If you think your data is gone for good just by moving your unwanted files to the “Recycle Bin” on Windows or “Trash Bin” on Mac and then empty those bins, you will be disappointed. Those “permanently” deleted data can be easily restored with publicly accessible tools, which can be a significant threat to the privacy of both personal users and organizations.
This article will introduce how “permanently” deleted data can be restored, some industrial standards for proper data destruction procedures, and tips for individual users to safely delete their data, making it harder to let the cat out of the bag.
How your “permanently” deleted data may be restored
Hard drive file recovery
When users “permanently” delete the data from their hard drive, or intuitively speaking, from the computer, they technically have not deleted the data per se, but only the “pointer” (like an address indicating where the data is) to the deleted files. Not until some new data have occupied the same space on the hard drive will the old data be replaced. Before the deleted files are replaced by the new, specific tools can trace down the remainder of the deleted files on the hard drive and subsequently recover those files1.
Some data recovery tools (Source: https://www.pandorarecovery.com/blog/best-professional-data-recovery-software/)
To draw a parallel, deleting a file from your hard drive is like you want to get rid of an old house. You do not demolish the old house right away, but just post a “Notice of Demolition” on its front door. However, the demolition will not start until a new house is being constructed in the same location. Until then, you can remove the “Notice of Demolition” at any time and restore the old house.
You merely post a "Notice of Demolition" on your deleted files when you "permanently" delete your files on your computer (Source: https://dailytrojan.com/2022/02/14/fluor-tower-vacant-since-march-2020-to-be-demolished/)
The reason for operation systems, Windows and macOS, to handle data deletion this way is because it is much faster to just delete a pointer to a specific file than to rewrite every bit of the file to zero.
TRIM-enabled SSD (Solid State Drives) and flash drives work differently. When you permanently delete a file, the bits where the data was originally located are written in zeros immediately (by the “TRIM” command), making data recovery nearly impossible2.
System restoration
Both Windows and macOS have built-in tools for system restoration, and many commercial tools are also available for the same functions. With system restoration tools, users may create a backup file for the entire system ahead of time, and when their systems encounter problems at a later time, users can restore their systems to a previous date with the backup files they created before. Depending on the settings or configurations of the tools, sometimes the system restoration does not affect files on the computer; other times all deleted files may be recovered along with the restored system. The latter situation may cause one’s secret to be brought back.
System restoration tools on macOS (Source: https://support.apple.com/en-us/HT204904)
System restoration tools on Windows (Source: https://www.howtogeek.com/131916/how-to-use-the-advanced-startup-options-to-fix-your-windows-8-computer/)
Cloud storage services
Cloud storage services like Google Drive, iCloud and OneDrive are working diligently to back up users’ files by uploading them to the cloud storage. Sometimes these cloud storage services can be officious. When users want to get rid of an unwanted file, many copies of a file may have been created and uploaded online by these cloud storage services, and users must make sure to clean all their cloud disks apart from deleting their local files.
Some cloud storage services (Source: https://www.macworld.com/article/231363/the-best-cloud-storage-services-for-apple-users-2.html)
Standards and guidance of data destruction/media sanitization
As data recovery imposes a significant threat to privacy and cybersecurity, many governmental institutions and organizations have brought about standards and guidelines for data destruction and media sanitization.
Generally speaking, if the users intend to reuse the data storage media, which is encouraged for environmental considerations, those standards and guidelines require the storage media to be overwritten several times (called "passes") by zeros, ones, and/or random bits. The more overwrite passes are applied, the harder data recovery will be. Moreover, encryption is also required in certain media sanitization standards, converting plain-text data into ciphertext so that data stored will not be recognizable or recoverable.
On the other hand, if users intend to discard the data storage media, they need to physically destroy the data media by shredding, melting, incinerating, etc.
NIST Special Publication 800-88. 3
As a successor of the US Department of Defense (DoD) 5220m standard, NIST 800-88 standard is widely adopted by the military and the public sector in the US4. This standard provides three levels of data destruction, including Clear, Purge, and Destroy, for almost all data storage media5. Generally speaking:
Recommended by LinkedIn
ITSP.40.006 v2. 6
This ITSP standard is a guide to help reduce the residual data on IT storage media. It is applicable to Government of Canada departments whose IT equipment may contain sensitive data. It lays out the sanitization processes for different levels of data sensitivities. Sanitization, according to the Government of Canada, aims to make data non-recoverable without physically destroying the media. Generally speaking, this guideline relies on overwriting and Crypto Erase (CE) to destroy the stored data and sanitize the media.
NCSC Device Security Guidance. 7
It is a guide developed by the National Cyber Security Centre (NCSC) of the UK for organizations on how to choose, configure and use devices securely. It also includes suggestions for how to erase data on different devices.
Tips for personal users
As we can see from various data erasing / sanitizing standards, overwriting the deleted data is a crucial method to prevent unwanted data recovery. For personal users, these tools can achieve the effects of data overwriting.
File shredder tools
File shredder tools overwrite the deleted contents with zeros, ones, and random bits multiple times, as required by various data destruction standards, to ensure that the deleted data is not recoverable8. There are various file shredder tools available for personal and institutional use with different security levels. Unsurprisingly, file shredding is much slower than deleting the same file but much safer in that it makes file recovery almost impossible.
A file shredder tool with different overwrite algorithms for various security levels (Source: https://tiptopsecurity.com/how-to-use-file-shredder-to-securely-delete-your-files-for-good/)
Factory reset
For windows, if you choose to reset the PC and fully clean the drive, the system will delete everything and rewrite with zeros and then random numbers9. A similar factory reset function also exists for mac devices10. This function is applicable when you want to sell, recycle or discard your used devices without letting out your secrets.
Windows factory reset function (Source: https://www.youtube.com/watch?v=8LgHNRjiekQ)
Factory reset of an iPhone (Source: https://www.lifewire.com/reset-restart-hard-reset-iphone-12-5081625)
Go through your cloud drives
Even though you have deleted, overwritten your local devices thoroughly, or have even shredded your devices into pieces, your cloud services may still sell out your secrets since your photos or your files may have been automatically uploaded to the cloud drives. For example, your phones may upload every photo and screenshot to Google Drive automatically (since you have given related apps the permission to do so, knowingly or unknowingly), and those images are always accessible from your phone even though you have deleted the images locally (since some users may want to free up local storages by only retain copies of those images on the cloud). Therefore, when you want to get rid of certain files, it is crucial to go through your cloud drives, such as iCloud, Google Drive, OneDrive, Office 365, Dropbox, Adobe Creative Cloud, and any other software or services offering cloud storage or backup functions to make sure the unwanted files do not have copies on the cloud.
Automatic photo and app backup settings on an Andriod phone (Source: https://www.verizon.com/support/android-android-google-backup-guide/)
References
1. Hoffman, Chris. “Why deleted files can be recovered, and how you can prevent it”, (8 June 2018), online: How <https://www.howtogeek.com/125521/htg-explains-why-deleted-files-can-be-recovered-and-how-you-can-prevent-it/>
2. “SSD data recovery: How to recover data from SSD hard drive in 2022”, (31 January 2022), online: Handy Recovery <https://www.handyrecovery.com/recover-files-from-ssd/>
3. Kissel, Richard et al. “Guidelines for Media Sanitization” (2014).
4. TES. “What is NIST 800-88, and what is meant by clear, Purge, and destroy?”,, online: Sustainable Technology Lifecycle <https://www.tes-amm.com/news/what-is-nist-800-88>
5. Recovery, Stellar Data. “Chapter 5”,, online: Data Destruction Standards and Guidelines <https://www.bitraser.com/knowledge-series/data-destruction-standards-and-guidelines.php>
6. Canadian Centre for Cyber Security. “It media sanitization (ITSP.40.006)”, (25 September 2018), online: Canadian Centre for Cyber Security <https://cyber.gc.ca/en/guidance/it-media-sanitization-itsp40006>
7. “Device security guidance”, online: NCSC <https://www.ncsc.gov.uk/collection/device-security-guidance>
8. Contributor, TechTarget. “What is file shredder? - definition from whatis.com”, (15 September 2015), online: WhatIscom <https://www.techtarget.com/whatis/definition/file-shredder>
9. Shultz, Greg et al. “Reset your Windows 10 system with the Remove Everything Option”, (4 February 2016), online: TechRepublic <https://www.techrepublic.com/article/reset-your-windows-10-system-with-the-remove-everything-option/>
10. Potuck, Michael. “How to factory reset your MacBook before selling or giving it away”, (10 January 2022), online: 9to5Mac <https://9to5mac.com/2022/01/10/how-to-factory-reset-your-macbook-and-other-macs/>