Deleting a file does not erase it. Formatting a drive does not erase it either. For over a decade, academic researchers have bought used hard drives from resale markets and consumer auction sites specifically to test this, and they keep finding the same thing: recoverable personal and financial data on drives their previous owners believed were clean.
When you delete a file on almost any consumer operating system, what actually happens is narrow: the file system stops pointing to the data and marks that space as available to be overwritten. The bytes on disk do not change. Until something else happens to be written to that same physical location, the original content is recoverable with off-the-shelf forensic software, no special access required, just the drive and a tool that anyone can download.
Formatting a drive through a standard operating system "quick format" does something similarly shallow: it rebuilds the file system's index structures but does not touch the underlying data blocks. A "full format" on some systems does more, but the terminology is inconsistent enough across Windows, macOS, and third-party disk utilities that most users cannot tell from the dialog box alone which one they are running.
What Researchers Keep Finding When They Buy Used Drives
This is not a theoretical risk. Since the mid-2000s, digital forensics researchers, notably a long-running study line out of the University of South Wales (previously the University of Glamorgan) led by Andy Jones and collaborators, have periodically purchased batches of used hard drives and USB storage from secondhand markets, resale auctions, and computer recyclers specifically to measure what remains recoverable. Across repeated rounds of this research published over more than a decade, a consistent share of the drives purchased contained recoverable personal data: financial records, personal correspondence, photographs, and in some rounds corporate or government data that should never have left an organization's control at all.
The pattern held across geographies and across years, which is the useful finding: this is not a one-time lapse by careless sellers, it is what happens by default when the disposal step of a device's life cycle is skipped or done wrong, and it happens often enough that researchers can reliably reproduce it by buying a batch of drives and checking.
The same forensic recoverability applies to more than spinning hard drives: USB flash drives, old phones, tablets, printers with internal storage for scanned documents, and smart home hubs with local caches all hold data past a factory reset unless the reset method specifically addresses the underlying storage, not just the user-facing settings.
Solid State Drives Are a Different, Harder Problem
SSDs complicate this further rather than simplifying it. Wear-leveling, the technique SSD controllers use to spread writes evenly across memory cells to extend the drive's lifespan, means a "delete" or even an overwrite command issued by the operating system does not necessarily touch the same physical cells the original data lived in. The controller may have already relocated that data elsewhere and left the original cells marked internally as stale but not zeroed. Traditional overwrite-based erasure methods, developed for spinning disks, are less reliable against this behavior on SSDs, which is part of why NIST's guidance treats SSDs and traditional hard drives differently rather than prescribing one method for both.
The Standard That Actually Defines "Erased"
The U.S. National Institute of Standards and Technology publishes the reference standard for media sanitization, NIST Special Publication 800-88. It defines three tiers, not one, because "erased" means different things depending on how much residual risk is acceptable.
| NIST 800-88 tier | What it involves |
|---|---|
| Clear | Software-based overwrite of user-addressable storage, resistant to recovery via standard file recovery tools. Adequate for most personal and consumer disposal. |
| Purge | Techniques that address data even in areas not normally addressable, including a drive's own cryptographic erase command (if the drive supports full-disk encryption at the hardware level) or vendor-specific secure erase. Recommended before a drive leaves an organization's control entirely. |
| Destroy | Physical destruction: shredding, disintegration, or degaussing for magnetic media. The only tier with no residual recovery risk, at the cost of the drive being unusable afterward. |
For most people selling or donating a personal laptop or phone, "Clear" done correctly, a full cryptographic wipe or several passes of a dedicated overwrite tool, not a quick format, is a reasonable bar. For a drive that held anything genuinely sensitive, financial records, health information, professional client data, "Purge" or physical destruction is the more defensible choice, and it is inexpensive: most consumer SSDs and modern hard drives support a built-in secure erase command that performs a cryptographic-level wipe in minutes.
The Easiest Fix Is Set Up Before the Drive Is Ever Sold
The single most effective mitigation is full-disk encryption enabled from the moment the device is first set up, not applied retroactively before resale. If a drive has been encrypted its entire operating life, discarding the encryption key, rather than overwriting the data itself, renders the ciphertext on disk unrecoverable in practice, because there is no plaintext version of the data to recover; only ciphertext remains, and without the key it does not decrypt. This is functionally equivalent to a cryptographic "Purge" and takes seconds instead of hours.
What to Actually Do Before You Sell, Donate, or Recycle a Device
- Confirm full-disk encryption was on before you start (BitLocker, FileVault, or LUKS, depending on platform), not applied for the first time right before resale.
- Use the manufacturer's built-in secure erase or cryptographic erase command rather than dragging files to the trash or running a quick format.
- For phones and tablets, use the platform's official "erase all content" reset, which on modern iOS and Android devices is built on the same encrypted-storage principle, rather than a third-party "wipe" app of unknown provenance.
- For anything that held financial, medical, legal, or client data, consider physical destruction over software erasure. A drive is inexpensive; the data on it may not be replaceable if it leaks.
Originally published at havenmessenger.com
Top comments (0)