How Does the Government Recover Deleted Files?
Other People Are Reading
-
Nothing is Ever "Deleted"
-
When computer hard drives are confiscated for official purposes by the United States government, it has a variety of ways to recover data even if a person has attempted to delete potentially incriminating files. As files and data cannot be truly "deleted" as there will always be a trace of them on a drive, the government can be very effective at recovering information.
For starters, data carving is an effective method of recovering deleted data from a drive. This is the process of looking at the full scope of a hard drive and searching for data that has no "allocation" information. In laymans terms, this is the process of looking for information that, as far as the hard drive is concerned, is being stored for no reason whatsoever. Agents of the Government can then find exactly where these files are on the hard drive, "carve out" or copy that exact area of the drive, and recover the files in that fashion.
Consistency Checking
-
Another method of data recovery is called consistency checking. This is when a person goes through and checks the drive to make sure that the logical structure is consistent with the specification. It sounds complicated, but in simple terms it means that someone is checking the main directory of a drive to ensure everything is working properly. If there is something wrong, a list of known errors can be printed and checked over. This can be helpful in recovering files that have been damaged due to a suspect attempting to corrupt the data on his hard drive.
-
Physical Damage
-
If a suspect has attempted to physically damage the drive, it may be necessary for a government agent to repair it before attempting data recovery. Parts from a working hard drive, including the write/read head, can be used to replace damaged ones on the suspect's drive. Other methods can then be used in conjunction with this to recover any file that has ever been lost or deleted on the drive.
-
