and then trace the storage locations from there to recreate the file. Such software is readily available as both commercial and free.
Some examples and further reading include…
- PhotoRec. File data recovery software designed to recover lost files including video, documents and archives from Hard Disks and CDRom and lost pictures (thus, its ‘Photo Recovery’ name) from digital camera memory. PhotoRec ignores the filesystem and goes after the underlying data, so it will still work even if your media’s filesystem has been severely damaged or re-formatted. PhotoRec home page
. [Free] - Recuva. Recuva (pronounced “recovah”) is a freeware Windows utility to restore files that have been accidentally deleted from your computer. This includes files emptied from the Recycle bin as well as images and other files that have been deleted by user error from digital camera memory cards or MP3 players. Recuva home page. [Free]
- Wikipedia Undelete article.
Really Permanent Deletion
To really delete a file so it can’t be recovered you basically have to overwrite it; and, overwrite it multiple times so all residual magnetic domains on the disk have been changed and the underlying file can no longer be reconstructed.
Simple deletion programs may overwrite the file once or twice. Those that follow DoD standards (5220) will overwrite the file three times. Beyond that the deletion standards generally call for either seven or 35 overwrites for complete deletion. The 35 overwrites is called a Guttman method after Peter Gutmann who, in the mid-1990s, looked into data recovery using magnetic force microscopy to recover underlying magnetic domains from the original file. Note: Overwrite is used here to mean overwritten by special patterns and not just overwriting with a single character over and over again.
Again, there are many programs, both commercial and free, that will overwrite a file and permanently delete it. There are two we’ll concentrate on here because they are both free for personal use and overwrite files up to the Guttmann 35 times standard. They are listed here and their operation is fully described on subsequent pages.
- File Shredder. File Shredder is a program that allows you to securely shred one or multiple files using algorithms up to the Guttmann. The program will also overwrite and clear all of the free space on a disk and, if you wish, will install a link to the program into the right click context menu for Windows Explorer so that if you are in Explorer and right click on a file you will have an option to shred it or mark it for later shredding.
- Moo0 FileShredder. Moo0 [pronounced moo-ah] is a somewhat simpler program than File Shredder. When you run the program it places a window on your desktop. To shred a file you simply set the options and then left click and drag the file from Windows Explorer onto the Moo0 window. When you do this, Moo0 will shred the file according to the options you set.
The other consideration about deleting files permanently is what files you might want to do this to. Obviously, any files with personal data in them or files that might compromise you if found are candidates for permanent deletion. But, there are others you might want to consider taking off your system if you browse the Internet to locations you might not want known then there are many files to consider for permanent deletion.
File Recovery
Ooops. You deleted a file but now need to recover it. If you’ve overwritten the file, too bad unless you have very specialized equipment like the government probably has. But, for other deletions, MiniTool Tips has a nice writeup of ways to do that.
