Files deleted are not really gone. Explain what happens when you delete a file

Shift-Deleting a file or emptying the Recycle Bin is not the end of the file as misconceptions go.  For one to understand how the files can be retrieved, one needs to familiarize with the concept of how files are stored in the hard-drive. Files, either text or media are stored in the hard-drive as binary data – in the form of 0s and 1s. These binary digits define the file, with a file address and the starting point of the binary data called a flag. The computer has a File Allocation Table or a Master File Table which defines the file by storing its starting and ending point. The Windows operating system tracks files based on the FAT or MFT, while the Mac system uses a slightly modified form of tracking called the Nodes. The computer reads the files in the form of binary digits since it can interpret only 0s and 1s and converts them into the necessary file format to be executed.

When a file is deleted, the data associated with the file does not get destroyed, instead the link by which the file can be executed, is removed from the folder, making the file inaccessible. Undoing the deletion process is not possible after Shift-Delete or emptying the Recycle Bin, but there’s a chance that the file can be recovered by the proper sniffing software and hardware. When the file is deleted, the flag that denotes the starting point of the file is turned to “off”, which gives the computer a signal that the space that had been used for storing this file is now available for overwriting or holding new data. If a file has to be permanently deleted, with a zero possibility of recovery, a repeated overwriting of the cluster allocated the file with random 0s and 1s has to be carried out. Data shredding is another option by which file recovery ratio can be made 0. Formatting the drive does not delete the file permanently, since appropriate sniffing software can recover the data by resetting the flag to 1.

The analogy can be best understood by the example of a library, which maintains the records of all the books held in it. Let us assume that a record of a particular book gets deleted from the register, it doesn’t mean that the book has been removed from the library since it still exists in its shelf. With a thorough search, one gains access to the missing book. It is the same way with computers, except that data recovery necessitates the use of sniffing tools ranging from keyword search tools and folder recovery software to file carvers. With these software tools, total file recovery is possible, while partial recovery can be enhanced by file carving which models the file by inserting relevant binary data. This has been used in a variety of applications like computer forensics and investigation, also in software companies to aid in recovery of lost data.