Imagine you’re standing in a brightly lit, yet slightly dusty garage. It’s completely empty aside from you and ten cardboard boxes lined up in a row on the concrete floor in front of you, stretching from wall to wall. In each of these boxes are your personal documents, organized in chronological order.
The boxes are closed, so how do you know what is in each box? You look closer at the sides of the boxes and notice that each one is numbered: 1, 2, 3, 4, 5, and so on. “Okay,” you think aloud, “but where is the TPS report I’m supposed to have? Lumbergh needs it by this afternoon.”
You could start at the beginning of the boxes and look through them for the document you’re looking for, but that would take far too long. Instead, you remember that you are holding a clipboard. On that clipboard is a piece of paper, and on that piece of paper is a list of every document in the boxes.
You slide your finger down the list, looking for “TPS report” and see that it is the third document in Box 6.
Computers store their files in an almost identical way.
Every bit (bits are what your files are made of at the lowest level) has its own address it can be found at on the physical hard drive inside of that whirring box that only houses a power button to the uninterested eye.
When a user wants to open a file, for example, “TPSReport.docx”, the computer also has a ton of boxes it has stored your documents away in, and looks up on its own metaphorical clipboard which one your document is in, and then physically just starts reading from the hard drive at that address to load the file for you.
So when you double click “TPSReport.docx” on your desktop, the computer scans its clipboard, sees the document is the third folder in box 6, and then immediately opens box 6, grabs the third folder, and presents your file to you nearly instantaneously.
However, there are actions on the user’s end that don’t penetrate quite this deep into the computer’s inner workings, only appearing to work at a superficial level that a user can see. One of these actions is deleting files.
Your computer has a clipboard of where every file is. When you move something to the recycle bin on Windows, it erases the entry on the clipboard that says “TPSReport.docx is the third document in Box 6” and adds another row at the bottom saying something like, “TPSReport.docx is in the recycle bin, but came from the 3rd folder in Box 6” This way, people can recover documents from their recycle bin for some time that they didn’t mean to delete.
But any advanced Windows user knows that holding down shift and pressing delete on a file brings up a dialog box asking if you’re sure you want to “permanently delete” that file. If you click OK, the file poofs—never to be seen again.
That is, unless someone looks for it.
Computers (and Windows in particular, when it says it is permanently deleting a file) are a bit misleading. When you “delete” a file, what is actually happening is this: the computer removes the row on the clipboard that says where that file is stored, and doesn’t add that second row about it being in the recycle bin, either. As far as the computer can tell, the file never existed; it doesn’t know anything about it.
So for the most part it is “deleted.” You can’t open it, and someone getting on your computer can’t open it.
Except the file is still in Box 6. In fact, it’s still the third document in Box 6.
There’s just no row on your clipboard to tell you that. If you knew—maybe from your brilliant memory of a minute ago—you can just walk up and grab the folder directly out of the box, as long as you knew where to look for it.
The same goes for computers.
And let’s not forget the original option that you thought about doing when you wanted to find the file. You could have started at the first box, ignoring your clipboard, and looked through each box until you found the document you were looking for. It’d be slow, but you’d be guaranteed to find it if it were stored in one of the boxes.
The same concept applies here again, and that’s how a lot of our new-age computer forensics tools work. When the government, police, or even just a hobby techie, gets ahold of your computer, a simple tool can retrieve all of your files—even the ones you’ve “permanently deleted”. This type of tool regularly catches hackers, warez distributors, and basically anyone suspected of unlawful activity on a computer.
Now, you may be asking: so how do I actually delete my files?
The truth is, unless you’re paranoid enough to want them deleted immediately, they will delete themselves over time. As you create more files, edit old files, use programs, or even turn on your computer, more space is needed by the computer to save stuff in memory. When a computer needs more space to store stuff, it looks at its clipboard and finds space that isn’t currently being used—like Box 6, folder 3.
To truly delete your files, you just need your computer to write over them with new data. Basically, your computer has to take out documents in Box 6 to make room for new documents to put in and that forces your computer to get rid of those documents in Box 6 for good.
If you’re extremely paranoid or working in a setting where you need to make sure your files aren’t recoverable, the Department of Defense has created the DoD 5220.22-M standard for ensuring complete erasure of a file. It states that writing over a file in memory thirty-five times with specific values (zeros the first time, ones the second time, random digits the third time, repeated) will render a file (or a whole hard drive, depending on what you’re trying to do) completely unrecoverable by any means. The popular program, Derik’s Book & Nuke (DBAN) automates this process.
In conclusion, “deleting” a file doesn’t actually delete it. Instead, it solely makes the computer forget where it is stored in memory and allows the space to be used for other files or purposes. Until the space has been overwritten, the file is completely recoverable with the right tools and a sexy geek behind the keyboard.