YOU ARE HERE: LAT HomeCollections


Just Because You Erased It Doesn't Mean Someone Else Can't Call It Up and See It

Security: Many deleted files can be restored in seconds--for better and for worse.

March 17, 1997

When you erase files from your hard disk, the files go straight into the intergalactic bit bucket, leaving not a trace, right?

Wrong. Whether it's your child's school report or a confidential memo deleted accidentally or purposely, many files can be restored in seconds--for better and for worse.

To understand how deleted files can easily be recovered, you have to know a little about the way files are saved on a hard disk. Just as a book is organized by chapters, a hard disk's files are held in clusters. Your PC keeps the clusters organized and lists them in the hard disk's file allocation table, or FAT.

Fat is often under attack, but in this case FAT is good. The FAT, is like a book's index. It shows the locations of all of the files in the computer. When you erase a file from your computer, a flag goes up in the FAT table, making that particular cluster available for the next time you save something.

In other words, the deleted file is really still there, but the space the file used is marked as space that the computer can use again. Larger files can take more than one cluster, making the recovery job tougher but not impossible.

Because the computer tracks files this way, you can use the Microsoft DOS or Windows Undelete utility or a third-party program such as Norton Utilities (Symantec, [800]-441-7234]) to recover files that you may have deleted days or even weeks ago. The rule to keep in mind after you accidentally erase a file that you want back is to never to save anything on the hard disk. until you find what you're looking for. By saving a file, you may use the exact space on the hard disk that the deleted file occupied.

Windows 95 and Mac users have an extra dose of protection from unwittingly deleting files. These users send files to be deleted to a holding area--the recycle bin or trash can. A file put in one of these holding bins accidentally can be retrieved before it's lost completely by clicking on the recycle bin or trash can icon and taking it back out. The disk space consumed by files put in the recycle or trash bin isn't marked as available for saving something else until the bin is emptied.

Although the ability to restore files is generally a convenience, it also presents a big-time security problem for some people. To solve it, use common sense. For starters, never save any highly confidential information on a hard disk. Save the information to a floppy disk. Granted, a floppy disk doesn't hold a great deal of information, but it provides extra protection in that you can take the data with you in your shirt pocket or briefcase. If you've got too much data to save on a floppy disk, consider purchasing a removable hard drive such as those from Iomega or Seagate.

When you want to remove all traces of information from your hard disk, it's time to call in the heavy artillery--namely, ways to destroy the information so it is not recoverable without a lot of effort. One way of making files tougher to recover is to perform a low-level format on the disk. This erases all information contained on the disk, but be aware that techniques do exist that can restore data even after a low-level format.

If you perform a low-level format, you can make it harder to recover information, maybe even impossible, by using the formatting utility's wipe feature. This replaces the space that the file occupied with numbers or letters. It does not overwrite the listing for a deleted file in the FAT, so it is possible for a person to recover the names of wiped files. Upon opening a wiped file, however, all a person sees is gibberish.

Then there's formatting a drive--a drastic act. It is possible to wipe a drive without erasing all the information contained on a disk by using Norton Utilities, available for Mac and Windows. Norton Utilities contains a utility called Wipe Disk or Wipe Info, depending on the version of the program, and the Windows 95 version 2.0 has the wiping tool built in the Speed Disk utility.

Speed Disk is the "defragging" utility used to move parts of files contained on a hard disk in contiguous order; this makes file access times shorter. After optimizing the drive, Speed Disk will wipe or write zeros to all unused clusters on the disk.

If you're really concerned about security, keep in mind that sophisticated computer sleuths and government agencies routinely recover information saved on disks thought to be clean of any data. The only way to make files truly unrecoverable is to destroy the disk itself, not only the data contained on it.


Kim Komando is a Fox TV host, syndicated talk radio host and founder of the Komputer Klinic on America Online (keyword KOMANDO). She can be reached via e-mail at

Los Angeles Times Articles