:: Resources
Hard Drive Reformatting: How NOT to Securely Delete Data
Reformatting is thought to be secure deletion
One of the most common methods of removing data from a hard disk isthrough formatting, or "re-formatting," it. After running the FORMAT command on a hard disk drive it appears that the hard disk has been cleared of all data -- it's not even recognized by the computer! Many users assume that the formatting process deletes or wipes all the data from the hard disk, sanitizing it for re-sale or the trash bin. As described below, reformatting leaves nearly all of the data on a hard drive intact.
How Windows sees a hard disk drive
For a computer that has a Windows operating system installed, it's important to understand how Windows stores information on the hard disk. In Windows there are three important pieces of this process are the File Allocation Table (FAT), the Root Directory, and the Data Area. The first two parts, the FAT and Root Directory, are used by Windows to record where data is physically stored on the hard disk, as well as when it was recorded to the hard disk, when is was last accessed, what the file name is, and other attributes.
These attributes are also known as the "metadata" of the file. If you look at the properties of a Word document, the author, Last Modified Time, and Last Access Time are all examples of metadata. The actual content of the Word document (what you see when it's printed or shown on the computer monitor when opened with Word) is the document's actual data, which is stored apart from the metadata.
In simple terms, Windows sees the hard disk drive as a large, linear collection of buckets called "clusters." Each one of these clusters can store a fixed sum of bytes. For example, if Windows defines each cluster size as 4096 bytes when using an 8 gigabyte hard disk drive. An 8 gigabyte hard disk, therefore, would be seen as having over 2 million clusters by Windows.
Obviously, many files are larger than a single 4096 byte cluster. A 2 page Word document might be 60,000 bytes. To store all this data, Windows saves the content to many different clusters, in this case 15 clusters (14 full clusters, plus another for the remaining 2656 bytes).
The File Allocation Table is where Windows stores a record of all the 2 million clusters on our 8 gigabyte hard disk drive. This table creates a cell for each cluster and places a marker in the cell of every cluster that is currently storing data. If the file is larger than one cluster (like the above 60,000 byte Word document) the cell that represents the cluster holding the first 4096 bytes of data is marked with a number that indicates which cluster holds the next bit of data for this document. This process of pointing to the next cluster continues until the last cluster, which holds a marker that says it's the last cluster (in our example the 15th) in the file. This is called a cluster chain.
As mentioned above, the Root Directory holds the metadata (details) for each file. For the Word document in our example, it would store the date and time that the document was created, the date and time it was last accessed, the date and time it was last modified, as well as its name, and the location of its first cluster.
Page 1 > Page 2 > Page 3
