Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Delete Does Not Erase a File

When you delete a file on a computer running the Windows operating system, the file is sent to the Recycle Bin. The Recycle Bin is just another folder on your hard drive. The file can easily be recovered by opening the Recycle Bin, clicking on the file name, and selecting Restore in the menu.

You can delete a file without sending it to the Recycle Bin by holding down the [shift] key while you delete the file. (Turn off the NUM LOCK key, or use the DEL key thatís not in the numeric keypad.) But this still does not erase the file.

When you delete a file, if your system uses the FAT (File Allocation Table) file system, which is the only one available for older Operating Systems such as Windows 98, it removes the file's name from the directory and puts a special code in the first character of the file's FAT entry to indicate that those allocation units are available for new files. The file data itself is stored completely separate from the directory and FAT and remains intact on the storage device.

Newer Operating Systems, like Windows XP, use the NTFS (New Technology File System) which replaces the FAT and directory with the MFT (Master File Table). When a file is deleted, the Operating System marks the file name in the MFT with a special character to indicate that those allocation units are available for new files. Again, the file data itself is stored completely separate from the MFT and remains intact on the storage device.

Defragmenting or formatting the storage device may relocate the clusters occupied by the deleted file, but the file data may still remain intact on the storage device. Over time, saving new files on the storage device may cause some, or all, of the deleted files allocation units to be overwritten, but until then, there are many utilities available which can be used to recover your deleted file.

If your system uses a FAT storage device, someone can simply use the DOS undelete command followed by the name of the file. If they don't know the name of the file, they can type undelete without a file name and it will undelete all deleted files, prompting them one at a time.

If your system uses a NTFS storage device, someone can use Norton Utilities, or one of the many NTFS undelete utilities available for free on the Internet, including NTFS boot disks and live Linux CDs. The NT Resource kit contains a utility called DiskProbe which can be used to search for and view the data on a disk.

Many people delete all their files before they donate or give away their computer, not realizing that their private information is easily recoverable. Even reformatting a drive does not completely erase the data. This poses a significant risk of identity theft. The only way to really erase a file is to use one of the many file shredders or secure delete utilities.

There are many secure delete utilities available for free on the Internet. These utilities overwrite the file's data with a bit pattern, making the file unrecoverable. SDelete (Secure Delete) is a Sysinternals utility that can be downloaded for free from Microsoft's web site.

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2021 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268