You are here: Home Contents V7 N3 V7N3_Schmidt.html
Personal tools

Computer Forensics: Examining the Effectiveness of File Deletion



Full text

Journal of Information System Security
Volume 7, Number 3 (2011)
Pages 3349
ISSN 1551-0123
Mark B. Schmidt — St. Cloud State University, USA
Michael J. Condon — St. Cloud State University, USA
Information Institute Publishing, Washington DC, USA




Computer forensics is the process of analyzing and recovering deleted or hidden data from various electronic devices. Often the target device is a computer hard drive and in many cases the evidence recovered is utilized in criminal or civil court cases. Many times data is intentionally deleted or manipulated in hopes to destroy potential evidence which could be used against a suspect. Other times, the safe destruction or redistribution of used hardware is at issue. The dilemma of how to safely protect confidential and personal data is of paramount importance. Formatting, or preparing a digital storage medium for use is often a method employed to “remove” such data.

This paper describes an experiment that puts the effectiveness of formatting a drive and file deletion into question. In this experiment different ways of “erasing” files/a hard drive were examined. First common formatting techniques were identified and then applied to a hard drive with several files on it. Research was conducted starting with the most basic, and common process and progressed by increasing the robustness and iterations of deletion techniques. The results help to evaluate the techniques in order to help ensure that a digital source is erased and private information will not be unknowingly distributed along with used hard drives.




Deleted Files, Data Recovery, Computer Forensics, FTK, Forensics Toolkit, EASEUS




Berghel, Hal. (2007) “Hiding data, forensics, and anti-forensics,” Communications of the ACM, 50, (4): 15-20.

Berghel, Hal and Hoelzer, David. (2006) “Disk wiping by any other name,” Communications of the ACM, 49, (8): 17-21.

Casey, Eoghan. (2006) “Investigating Sophisticated: Security Breaches,” Communications of the ACM, 49 (2): 48-54.

Gottischalk, Petter and Solli-Saether, Hans. (2010) “Computer Information Systems in Financial Crime Investigations,” Journal of Computer Information Systems, 50 (3): 41-49.

Halderman, J. Alex; Schoen, Seth D.; Heninger, Nadia; Clarkson, William; Paul, William; Calandrino, Joseph A.; Feldman, Ariel J.; Appelbaum, Jacob; Felten, Edward W. (2009) “Lest we Remember: Cold-Boot

Attacks on Encryption Keys,” Communications of the ACM, 52 (5): 91-98.

Hansen, Laura L. (2009) “Corporate Financial Crime: Social Diagnosis and Treatment,” Journal of Financial Crime, 16 (1): 28-40.

Knetzger, M., and J. Muraski. (2008) Investigating High-Tech Crime. Prentice Hall, Upper Saddle River, NJ.

Lim, Nena. (2006) “Crime Investigation: A Course in Computer Forensics,” Communications of AIS, 18: 2-34.

Lim, Nena and Khoo, Anne. (2009) “Forensics of Computers and Handheld Devices,” Communications of the ACM, 52, (6): 132-135.

National Institute of Standards and Technology. (2009) “NIST Develops Experimental Validation Tool for Cell Phone Forensics,” ACM News, December 2, 2009.

Palmer, G. (2008) ‘A Road Map for Digital Forensic Research. Report from the First Digital Forensic Research Workshop’,

Pearson, Timothy A. and Singleton, Tommie W. (2008) Fraud and Forensic Accounting in the Digital Environment. Issues in Accounting Education, 23 (4): 545-559.

Richard, III, G. and Roussev, V. (2006) Next-Generation: DIGITAL FORENSICS. Communications of the ACM, 49, (2): 76-80.

Schmidt, Mark B.; David A. Dampier; and Dennis C. Guster. (2009) “A Multi-University Resource Allocation Approach to Provide Computer Forensics Education for Law Enforcement Agents,” Proceedings of the 2009 Security Conference, April, Las Vegas, NV.

Thilmany, Jean. (2010) “Computing,” Mechanical Engineering, 132, (7): 14-16.

Vaughn, R. and Dampier, D. (2007a) “Digital Forensics - State of the Science and Foundational Research Activity,” Proceedings of the 2007 Hawaii International Conference on the System Sciences, Minitrack on Digital Forensics, January 3-7, Waikoloa, Hawaii, USA.

Vaughn, R. and Dampier, D. (2007b) “The Development of a University based Forensics Training Center as a Regional Outreach and Service Activity,” Proceedings of the 2007 Hawaii International Conference on the System Sciences, Minitrack on Digital Forensics, January 3-7, Waikoloa, Hawaii, USA.

Warkentin, Merrill, Ernst Bekkering, and Mark B. Schmidt. (2008) "Steganography: Forensic, Security, and Legal Issues," Journal of Digital Forensics, Security and Law, 3, (2): 17-34.