We may not all agree on whether robots have souls, but one fact is beyond doubt: your computer files have an afterlife.
Say you’re using Windows and you have a Word document saved on your hard drive. Recipe for sweet pickle casserole from your Aunt Mindy. You hate sweet pickles, and Aunt Mindy’s visit is over (finally!), so you decide to get rid of the document.
You select the icon and press Delete. Is it gone? Not yet, of course. It’s in the Recycle Bin.
Ok, you empty your Recycle Bin. Now is the file gone? Nope. You can’t access it anymore, but it’s still there.
See, Windows keeps a record of all the files on your system and where they’re located, and that record is separate from the file data itself. When you delete a file, it just removes the record of the file, changing the status of that space from “in use” to “available.” The actual data is still there, completely intact.
By the way, this isn’t some sinister plot hatched by Microsoft to immortalize sweet pickle casserole. Nearly all operating systems do something similar. It’s not about privacy, it’s about efficiency. Deleting only the records of the file is much quicker than deleting the file itself – and most people think their computers are slow enough as it is.
Time goes by. Since the recipe data is marked as gone, Windows may overwrite that data in the future. It may be gone just a few minutes later. Then again, it might not. How long could it last? Hours. Weeks. Decades. It all depends. And even if part of the file is overwritten, the fragments that remain can still be recovered, examined, and possibly reassembled.
Instead of just deleting that one file, let’s say you completely reformat your hard drive. Clean slate, everything gone. Right?
You can probably see where this is going. Even reformatting your hard drive is more of a bookkeeping exercise than anything else. It still doesn’t scrub clean the actual data.
This applies not just to hard drives, but to USB flash drives as well. So if you let your friend borrow your flash drive for the weekend, he could – theoretically, if he wanted to, if he knew how – he could look at not just the files you meant for him to see, but many of the files you’ve deleted from the device over the the last few weeks, months, years. He could copy them onto his own computer, and you’d never even know.
How? There are lots of tools out there – many free, and many others cheap. Active@ File Recovery is one I’ve used myself with great success – the trial version is free, and the full version is something like $30. Of course, my own intentions were less nefarious. I was trying to recover data from one of my own hard drives that had died years ago. (I was very successful, too.) But it’s worth keeping in mind that such tools exist, in case you ever save any files with data more sensitive than a casserole recipe.
So how do you clear out those old, deleted files? One method (in Windows, at least) is to use the “cipher” command. Detailed documentation on “cipher” is here. I haven’t tried it myself yet, so if you go down that road, do it with caution. And even if you do completely delete the data, some information remains. The Windows Registry stores vast troves of metadata about your activities, including a list of recently accessed documents. That doesn’t apply to the flash drive scenario, but it’s still something to keep in mind.
Should you be worried about any of this? Eh. Not necessarily. Sure, people can violate your privacy with computers, but then people can do all kinds of terrible and complicated things. That’s just part of living in a society, and it’s been true for centuries. You trust some, you get burned occasionally, and life goes on. Nevertheless, I think it’s good to at least be aware that deleted files do not disappear.
I’m taking a digital forensics class right now, which is my source for a lot of what I’m telling you. If you have any questions about this, or any other digital forensics topic, ask me in the comments. I’m far from an expert, but I’ll do my best to answer.