1. Home
  2. Articles
  3. Is a Deleted File Really Gone?

Is a Deleted File Really Gone?

Is a Deleted File Really Gone?

You deleted the file—it is gone. Or is it? This is a question computer experts get asked often. Sometimes the question comes from frantic students who accidentally deleted a long, hard-to-write paper. Sometimes the question comes from police officers or lawyers working on a criminal case. Either way, the person asking is desperate to know the answer.

In a criminal case, it is the job of a forensic computer analyst to find out the answer. The analyst uses sophisticated tools to carefully and painstakingly look through a suspect's computer to recover evidence from saved files—and even files the suspect thought they deleted. In this project, you will do a similar task. You will search for computer files that may or may not have been deleted using several possible deletion techniques. Before you get started, you need to know a bit about how computers store information and what it means to delete something. We will give you a basic explanation here, but you should check out the resources in the Bibliography section for a more complete understanding.

When a file is saved to a computer's hard-disk drive, the file is stored in multiple sections, called clusters, on the hard drive. The number of clusters that the file takes up depends on how much information is in the file. The more information, the larger the file, and the more space it takes on the hard drive. The computer only saves a file to clusters of the hard drive that it thinks of as "empty." It also creates a record of where it stored the file in a large table. The table tells the computer what files are stored where. In Figure 1 you can see an illustration of a book report stored across several clusters of a hard drive with empty hard drive space on either side.

If you select a file and press the delete button, the file will go in to a folder marked Trash if you are using a Mac, or marked Recycle Bin if you are using a Windows computer. Emptying the Trash/Recycle Bin (if you do not know how to do this, ask an adult who is comfortable using computers or do an internet search on "how to empty my computer's Trash/Recycle Bin") tells the computer to get rid of the table entry that says what the file is called and where it is stored on the hard drive. It also signals to the computer to think of those hard drive clusters as "empty" again, even though there is information sitting in them.

Once the computer thinks of the hard drive clusters as "empty," it can store other files in those spaces by writing over the information that was previously in them. Figure 2 shows an example of this; once the book report was deleted, the computer could store other files in the same space. Notice that not all of the clusters are written over. This is a matter of luck. If a smaller file like the photo in the example shown in Figure 2 is stored in the same space a larger file, like the book report, used to take up, several of the clusters next to it may not be overwritten.


This bandage uses electrical zaps to heal wounds faster
NEWS PLANETARY SCIENCE,ASTROBIOLOGY Mars’ lake may need an underground volcano to exist
Inside the world of treehoppers, mini-marvels of the rainforest
I BUILT MY SITE FOR FREE USING