Data remanence refers to physical aspects of data that can remain on a storage device, such as a floppy disk or hard drive, after that data is erased or deleted. This typically occurs because standard methods by which data is deleted from a drive are rarely as effective as users may think. A number of methods have been used to eliminate this type of data, including clearing, purging, and destruction of data storage devices. Data remanence is often found through computer forensics to locate and re-create files or other types of data that may have been deleted from a device.
The formation of data remanence typically occurs as a result of the way computer software “deletes” data from a disk or hard drive. When an operating system (OS) is told by a user to erase a file, that file is typically moved from active use into a backup system. This is done, at least temporarily, to make data recovery easier if the user realizes an erasure was made by mistake and needs to access a deleted file.
Even when data is actually “deleted,” it is typically not really removed from the hard drive. Instead, the OS simply deletes the entry regarding the location of that data from its database or directory. This means that data that is “deleted” still remains on the hard drive, until that location is reused by the OS for storage of new data, at which point it is overwritten. Even this overwritten data is not necessarily completely gone.
There are three common methods used to destroy data remanence and ensure that deleted information is difficult or impossible to retrieve. Clearing refers to the process of regulated overwriting of deleted data, often with a string of zeroes, to ensure that data access through basic software is more or less impossible. Purging goes beyond clearing, and makes it so that data remanence left on a disk cannot easily be accessed even by directly accessing a hard disk and using recovery software to find leftover data on the disk. This usually involves using a device that degausses the physical media, by affecting the magnetic field of the disk drive.
Destruction is the surest way to eliminate any data remanence on a device, and involves physically destroying the hard drive or disk. This can be done by physically taking the device apart and destroying each piece, melting the device in high heat, or using acids and other corrosive chemicals to destroy it. The field of computer forensics typically utilizes data remanence on a disk or hard drive to find data that a user tried to delete. Various laboratory methods and software programs can be used to access data that is cleared, though purged and destroyed data are much harder, perhaps impossible, to access.