Get in text with technology with tech Stuff from works dot com. Hey there, and welcome to tex Stuff. I'm your host, Jonathan Strickland. I'm also an executive producer at how Stuff Works, and I love all things tech and recently I had a request from a listener. The listener
asked me about doing an episode about data retrieval. Now, specifically, this listener was curious about how you go about retrieving data that was marked for deletion, and this curiosity was sparked by news stories of various agencies following investigations and trying to look for evidence of deleted materials. So the listener asked if I might be able to go into that without it becoming a political discussion. Right, Uh, And
I completely respect that. I definitely have a very particular political philosophy, but I also acknowledge that these sort of investigations can happen to any political side of the spectrum. Right, It's not a specific problem that involves one side or the other. Everyone, at some point or another has been involved in this kind of stuff. Everyone by that, I mean all the major political parties, and that there's always
some sort of question about an investigation. And then well, did they have possession of information and then they willingly got rid of that information or they worked to delete it, and if so, how do you go about retrieving that? So this goes well beyond politics. By the way, politics is an obvious example of how this happens. But you also hear about these investigations into big corporations that involve
trying to retrieve data from the void. I mean, this goes back ancient times, really, but if in modern era it goes back to before you're talking about hard drives and things like shredded documents and stuff. I remember in the late nineties early two thousand's when there were a lot of stories about this, like if you really want a good one, you can read up on en Ron. But in that era, when you have an investigation and they're looking for evidence, what steps do you have to take?
Or if you're looking at the other way, if you have a device that's got data on it and you want to get rid of that device for whatever reason, how can you be sure, absolutely certain that your information is no longer on that device. That's what we're gonna talk about today. So what happens when you mark a file for deletion? How does that file actually go through the deletion process, and to what extent can that file
then be recovered. Long time listeners of tech stuff may remember that I've done an episode similar to this particular one in the past, But things have changed a bit
since that last episode. In fact, the big one would be that cloud computing and cloud storage has become a major industry and it's really changed the conversation as well, because now we have other stuff to worry about, not just the the devices that are in your possession, but the places where data could exist outside of your control. So how does that change things? The answer to that is a lot. Well, first, let's talk about what happens when you actually delete a file on a device you own.
So you've decided to free up some space on a hard drive on a computer, and I'm talking about a physical hard drive here. You're going to delete a folder that contains old term papers because you're never going to need those again, let's be honest, there's no reason to keep them. And what is happening behind the scenes when you mark those documents for deletion, Well, the particulars depend
upon the device you're using. So, for example, if you're on a Windows PC, you're following the rules dictated by the nt f S file system. Now in t f S stands for New Technology File System, I guess that means I just said new Technology file system files is them kind of like pen number or a t M machine. So whoop see daisy on that one, guys. Anyway, when you delete a file, the file pops on over to the recycle bin or the trash bin, depending upon what
operating system you're using. But the principle remains the same. And when I say pops on over, the file doesn't actually change locations on the hard drive. It's designation changes. So instead of the file being listed as being inside the docks folder, it's being listed in the recycle bin. So the physical location of data on your computer is not tied directly to its file location. Within a file directory,
those two things are separate. The file directory gives us a very convenient way for human beings to look at all the information that's stored on a device, or at least all the information that is viewable. Sometimes you have hidden files that won't show up in a file directory. But let's just for argument's sake, say all the files. It's an easy way to organize that so that we
as human beings can find what we're looking for. If it were just a giant storage bend that had data kind of haphazardly connected inside of it, it would be very difficult to find anything specific you wanted. So the file system is mainly meant as something to let us humans access our information more easily. It's not so much for the computer. It's for us on the physical side. That data could be located next to data that's in a totally different file folder, in a totally different section,
even in a different drive on your computer. So that's something to keep in mind. The physical location of your data and the files location are not necessarily connected. That's important to remember. But the file designation has changed, so the associated programs with that file will no longer connect to it. By that, I mean, let's say it's a word document. I had mentioned term papers earlier, so you've
got a term paper. It's a word document. Let's say you used a Microsoft word and you save the document there, and when you delete it, it means that the file designation changes so that that file is now appearing in the recycled bin as opposed to the documents folder and you pull up Word and you want to pull up that particular document, you can't because it's trying to connect to a file that was last in the documents folder. That's not where it is anymore. So Word is not
going to find that anymore. It's it's kind of the first step to saying this file is gone, but the file is not really gone. It's over in that recycle bin. Like you could actually open up the recycle bin and see the files that are inside of it, assuming you don't have your recycle bin set to auto delete as
soon as something goes into it. Uh. It means that you actually have a bit of a safety net, which is a good thing, right, because sometimes you might select a file to delete and it turns out, whoop, see Daisy, I did not mean to actually delete that. That was a pick you're of my niece, and I want to keep it forever and ever. So you could go into a recycle bin or a trash bin and restore a file. And that's kind of a nice little way to rescue
something when you you make just a human mistake. Uh. And thankfully it does exist, because I have certainly use that more than once where I've realized that I accidentally sent the wrong file to delete, and so I go into the recycled bin and restore it. But what happens if you choose to empty your recycle bin, because that's
typically something that you are allowed to do. You might have it set to automatically empty every certain incremental amount of time, or it may just be totally manual, uh, And which case, it's whenever you go in there, or if you hit a certain threshold of data, like if there's a certain amount of data in the recycle bin, it may auto empty once it hits that threshold. But however you choose to do it, what happens when that recycle bin is emptied. Is the file totally gone? Then no,
it's not at that point. What happens behind the scenes again, is the operating system removes the file name entry from the file system. So now you can't even find it within the recycle ben. There's no account of it in the file system itself. But the physical space on your hard drive, because remember we're talking about a physical hard drive example here, the physical space that that file occupies
still has the file in it. It's just that that space is marked as being free or freely available, but there's actually still the file, the information, the zeros and ones, they're all still right there. They haven't disappeared. So this means that the computer is free to write over that section of the hard drive space. It doesn't mean it will right away, but it could. It might happen immediately, or it might happen months later, or it might not
happen at all. So if you lead a file and a few months later you decide to get rid of your computer, the traces of that file may still be on that hard drive. All the deletion means is saying, hey, computer, if you need this space to store something, it's totally available, so just go ahead and move on in. But in the meantime, I'm just gonna hold this old information that's sitting here because it's not really relevant to anything anymore. Um So, that free designation only means that the file
space is available, not that it is actually empty. So if you delete a file from your computer and you empty the recycled bin, the information will still be on the storage device, and as you save more information to the computer, the operating system has the option of storing that new information by writing over the old info represented by the deleted file. At that point, when you have a new file in place, you've effectively erased at least
part of the old information. So let's say we're using that term paper example again, and you end up getting a game because of course you wanted to free up computer space on your computer to install a new game on it, right, And when you install it, it starts to write the data to the hard drive, and part of the the section of the hard drive it writes over happens to be part that held that term paper.
Now your term paper is a race because the hard drive has been altered so that new data is on top of what used to be old data, not really on top replaces. It replaces the old data, which means the old data is gone, or at least part of it's gone. You know. It all depends on where in the physical space that reallocation happens. So you could have
a tiny bit of the term paper left. It would probably be meaningless bits at that point because you wouldn't necessarily have any of the information related to what type of file it used to be, but there might still be some zeros and ones that used to belong to that term paper on that hard drive, but for the most part it would be erased gone because you have new information takeing up that same physical space. Now, once you've done all this, you won't be able to retrieve
a deleted file easily. Right once you set that recycle bin too empty, the operating system will no longer be able to identify that marked file in your system. So even though it may physically still exist on the hard drive, there's no record of its existence in the software side, right like there's no there's no map to that destination anymore. So the destination may still exist, but you don't know how to get there. This is when you would have to bring a device to perhaps a service or use
special software to search for that information and potentially retrieve it. Now, there's no guarantee that you're going to be able to retrieve a deleted file, particularly if you've continued to use that same device for a good amount of time afterward, because that increases the chances that you've overwritten that old information. But assuming that you haven't, you could potentially retrieve all sorts of old data. And uh, again, it all really depends on how much use you've got to that machine
and how frequently you're writing data to it. If it's not frequent, then there's a better chance that you'll be able to retrieve at least some of that information. Now, in some ways that's great news, but say you've got a computer that had files marked for deletion and later on you find out that you actually need those files. Uh, if you are quick enough, and if you're lucky enough, you may be able to retrieve some or potentially even
all of that data using data retrieval tools. And it could also mean that if your computer had suffered some damage. Let's say that you weren't trying to delete files at all, but your computer has suffered damage that has made it impossible to access the hard drive. This also means that you could potentially take a hard drive to one of these data retrieval services and get information that otherwise would
be inaccessible to you. I'll talk more about that a little bit later in the podcast, because there are some really phenomenal stories about data retrieval in extreme circumstances that blew my mind when I heard about them. But in other ways, this is not such a good thing. It's actually a bad thing, because if you've brought let's say let's let's say you go out and you get a brand new computer. You've got an old one that you've been using for a while and it's time to upgrade.
So you go out and you buy a new computer, and then you think, well, what do I do with this old computer? I don't need it, I'm not going to use it, so maybe I want to sell it, or maybe I want to donate it. Well, if you're going to do that, you're really gonna want to get rid of any personal information, any data that's sensitive on that machine. You want to get rid of that as best you can before you hand it over to someone
else who could potentially exploit that information. So you may want to figure out a way of wiping it off for good. And one thing you could do is run a third party program or application that will guarantee that it will delete all of the info on your machine. It does this, by the way, by not just marking it for deletion, but then writing random data to the drive, so just meaningless gibberish. In other words, over all that space that was marked for deletion, typically it maybe the
entire drive. Like there are a lot of of options where you know, there's no subtlety here. It's wipe everything others. It may be designated parts of a drive, like specific folders. Sometimes it may be partitions. If you create different partitions of your hard drive, you might be able to target
a specific partition over others. But my advice is if you're using one of these, just use it with the assumption that it's going to hit everything, which means, before you do this, if you have anything on that machine that you want to keep, back up your hard drive. I know that seems weird if you're going to get
rid of everything anyway but back it up. You should be backing up your hard drives anyway because stuff goes wrong and occasionally you just need to get access to old stuff, and if you don't back it up, it can make that much more difficult and expensive. These services that do data retrieval can sometimes be pretty costly, depending upon how extensive the problem is. So if you do use one of these services to rewrite data over a
physical hard drive, it takes time. You know, this is a hard drive that uses platters, and that means also that this particular approach creates wear and tear on your device. So let me elaborate on that, like how how can this actually create wear and tear on a hard drive? Well, the hard drive is the data storage space on a computer, right, This is your data repository. This is the thing that can hold information indefinitely, even after power is cut off
to the computer, that it remains there. It is stable from between power cycles. So it's not like RAM random axis memory, which only exists for as long as the computer receives power. This is semi permanent right until you markt for deletion. The old physical addresses are stored information using magnetism. In other words, you're using magnets to create the zeros and ones on these platters. It can hold this information indefinitely. These hard drives have a circular plate
in them. That's what is the platter. So the platter is a circular plate. They're shiny, and they're at least coded in magnetic material. Most hard drive platters tend to be made out of either glass or aluminum, and then they're coated with a layer of metal that can be
magnetized and demagnetized. The platter surface contains billions of tiny little areas individually distinct from another, and every single one of those billions of areas can be magnetized, which would represent the number one in binary, or demagnetized, which would represent the number zero. Now, using ones and zeros, you can represent all sorts of data, but it takes a lot of zeros and ones to represent a relatively small
amount of information. So, for example, if you wanted to create the binary for an upper case A, you would use the eight digits of zero one zero, zero, zero zero zero one. But if you want to do a lower case A, that would be a zero one one zero zero zero zero one. Minor distinction, but it makes
a big difference in binary. And when you figure this out that every single one of those areas can be either a zero or a one, and it takes eight of them just to make one character, you realize, I'm gonna need a whole lot of those areas to store any meaningful amount of information. So it really is billions of them, and uh, that's why you gotta that's why you gotta pack all that into the hard drive, otherwise you wouldn't be able to save any meaningful amount of
information to it. Now, the way a computer writes data to a hard drive involves using a very tiny magnet on the end of a mechanical arm, and it looks kind of like a record player, which I know you guys know about now. Like for the longest time, I always had to say, hey, ask your parents, But hey, vinyls coming back. People own record players again. There are bands putting out Vinyl albums. I'm so excited about this, largely because I no longer have to explain what it
is anymore, because you guys already know. So it looks kind of like a record player. You've got a mechanical arm on the end of it. Instead of a needle, you have a magnet, and the mechanical arm can swing back and forth over a spinning platter. It can also hit all different spots of that. So you've got this basic mechanism here. It's pretty simple at least in theory, and that magnet can be used to magnetize demagnetize each
of the areas on the hard disk. So with this type of hard drive, the computer tends to store data for files and physically adjacent or nearby areas. So in other words, the data that makes up the files on your physical hard drive tends to be located within the same general area of a platter, kind of like a
track on a vinyl record album. So each song obviously is one section of a track that's in a concentric circle around this vinyl disc, right, Because if you just randomly assigned bits and pieces of songs throughout an album, it would be a mess. You wouldn't have anything really that you could easily listen to and make it meaningful. Same thing with hard drive platters. They tend to collect all the data for a file within adjacent spots on
the platter, if possible. It also makes it easier and faster when a hard drive is reading data back that it can just focus on a specific section of the our drive platter and pull that information out. If it had to skip all over the platter, that would take up more time and create more wear and tear on the system. Those areas of data are called tracks, by the way, and they, like I said, are concentric circles
their pathways that are on the platters themselves. Each track inside of it has smaller areas called sectors, and the computer keeps a record of all the sectors, and it knows which ones have files stored on them and which ones are free to write over. Now, the free ones may also have data on them, but it just means this is data that's not important, so you can write over it whenever you want. In a Windows machine, we call this record the file Allocation table or f a
T or FAT. Now, notice all of that is for physical hard drives. If you have a machine that uses a solid state drive, it works a lot differently. Solid state drives will store data on lots of different available areas within the drive, so you don't necessarily end up with a sector or track of related data. The data is all on the drive, but it could be broken up into smaller pieces, kind of like Mike TV and Willy Wonka and the chocolate factory, you know, when he's
being broadcast over the year. But they still store data in the forms of zeros and ones. All of that is still the same. It's still based on this binary code. And I'll get into how so these solid state drives organized data in just a minute, because it's important and it's a little weird. So if you wanted to wipe out a file on a physical hard drive, you'd want to use a program that would identify all the free areas on a hard disk platter. And then override that
gibberish on top of those areas. And some of the programs, such as the ones used by military and intelligence agencies, will do this more than once to ensure that all records have been completely eradicated, So they'll override a hard drive two or three times, which is frankly overkill if you're doing it correctly, but it really does make sure that that data is irretrievable at least uh there's no there's nothing meaningful on there because it's been just completely
replaced by gibberish multiple times. This process does take time, and since you are just writing meaningless information onto a physical hard drive, you know, think about saving a really big file to your hard drive and how long that
can take. Well, if you're formatting an entired hard drive, this is gonna take as long as you know that hard drive can you know whatever that capacity is and whatever it's spinning rate is as well, so that ReadWrite rate is gonna matter a lot, and also just the capacity of the hard drive if it's really big, it's gonna take a really long time to write meaningless data
to every single free sector on there. And like I said earlier, it can contribute to wear and tear on the hard drive, because you gotta remember, these are mechanical elements in that system, right, There's that mechanical arm, there's the the plate that spins along the for the for the platter to rotate properly. Those pieces all wear out over time, and by overriding a hard drive, you're really putting them to work more than they normally would be.
Now that's not to say that by running a program like this you would completely wear out your machine, but it will hasten the eventual need to replace the hard drive, because eventually all physical hard drives will fail. That's just a truth. Um, if you use it long enough, it will fail. Now, if you get rid of the computer before you get to that point, sure, technically you got around it. But if you're just constantly using a hard drive, sooner or later it's gonna it's gonna fail because those
mechanical parts are just gonna wear out. Also, most of these programs that I know of do this indiscriminately as to which parts of the hard drive get over written. So that's a nice way of saying they'll nuke it from orbit just to be sure, which includes the deleted data you definitely didn't want anyone to have any access to, plus everything else as well. So if you plan on using this method to clean a hard disk that's still has stuff on it that you want to keep, like
I said, pump those breaks just a little bit. Make sure you have a backup copy of your hard drive that you're going to keep, that you know in case there's any relevant data on there that you need to have access to later on, and then do it. Because if it's doing its job correctly and it allows you to designate specific specific parts of your hard drive for this process, you might be fine and everything you wanted
to keep might still be there. But if things go wrong or you don't use the software properly, or it's software that's meant to tackle an entire hard drive and not just the bits that you want to get rid of, you'll be thankful to have that backup copy. Solid state drives don't have any moving parts, so the element of wear and tear that I was just talking about isn't as big an issue. There is wear and tear on solid state drive, but not through mechanical stress. I did
mention that things get a little weird with them. So here's my attempt to explain how a computer stores data in a solid state drive. Now, imagine that the solid state drive has a collection of datas storage units called blocks. All right, so you've got blocks. Within those blocks, you have multiple pages. So you can kind of think of a block like a book. Right, So solid state drive has a whole library shelf filled with blank books inside of it. Each book has an equal number of blank pages.
We're just gonna use examples, like saying sixteen, So each book has sixteen pages in it blank pages. You can write data to any blank page, or really, the computer can write data to any blank page. A single file might require more than one page within a block or a book. So let's say a file takes up three pages. That's fine. You still have thirteen more pages left in that book where you can write data to it. So let's say that we've got a block that can hold
sixteen pages. You write data to that, or you send a command to the computer that writes data to the first five of those. You still have eleven page is left. Now, let's say you eventually fill up those other eleven pages saving other stuff to your computer's hard drive. And now the block is full. All sixteen pages have stuff on it. It cannot fit more pages. You have other blocks in the drive. It's not a drive that only has one block,
but that specific block completely full. You can't add anything to it. Then, let's say you realize that one file, let's say that's stored on page number two. One file is superfluous. It offends your sensibilities, and you wish to delete it post haste. But hang on their sport. Because ssd s don't behave the way hard disk drives do. You can't just delete a single page within a block. You actually have to delete an entire block with all of its pages. In other words, you can't just rip
out one page of a book. You have to erase the entire book to get rid of that one page. So how do you do that? How do you delete one page out of a block while keeping everything else? If you have to delete an entire block at a time, Well, this turns into a super simple version of the old puzzle that states you got a rowboat, a wolf, a goat,
and a cabbage. Now the boat is big enough to hold you plus one of the other three companions at a time, And yes, I'm promoting cabbage to companion status because I've seen Doctor Who, and some of those companions were thick. Anyway, you need to transport all three across a river. But if you leave the goat with the cabbage, the goat's gonna eat the cabbage. If you leave the wolf with the goat, the wolf will eat the goat. The cabbage doesn't eat anybody. It's a vegetarian. So how
do you get all three across the river? Except, of course, with the SSD puzzle it is way easier. And I bet you've already figured out how it works. But if you haven't and you want to hear the answer, you're gonna have to wait just a second while we take a quick break to thank our sponsor. Her. Okay, I promised you an answer, and I guess I'm gonna answer
both riddles. So the first riddle, you know, the one about the goat and the cabbage and the wolf, Well, you would take the goat across the river first, because the wolf is not gonna eat the cabbage, and the cabbage will not eat the wolf. So you leave the goat on the other side of the river. Then you row back across. You pick up the cabbage, and you roll back to the other side of the river. Then you leave the cabbage on that side, but you take the goat, because if you leave the goat and the
cabbage together, the goats gonna eat the cabbage. So you bring the goat back across to the side where you started. Then you take the wolf, but of course you have to leave the goat. You can't take both the wolf and the goat. Boat boats not big enough, so you put the goat back on the shore, You put the
wolf in the rowboat, you row back across. You put the wolf on the side with the cabbage, go back across one more time to grab the goat, and final time you row back across, and then you the goat, the wolf, and the cabbage can carry on your merry way, happy knowing that you solved a basic riddle and that you totally blasted your packs. Bra that's a lot of rowing. You really got some cardio done. Well done. But for the solid state drives, the answer is actually much more simple.
So if you need to delete a file, what actually happens is you have to copy all the pages inside a block containing the files you want to keep, and only those and you have to put them over into a new block. So you've got block number one and it's got, you know, all sixteen pages filled out, and you want to get rid of page number two. What you would do is you would copy pages one and then three through sixteen and poured them over to block
number two, which has empty pages in it. Then you come back to block number one, which still has all sixteen pages. Right, we haven't done anything yet to those, so you actually have copies of information in two different blocks at this point. Then you delete all the pages inside block number one, including page number two. This is just to get rid of page number two. Right, You have to go through and copy fifteen pages, paste them into another block, and then delete sixteen pages just to
get rid of one page. That seems kind of ridiculous, right, seems like a lot of work. Well, it also creates wear and tear on the flash drive. Now there's no or solid state drive, I should say, there's no moving parts here, right, you don't have any mechanical things to
worry about. But there is a limited number of times that you can write to a block, and eventually you're going to run out of that many times, and that's when the capacity for your drive starts to diminish, so you can actually see It's kind of like seeing how rechargeable batteries get less effective over multiple recharges, same kind of thing, and that you'll see the storage capacity of
a solid state I decrease over a long amount of time. Uh, the amount of time is largely dependent upon how big the solid state drive is because it can sometimes distribute this across a lot of different blocks. And how frequently you do this process. By the way, this process is called garbage collection, and I am not making that up. That is what is referred to when you're trying to do this deletion process through solid state drives. So you wanna be careful with how often you do this, how
frequently this happens. A lot of sites suggest that this is done regularly but not frequently, so maybe check into that, because you want to make sure that you're not decreasing the useful lifespan of your storage media, otherwise you're gonna have to replace it. And while story storage has gotten cheaper over time, it's still you know, you don't want to have to replace it unless you absolutely need to. Now, to get a little bit further into the weeds on this.
The storage media itself does not know about files marked for deletion, and the operating system doesn't know which blocks have data in them. The operating system is essentially saying, right files to this, or delete files to this. The solid state drive is just thinking, all right, well, I need this is where something is, this is where something can go. So let's use another example to explain sort of how this works, because it's a little tricky to
think about. So you've got a block with sixteen free pages. Then you write stuff to twelve of those pages. So the last two of those pages, pages eleven and twelve, represent a file that you decide you want to delete. So pages one through ten you don't want to touch. Pages eleven and twelve you no longer need them. You want to delete them. In your operating system, you select that file, you delete it. Everything from your side looks like it's gone. There's no way for you to access
that file anymore. You can't even see that it exists. Uh. The operating system essentially says, no problem, that file is totes history, but the solid state drive doesn't do anything yet. You then decide later on to save a new file to the solid state drive, and it would go into the first two empty pages, and that would be eleven and twelve because you had set those to delete. But the solid state drive didn't understand that until it gets
the command to write two pages eleven and twelve. It goes to right to eleven and twelve, sees that eleven and twelve have data in them, the data from the deleted file, and then adds it to thirteen and fourteen pages thirteen and fourteen, But it designates at that point pages eleven and twelve for a garbage collection. Essentially says, the next time you do garbage collection, these two pages
are not needed anymore and can be wiped. So we when we do that process I talked about earlier about copying all the pages to another block, don't copy pages eleven and twelve. We don't need them. But this is not terribly efficient because it could mean that you've got an entire block copied over before any of this gets marked for deletion. It could mean that you're essentially increasing
wear and tear. It's called right amplification because you're amplifying the number of files that need to be written to a new block. Because it hasn't picked up the fact that those files are actually supposed to be gone. There is an exception to this, obviously. There there's a application called trim t r I M. This is a command that helps reduce the number of times data gets copied
during that garbage collection process. Trim tells the solid state drive which files and therefore which pages you have marked for deletion. So the logical layer on the solid state drive knows that pages eleven and twelve can be ignored during garbage collection, so they won't be copied to a new block. It takes one step out of the process I just described a minute ago. Now, one thing you can and should do with solid state drives is encrypt
the draw. If you can encrypt the data that's stored there, which means you create a strong password that you use to access that information. And if you don't have the strong password, then everything appears to be meaningless data. It's all encrypted and you can't read it easily without decrypting it first. Even if someone gets access to your drive at that point, the information will be difficult, if not impossible,
to access. Assuming that you don't have a ridiculous farm of GPUs working to decrypt through brute force it it would be pretty hard to get access to that information. As for a racing solid state drives permanently, there are a lot of utility programs you can use that are meant to do that reliably. They say that they are able to delete data off of s s d s
with a certain degree of of guarantee. The complexity of solid state drives, however, can lead to mistakes, either in deleting something you didn't want to get rid of or overlooking data that you meant to hasted into the ABYSS. And according to one study by a group of engineers at the University of California, it's not exactly a guarantee.
They use different methods of trying to delete data from an SSD, and they found that the process could leave behind anything from four percent to seventy of the original data, which, depending on what that data is, could be really damaging to you. So that's kind of scary to think about, where the process of deleting is not necessarily a guarantee that the information is actually gone if you're really really
determined to try and retrieve the data. Alright, but let's say you've deleted the information, and you absolutely want to make sure that no one ever gets access to that data, just in case, even if it's just a smidgen of that data, how do you guarantee this well, Once you're finished using software to wipe the disk, you can move
on to more physical solutions. So with hard disk drives, one thing you could do is pull the drive out of the computer case and use a good old hammer and nail so that you can drive a nail through the case of the hard drive to puncture the disk, potentially doing this in multiple places on the disk to make sure it's impossible to read later on. Now, if you want to do this, you have to promise me to do the following things. First, wear eye protection because
you never know when something's gonna fly off there. Wear some heavy gloves because thumbs and hammers love to get together, so it's good for you to protect yourself because you're gonna be holding a nail on a metal case and then striking it with a heavy hammer, and put the hard drive on top of a block of wood like a two by four or something, because there's a good chance you're gonna drive that nail straight through the case.
And if you do You don't want to damage whatever is on the underside of that hard drive, So follow those rules if you're gonna do this, and be very careful. Now, depending upon what the platter is made out of, you might even shatter it. Right. It may not just have a nail driven through it. It might shatter the drive, which is good news for you, since it would be exceedingly difficult to put together a shattered drive in any meaningful way. Chances are that data is just irretrievable. You've
gone beyond the capabilities of the data retrieval industry. But with solid state drives, you really need to smash the chips that hold the data. So that typically means you have to pull apart the drive, find the relevant chips inside of it, then swing a hammer and start smashing like crazy. Now, sometimes it could be a little tricky figuring out which chips are the ones that actually hold the data, So in those cases, just go nuts and smash all of them. You know, why leave anything out
be safe. Alternatively, you could make use of a service that will physically destroy your hardware for you, and typically they use a shredder, which is kind of like an industrial version of a wood chipper, something that uses very high power, very uh strong hydraulics typically that will grind the stuff into tiny pieces. These shredding services will reduce
your media to unusable pieces of junk. I even found a few that claimed they follow environmental best practices so that they reduced the impact those materials might have on the surrounding environment. Because a lot of computer equipment contains stuff in it that we would rather not release out into the wild, like lead or mercury or other potentially harmful materials. So it is something that you want to be careful about and responsible with because it's one of
the big problems with e waste. You may have heard previous episodes where I talked about e waste and how that can contribute to environmental problems. You want to find a company that has a good reputation for dealing with this in a responsible way. For hard disk drives, the physical types, some services might first make use of a really powerful magnet before going on to physically destroy the media.
That's because the magnet can change the sectors of a hard drive so that they all align with the magnetic field of the magnet itself. At least for older hard drives, that's a possibility. It certainly works for older forms of magnetic storage in general, like VHS tapes or a credit
card stripes. If you've ever had a credit card and you've stored it next to like, back to back with another credit card, you may find that suddenly it's not working anymore unless people physically put the number into a machine, the stripe no longer seems to work. Well, that's a magnetic stripe, and if it's exposed to a strong enough magnet, it can demagnetize that magnetic stripe, and then you have meaningless data on there. It's no longer associated with your account.
This is why you shouldn't have a credit card stored in a clutch or a wallet that has a magnetic clasp, because it can in fact affect that stripe. Now, hard drives are a little more dy with that they may not even be affected by neodymium magnet At least the data might not be. It may not even affect a single bit stored on that hard drive, depending upon when
the hard drive was manufactured. So what is actually happening here? While, as it turns out, materials have what is called coercivity, that's coercivity Like coercion, in a way, coercivity refers to materials resistance to being demagnetized. So if you magnetize something and it has high coercivity, it means that it is resistant to having that magnetization altered in any way. Um if it's if that coercivity is lower than it means
the magnetization can easily or more easily be altered. The unit we associate with this trait is called the Ersted O E R S T E d uh. And like I said, the higher the coercivity, the less likely the magnetic field will dem agnetize a material. Now, VHS tapes and credit card stripes typically falls somewhere in the five
hundred to one thousand Ersted range. Hard Drives have higher coercivity, especially more recent physical hard drives, and some of them are enough to protect it from any sort of accidental demagnetization, which is a good thing. I mean. You may have heard about ancient computers, and by that I mean the ones that we had in the eighties and nineties where you didn't want to have a magnet anywhere close to a floppy disk because you could demagnetize the floppy disk
and destroy all the data on it. Well, there was a lot of fear that the same thing could happen to hard drives, But as it turns out, you need a really, really powerful magnet to do that, which is why these data destruction services use extremely powerful electro magnets to do this. But more and more of them have been leaning heavily on physically destroying the media itself because it's less expensive and it's more efficient when it turns
when all of a sudden and done. So you don't see it as frequently now as you used to, but it used to be a kind of standard part of the procedure. And I need to stress this. Do not bring a magnet near a hard drive in order to demonstrate how robust that hard drive is, how it can keep data intact even in the presence of a strong manetic field. Now why do I say that, I mean I just finished saying that. Chances are you're not going to alter one bit of information stored on a hard
drive using a magnet. Why keep it away? Well, because there are things inside these physical hard drives that are reactive to magnets, like they will be attracted to a magnet parts of the mechanical systems, like the electric motors and the mechanical arm and various elements that make everything work. You could do physical damage to the hard drive itself. So while the bits would all be still perfectly intact on the platter, you know, you hadn't change the magnetization
of the platter. You could wreck the workings of the hard of itself. You could tear it apart from the inside, which sounds cool, but then you're not going to be able to get to your data without taking your hard drive to some sort of repair shop or data retrieval system, and then you've really made it expensive. So keep those magnets away from the hard drives, all right. Now, let's talk about trying to get data back. What if our computers have been through some sort of trauma and we
need to retrieve data on it. So we haven't tried to delete the information In this case, it's not like we've deleted something and then oh no, I need to get that file back. This is whoops, I accidentally drove over my laptop or a computer was caught in some other terrible accident. How do we get something back when we can no longer actually run the computer, or it
can no longer access information off the hard drive. Well, there are businesses that are dedicated to doing this, and some of them have had remarkable success, even in extreme cases. So remember how I said. Physical drives can experience wear and tear to a point where they're not really operable anymore. A few things can make the mechanical operation of a
hard drive impossible. You could have a broken motor. You can have a platter that gets warped and so it can no longer spend freely inside the hard drive, which makes it and it makes the data inaccessible. In those cases, bringing the hard drive to a data retrieval services a company that could be your best bet. Now, those services typically operate a space that's similar to a clean room
in a microprocessor manufacturing facility. These are rooms where you have really powerful machines that are circulating all the air, which filters the air to remove any dust particles that could potentially get in the way. Because remember, the elements on a hard disk drive platter are microscopic in nature beyond microscopic, and a single dust moat is enormous in comparison. So in these environments, engineers wearing clean suits or bunny
suits sometimes they're called. These are the white suits that zip up over a person's normal clothing and keep things like like human dust, essentially skin flakes, that kind of stuff from polluting the environment. They will take apart these old disk drives and attempt to put them together with other working elements. So you might remove a platter from an old disk drive and put it into a new
system to try and retrieve data off of it. And like I said, there are a lot of remarkable success stories out there, so I'm gonna share just one because I think it's pretty cool and it's it's indicative of some of the more extreme cases of data retrieval. There was a uh AN incident at Southampton University a few years ago. There was a severe fire that damaged computers
in a research and development wing. So you had these doctoral students PhD students who had been using these computers to store their data and to crunch numbers and you know, just to work on these projects. So the information on those computers represented years of work and potentially millions of
dollars worth of R and D information. The university had this terrible fire and the fire damaged seventy computers in this R and D wing, so they contracted a company called Kroll on Track to try and get as much of the data back as possible from these machines. These are computers that some of them had been melted from the fire and had suffered fire damage heat damage. Uh the ones that didn't suffer direct fire heat damage had suffered smoke damage and water damage, So they're talking about
an extensive amount of trauma that these computers experienced. A an engineer named Robert Winter with carl on Track, led this effort to salvage as much data as he could off of the seventy hard drives that the university had given over to him. So the engineers made copies of every single hard drive that they were able to, although some of them were so damaged by heat it was
just irrecoverable. These computers ended up giving up about of the data they had stored on them, so, in other words, they were able to get back the vast majority of information stored on these computers even after they had been
through fire and water and smoke damage. They were subjected to some of the worst conditions that a computer can endure and still hold information and yet a firm was able to get that data off of those computers, which is both inspiring and if you're concerned with data security, a little scary, because if if data retrieval specialists can get information off a computer that's been in a fire and subjected to water damage, you got to go to some pretty big extremes in order to take care of
the information and make sure no one gets access to it. And what happens if the computer isn't yours, then what you do? Well, I'm going to cover that in a little bit, but first let's take another quick break to thank our sponsor. All Right, let's say that you have practiced really good data security. You've also practiced backing up your computer. You want to make sure that you have access to information if something should go wrong, so you've
got to back up for your computer. Uh. If you're like most people, I'd say that, at least until fairly recently, I'd say that you'd likely use some sort of external hard drive, and you're backing up regularly to that, maybe
once a week or once a month, something like that. Uh, maybe you have it set up where it does that automatically every given amount of time and so you're external hard drive represents a continuing timeline of what used to be on your computer or still is on your computer and some cases, and that means that if you do delete something off of your hard drive, you could go to your backup and retrieve it in case you realize later that that was a bone headed mistake. Let's say
you're doing that. Now, Let's say that you're going even further. Let's say that you're practicing the next step making sure you have your data backed up securely, and you're using offsite data backups. Now that means that you are saving to a machine that's in a different location than your primary machine. And the added benefit here is that if anything should happen to your physical device, perhaps the building that your physical device is in, you still have access
to the information. I've worked at companies that did this, where we paid a data company to run servers that
we would end up saving our information to. So it wasn't so much I mean a get technically it's cloud computing, but really it was just a data farm that had certain computer says aside just for us, and we would save backups every day at the end of the day to that particular service, and they were dated, and so you would keep a certain number of days on file, and then you would replace them with a rolling replacement, which meant that if you deleted something or over wrote something,
and then two weeks later you need the original, you could actually still get it. This is good if you want to make sure that you know you have access to that data even if something happens to that physical location. So in the case of that Southampton University fire, if they had been using offsite backups, yeah, it would have been awful already because you're gonna lose equipment. No one wants to do that. That's expensive. But you would still
have that data in the off site storage. You wouldn't have to worry about going through these data retrieval processes because you would already have the information there. However, it does raise the other question of if you want to delete something, how can you be sure that it's really gone? How do you delete data everywhere? This is particularly complicated. Now we're in a world where we have more and more connected devices that are having shared resources. So let
me give you an example. I am very firmly in the Google uh sphere, right, I mean that ecosystem. This is not for me to advocate for Google. Other ecosystems are just as good, if not better. My wife uses the Apple ecosystem, for example. So you're you're firmly embedded in one of these ecosystems, and one of the benefits is that you have access to a lot of information across a multitude of devices. So you might be using a cellular device, you might use a WiFi connected device,
you might be using multiple devices. You might be using tablets, hand set cell phone essentially our smartphone, laptops, set top boxes, all sorts of things to access different data, which means that data has to be freely available across these different device is. Sometimes you have instances of that data saved on a device for a convenience sake, because if it's saved to the local device, you're going to pull it up much more quickly than if you have to pull
that data down from a cloud server every single time. Right, So, if you want fast access to your information, then having a a temporary version of it saved to the device for at least some given amount of time is handy. But it also means if you want to delete that information, you might have instances of it existing on multiple devices until the general command is given to wipe it off of all of them. Moreover, there's some server somewhere that contained that data, and how can you be sure that
that data is actually gone. Let's make it even more complicated. If you are talking about using a cloud storage service so that you can save your information off site, which again keeps the information relatively safe at least from physical damage. Assuming that the cloud service is also practicing very good security, it may be giving it superior data security protection from potential hackers or snoopers. Let's say all those things are true, how can you be sure when you delete something that
actually goes off of those servers. And not only that, but if you're running a really good cloud service, you're using multiple computers to store the same information for redundancy sake. Now, this is for the same purpose that you would save something off site as a backup, right, except you're talking
about a cloud service. If I have a document in Google Docs and it's saved through my account somewhere at Google, in one of their data centers, or maybe in multiple data centers, there are computers that have that document saved to them, and it's saved on multiple computers. That way, if one computer should break down, because they do break down, it just happens. I can still get access to my document because it exists on backup computers. This is redundancy.
It is a very important feature in cloud storage. If you don't have redundant systems in cloud storage, then should something go wrong with one machine at your service, there's gonna be a client out there who can't get access to their information, and since that's what they're paying you for,
that's not good business. However, on the flip side of that, when you want to delete something now you not not You're not only deleting it from your local devices, you wanted deleted from every single instance at the cloud storage service. How can you guarantee that happens. And here's the answer
to that question. You can't. I mean, unless you're able to actually physically visit the all the data centers for whichever service you're using, and if you're using one of the big ones like Amazon or Google, that's a lot of data centers across a lot of different locations around the world. Unless you can do that yourself, you cannot be absolutely certain that the files you've asked to be deleted,
are really really gone? Now, these companies are going to tell you if you send us a request to delete, we delete, and you will not have access to that file anymore. Don't even bother play in coming to us saying, oh, I did not mean to delete that because it is gone. Well, of course the companies are going to have to say that, because otherwise it would be to suggest that when I delete something from their servers, they don't actually delete it,
and that would be bad business. But we can't be sure that when they say they've deleted something that's actually gone. What does happen is they essentially sever the connection between the customer and that particular information. So if I delete a document out of my Google Docs, let's say, then what Google is going to do is essentially cut off the method that of getting to that document from my account.
That means that I no longer have a pathway to that document, but I can't be certain that it means the document itself is gone. It may still exist on multiple computers under Google's domain. I just can't get to it, but that doesn't mean it's actually deleted. Now a lot of these cloud services will also offer encryption services or even include that as part of the storage system, meaning that your data is encrypted and the only way to get to it is to have the decryption key so
that you can actually read that that information. That's a little more useful because if I delete a file and they cut off the pathway between me and that file, even if it still exists on their computers, it's encrypted, so it's not like anyone's reading it or getting access to it because they don't have the decryption key. I
have it, So that's a little bit better. And in fact, it's the solution that the I E E E, the I triple E, or as Chris Palette and I always used to say back in the old days of tech stuff, I e. They recommend using encryption for all cloud services.
In fact, they're specific recommendation is using what they called recursively encrypted red black key tree or RURK r E E R E r K, which is a complicated method of making sure that off site data is meaningless to anyone but the person who actually owns data or has
the legitimate access to that data. Now, the reason why this is a relevant question is because it became clear that there are some companies that had purported to have only temporary ownership of data or temporary stewardship if you prefer, of data, and it turned out that it was less temporary than had previously been suspected. So back in for example, there was a story of about Snapchat and about how the service was keeping photos rather than deleting them after
a said amount of time. So the general thought was that if you took a photo with Snapchat and then you shared it with people, it would only exist for maybe twenty four hours and then it was gone permanently. But then it turned out that the story wasn't entirely true. Now, the two thousand thirteen story didn't suggest that Snapchat was
actually keeping these copies on their servers. Rather, what it was saying was that the device you were using to access Snapchat and to take photos of yourself would hold onto those pictures for a while at least, that they were doing it in a way where they were using a file extension that made it difficult to see that
those files still existed on the device. But if you knew what you were looking for, and if you used a little bit of tech forensics work, you could actually find the folder and the photos that you had been taking all that time on Snapchat, even though it sounded like the app was going to delete the photo from your device after a given amount of time, So it turned out that it wasn't as gone as you thought
it was. Now, granted, that's on a local device, right, so it only really matters if someone else gets hold of your phone, let's say, and has access to it and is able to find that folder and find those image files which have been renamed, thus making them more difficult to find. But if they knew how to do that, they could totally see all those images that you were being taking on Snapchat and sitting off. So all those post workout selfies that I do, but I mean, come on,
they're working hard. So those still existed on the phones. That was the story that broke in two thousand thirteen. As for the servers, they do not hold onto user data forever, so they don't hold onto those photos and other snaps indefinitely, but they might hold on to it longer than you expected them to, up to thirty days after when you shared the snap. So technically what they'll do is they'll delete files once the system detects that
all the recipients of a snap have viewed it. So let's say that you've you're sharing something just to your Snapchat followers. That's it. It's not available to anyone else. You send this out and the system detects that every single one of your Snapchat followers has had a chance to look at that snap has opened it at some point.
It will then mark that snap for deletion, but if not everyone has done it, it will keep that snap active for up to thirty days after it was taken in order to give people who follow you the chance to see it, which I don't think is a bad thing necessarily. It's just something that might not easily be understood by a lot of people who use Snapchat, who think this is a very momentary type of media and moments after I share it it's gone. That's not the case.
It can stick around on those servers for up to a month later. I don't know that that's necessarily a deal breaker, but it is something to keep in mind. And it's those kind of stories that got people to asking questions about cloud storage. If I decided to delete something off of my cloud storage account, how can I be sure it's really gone? And again, the answer is he can't be certain, so that's kind of buyer beware.
I suppose that if you're going to use cloud storage, which I think is a valuable service, don't get me wrong, you do so knowing that there is the potential that that information is going to be out there forever, h on those servers, or at least on a machine somewhere. You have to accept that that is a possibility. It's not necessarily something that is definitely gonna happen, but it's
it's definitely possible. Let's say that you have saved something to your account and then they decided to take a server offline because they need to replace it in their array of servers, and it happens to have a copy of that information you saved. Then you choose to delete it from your account, but that particular machine has been disconnected from the overall service, an instance of your information
may still be on that machine. Now, granted, if it's a legitimate business, what they they should do is wipe that machine completely and and overwrite all the information on it so that no files on it could possibly ever be accessed. But it's still want something to worry about, because it's outside of your control. If you're using cloud storage responsibly and you are practicing good data security in general, I don't see any reason why you should stop relying
on it, especially if you're using encryption. I think it's a valuable thing to use, but it's also good to know it's limitations and the potential problems you could encounter uh in in a worse case scenario situation. And if that worst case scenario isn't that bad for you, there's no problem. If you want to save something that is more sensitive information, maybe they are trade secrets, something that you do not want to get out to the general public.
Maybe don't save it on cloud storage. Maybe save it on local storage. Have an off site but secured data server that's just yours. No one else is sharing it. Save it to there too for a backup. It's a lot of extra work, but it's more of a guarantee that your sensitive information will not leave your control, and ultimately that's the most important thing in this particular discussion. If you've shared it online, if you've posted some information
on the internet, it's out there forever. Just accept that because there's not any easy way to remove something that's been posted to the Internet. People on Twitter know this. People who have tweeted things that they wish they hadn't and had gone back to delete those tweets, they already know. There's no such thing as deleting it off the Internet. It exists somewhere else already, someone has already saved a copy of it, and it is perpetuating out there for
the rest of all of the Internet's existence. So if you think it's sensitive information, don't post it on the Internet. That seems like it's incredibly basic information, and yet people still do it. So I'm gonna say it here just in case any of you were thinking, Hey, I think I should post my social Security number on Facebook. Don't do that. Don't do it. All Right, that wraps up
this discussion about data deletion data retrieval. There's a lot more of the details I could go into, but it gets really technical, and it gets into file systems and file trees and all these other concepts that are hoardent, but they're also difficult to explain in an audio format, and frankly, it gets into greater detail than most of you require. I encourage you to practice good habits and if you have suggestions for future topics I should cover here on tech Stuff, send me a message let me
know about them. The email address you should use is tech Stuff at how stuff works dot com, or you can drop me a line on Twitter or Facebook. The handle for both of those is tech stuff hs W. Remember we've got an Instagram account now, so you can follow that and get all the cool updates that Crystal keeps posting there. And if you want to watch me live on Wednesdays and Fridays, I record the show and I stream it on twitch dot tv slash tech Stuff.
If you go there, you'll see what the schedule is Wednesdays at four pm Eastern and Friday's at two third p m Eastern. Hope to see you there. We got a chat room. You can join in and make jokes and point out all the factual errors I I spout out, no, please don't do that. Just be really supportive and nice because I my ego is fragile. And I also love to chat with you guys whenever I'm in a break
between recording sections, So jump in there. I'd love to see you there, and I'll talk to you again really soon for more on this and bathands of other topics because a house stuff works dot Com