Understanding Computer Forensics and Data Destruction
April 8, 2012An often overlooked aspect of computer security involves data that remains on your computer after you think it is gone. The practice of recovering data from a computer is called computer forensics, a term that is usually associated with recovering data that constitutes evidence in a criminal or civil court cases.
Recovery of “Deleted” Data
How is data recovered? When you press the DELETE key or drag a file to the Recycle Bin, you might think that is the end of it – but that is not the case. Deleting e-mail usually just moves it to another folder, and even after you empty the Deleted Items folder, it usually goes into the Recycle Bin, where it can still be easily found and restored with a few clicks of the mouse.
Even after you empty the Recycle Bin, data is still not really gone – because deleting data does not erase the data from the disk. Deleting data just removes the pointers to the file from the file system’s table and marks the space where it is stored as reusable. Until new data is written to that same location on the disk, the information is still there and can be recovered with special data recovery software. Even after other data is written over it, fragments of the data can still sometimes be recovered because of the way the drive heads write to the disk. If there is an offset in which the new 1s and 0s do not exactly line up with the old ones, the old data may still be discernable. Even formatting the disk does not guarantee that all data is gone.
How to Destroy Electronic Data
If you are concerned about deleted data that may still exist on your computer, you can do things such as manually delete temp files, empty cache and history files, prune contact lists, delete old calendar entries, and configure Windows not to save document histories.
An easier alternative is to use one of many third-party evidence elimination programs that can automate the process of removing data from common hiding places.
Complete elimination of data with 100% assurance that it cannot be recovered requires destruction of the media on which it is stored. Government agencies and organizations that must ensure data does not remain generally use incineration, pulverization, or destruction of the hard disk or other media with acid.
Using Wireless Networks Securely there are tons of good articles on this subject we are not going to re-invent the wheel here.