I don't know how long it was that I worked and played on computers before I truly understood that when I erased a Word document from my My Documents folder it was not gone forever. It was only natural to think it was "deleted". It was gone, as far as I could tell. It didn't show up no matter how I searched for it nor how desperately I needed it back. And believe me, there was many a time that I wished I could get a deleted letter or homework assignment back. (I am, in particular, thinking back to my Windows 95 days, and my hard drive was 4.3 Gigabytes. I was a fanatic about "disk doubling" and emptying my Recycle Bin!) If I cannot see it...and my machine cannot see it...and my machine says that the space it took up is now 'free'...it is gone, right? I certainly thought so.
I think it's rather important that you understand, if you don't already, that when you right-click+delete, or drag something into the Recycle Bin, it isn't really erased. Instead, the name/path entry in the file allocation table (the directory used to locate and 'find' files) is altered in a way that tells Windows to no longer display the file and that this (physical) area is now available for future storage. The same thing happens when you take the drastic step of formatting your hard drive -- it isn't "wiped" like taking an eraser to a chalkboard: the Master Boot Table and the file directory are similarly altered, and once that occurs the machine can neither find your files nor your operating system -- the rest of the 1's and 0's are left in place.
It is because of this fact -- that files aren't erased, but their directories and names are altered -- that undelete and unformat utilities can perform their miracles. Instead of ignoring or treating these altered entries as writeable space, they (attempt to) deliberately seek them out and rename them back to a recognizable formula, which restores Windows' ability to 'see', find, and display them. So, why couldn't my undelete restore my file? The most likely reason is: because Windows sees the deleted file as usable space, it has written something new in that location -- and now that new 1's and 0's are there, your file really and truly is gone. (The more time that elapses since you deleted the file, the more likely it is that it has been written over.)
[A quick aside: I look at a lot of systems' hard drives, and I've found that today people tend to be the opposite of me and my space-paranoia, born out of small HD's. It strikes me that they don't "recycle" anything. ]
Tip of the day: Never assume that your data has been erased. In fact, I suggest thinking in an opposite manner: assume that no matter what proactive measures you've taken, your data is on that hard drive. Tell yourself that a knowledgeable person with the right tools, if they get their hands on your hard drive, can read it. (There are some people in this industry who insist that your files aren't really gone until your hard drive has been melted in a blast furnace!) Particularly keep this in mind when the time comes to donate (or otherwise get rid of) your old computer.
If you are security-conscious, and you want to ensure that when you erase something it's really and truly erased (or you are about to donate your old PC) I recommend that, if you don't already have one, you download a free file shredder utility (I will put one as today's free link) and to choose one that offers multiple methods of shredding. What a "shredder" does is it writes new data, and it does it in multiple passes. Typically writing all 1's on one pass, all zeros on the next pass, and then a completely random pattern of 1's and 0's, and so on. It is generally recognized that your shredder should make 6-12 passes.
* If you do this, you can donate your old PC comfortable in the knowledge that only a several thousand-dollar restoration, performed in a sterile lab, might render your personal information readable again. (If you are a corporation, and it's time to throw out your old hard drives, and there's highly sensitive data on those drives...melt them.)
Today's free link: Zilla Data Nuker 2 (Please note: this program is an exception to my rule of always having run and tested the links I suggest. I have not ever needed to download a file shredder as I've always had one bundled into the Utility Suites I have on my machines. However, this application is 5-star rated by Cnet, and I was unable to locate it on any "blacklists". It is the one I would try first.) From Cnet, "This powerful program helps you shred important files & folders so that they cannot be restored & prevent attempts to recover sensitive deleted files from your hard drive by data recovery or forensic software. Shredder allows you to purge, wipe & erase data with methods that far exceed US Department of Defense standards for file deletion (DOD 5220.22). Easily automate the cleaning process with batch files, shortcuts and scheduler. Supports complete folder deletions including subfolders."
*Original post: 6/22/07
Copyright 2007-8 © Tech Paul. All rights reserved.
post to jaanix
No comments:
Post a Comment