How reliable is file deletion? Analysis of recovery chances depending on deletion methods and number of overwrites.

Secure file deletion — often called "file wiping" — is necessary to protect data from unauthorized access. The main goal is to ensure that deleted information cannot be recovered, even with specialized forensic methods. However, factors such as wiping methods, data carriers, overwrite patterns, and the number of overwrites significantly affect data sanitization effectiveness.

1. Overview of Deletion Methods

1.1 Simple Deletion

• Description: The file is marked by the operating system as "deleted," but the actual data physically remains on the storage medium.
• Risk: Basic data recovery tools can quickly restore such "deleted" files. Therefore, simple deletion provides almost no protection.

1.2 Single Overwrite

• Description: Data is overwritten once with a specific pattern (e.g., zeros or ones).
• Assessment: Significantly safer than simple deletion, but a small risk remains of recovering remnants of original data with advanced forensic methods.

1.3 Multiple Overwrites

• Description: Data is overwritten several times (e.g., 3, 5, 7, 9 times) using different patterns.
• Assessment: Each additional overwrite with a different pattern reduces the likelihood of successful recovery of original data remnants.

1.4 Physical Destruction

• Description: The data carrier (e.g., hard disk, SSD, USB drive) is physically destroyed by shredding, melting, or burning.
• Assessment: This is the most radical but also the most reliable method, usually applied to highly sensitive data where recovery risk is unacceptable.
   

2. Details on Data Recovery Chances

The probability of successful recovery of erased data depends on numerous factors:

1. Number of Overwrites: Multiple overwrites with different patterns make recovery extremely difficult or impossible.
2. Wiping Method: Physical destruction provides the highest guarantee of no recovery.
3. Type of Data Carrier:
   • HDD (hard disk drive): Traditional overwriting is usually effective, although specialized labs can extract residual magnetic traces if the disk was overwritten only a few times.
   • SSD (solid-state drive): Features such as wear leveling and the TRIM command can complicate reliable overwriting, so specialized wiping methods for SSDs or built-in Secure Erase commands are recommended.
4. Age and Condition of Carrier: Old or damaged disks may contain unique data remnants that can both hinder and facilitate recovery.
5. Qualification and Equipment: Professional forensic labs use advanced methods, but each additional overwrite significantly reduces the chance of successful recovery.

2.1 Estimated Recovery Probabilities

If the carrier has not been physically destroyed, approximate chances of data recovery from a hard disk drive (HDD) that was securely wiped with modern tools may be as follows:

• 1 overwrite: < 1%