And additionnaly, isn’t there a way to exploit this so we can store more stuff on PCs?
Edit: can’t thank you all individually but thanks to everyone, I learnt something today, appreciate all of your replies!
Because of how filesystems work. There’s basically an index that tells the OS what files are stored where on the disk. The quickest way of deletion simply removes the entry in that table. The data is still there, though. So a data recovery program would read the entire disk and try to rebuild the file allocation table or whatever by detecting the beginning and ends of files. This worked better on mechanical drives than SSDs.
You have a notebook. On the first page, you put a table of contents. As you fill in pages, you note them down in the table of contents at the start.
When you want to delete a page, instead of erasing the whole page now (there are hundreds free still, why waste the effort), you erase the entry in the table of contents.
Now if someone finds your notebook, according to the table of contents there is no file at page X. But if they were to look through every single page, they would be able to find the page eventually.
This is loosely how file systems work. You can’t really use it to boost storage, the number of pages is finite, and if you need to write a new page, anything not listed in the contents is fair game to be overwritten.
If I tell you all the boxes in a warehouse are empty, that doesn’t mean they are. It just means I think they are. You can go and check them manually to see if they’re actually empty or if I was lying or forgot there was stuff in them. The metaphor breaks down a little bit here but if you look at the boxes closely, the ones with dust on top were probably empty for a long time and the ones without were probably emptied recently.
Often times when you delete something off a computer, the computer simply deletes the address of the data, but doesn’t overwrite the data.
Think of a map for a city. If you delete a house off the map, you may not be able to find it anymore, but the house is still there. It’s the same for computer storage
it’s inefficient to really erase the data, so what happens usually is: it gets marked as deleted. the data only gets overwritten when another file is written in the same data area, which often doesn’t happen immediately. even if a drive gets formatted the empty metadata structures of the new partitions and file systems are just written on top. since they have no file entries yet, the previous data just sits there invisible and inaccessible until new files are created and maybe overwrite a bit of the old data.
A file comes in two parts: the actual blocks of data that hold the file itself, and a directory entry with the name of the file, and the location of the first block.
When you delete a file, it only scrubs out the directory entry, and re-lists the data blocks as available for use.
The only way to truly securely delete data is disc destruction. Remove the drive and drill through the hard disk platter or the SSD memory chips.
Even a single overwrite process is sufficient to stop most attempts at recovery- the only people who might be able to reconstruct that data are… like top FBI forensic labs, and similar.
Even then, most of the data would be coming back corrupted and mostly useless.
2 or 3 overwrites are sufficient to prevent that as well.
For SSD’s, a single overwrite renders it impossible, simply based on how the data is physically stored- there’s no residual “footprint” or “ghost”- the NAND flash memory used floating-gate transistors to store the data. Either the gate is flipped or it’s not, there’s no way to know if it was previously flipped, only what its current state is.
Physical destruction is usually only recommended for extreme cases, where that drive held extremely sensitive data- where the consequences of any amount of that data being recovered would be catastrophic, even then the process begins with overwriting data. (Also keep in mind just breaking the platers aren’t enough- they have to be shattered into ittybitties.)
deleted by creator
IIRC: Data has not been overwritten yet; it is just shown to be open to being rewritten.
It can still be recovered with minimal corruption if the device was not used too much, where open storage would be eriten over.
eriten
Follow up question: If I reformat and write my drive with 0s, how reliable are the mechanisms to recover previously stored data on:
- An hdd
- A ssd
Asking as a hypothetical for a hypothetical friend.
If you actually fill the drive with zeroes, the chances of anyone getting anything back are somewhere between fuck and all.
Old MFM drives (tech likely as old as your parents) had a theoretical exploit for recovering erased data.
With modern tech, that loophole was firmly closed; even state-level actors would be shit outta luck.
dban is kind of the standard for wiping data, which iirc is 3 cycles of overwriting everything with 1s, then 0s.
