How do files get wiped out?

Whatever the nature of your information is, it is most likely saved in some kind of a file, in a filesystem format on some storage device. There are different types of devices and a number of filesystems, making it absolutely impossible to create a common wiping algorithm that could suit any device and any filesystem. 

Nearly 20 years ago, when Windows 95 could hardly fit on your small hard drive, and the problem of residual magnetization of data sectors was persistent, the owners of sensitive data were forced to rewrite the hard drive 35 times in a row to have it wiped out. Modern HDD, or magnetic-based storage devices, are much less exposed to this vulnerability requiring less effort for wiping information, and HDD’s physical sector can do with just 2-3 rewrite cycles. For example, United States authorities require to perform a secure US Army 3-pass wipe algorithm to destroy classified information; while Russia has 2-pass GOST R-50739 algorithm in place for this purpose. 

Though, it must be noticed that these kinds of algorithms are suitable only for HDDs. SSDs use a more complex approach to information storing, very similar to the operating system’s memory paging: the physical and virtual addressing are possible. and the same virtual address could be mapped to different physical data cells. Consequently, while your information is rewritten, the probability of data getting wiped in the same physical memory cells does not reach 100%. This achieves, among other things, a longer lifetime for SSD and mitigated wear for the solid-state memory.

Many data storage vendors provide special “safe erasure” utilities designed for a particular type of a hard drive, and if you are concerned about this problem, we strongly recommend you find out the available offers for your HDD or SSD on your vendor’s site.

Given the above mentioned, it’s crucial to understand that these wiping algorithms and tools work with the physical data layer only, bits of information, ones and zeros, and usually destroy the full contents of the data storage. In practice, there’s a layer between your hard drive and document opened in the editor, called “filesystem”. It’s a low level way to map your structured data (files) to the physical level (drives), and it makes the problem of wiping a particular file harder. Filesystem is able to save your information in more than one place, save edits history to the special journal and compress data to save some free space on the drive. If you believe that writing some random trash over your file destroys all its contents, you are profoundly mistaken, your erasure data could be written into different physical memory cells. Most probably, some part of this file, not the entire file, remains on your hard drive. There are special approaches and algorithms to increase the probability of the whole file wiping, however, all of them do not give you a 100% assurance that your data will be wiped out. An important property of a wiped file is the level of its “entropy” that basically defines how “chaotic” your information is. If you have a plain text file and you erased 50% of it, the rest 50% is still readable. If you have a binary file, let’s say, a video or audio, wiping its header with file metadata would make the content recovery a very complicated process. 

However, it’s not an insurmountable task for experts with special recovery tools. Finally, the most secure type of files, both in terms of their reliability and wiping speed, are the files encrypted or compressed with a very good archiver. Even a minor data damage to this kind of file makes decryption or decompression impossible. That’s why we strongly recommend placing all your confidential data into a file-hosted encrypted volume - it’s irreversible destruction takes less than a second. Panic Button will also take care of the file’s metadata, making it next to impossible to detect if the file ever existed in the filesystem.

This article was helpful for 2 people. Is this article helpful for you?