Last night, I accidentally deleted a bunch of files I shouldn't have. I backed up my laptop to our external hard drive, and, afterward, thought it would be a good idea to back up our family photos to cloud storage (I try to follow the rule of three when backing up important stuff- laptop, external hard drive, and cloud storage- so that I won't be screwed if one fails). Imagine my surprise when I opened up my recently created backup only to find that three years worth of photos were missing. The births of my children, my wedding, birthdays, vacations- all gone.

Immediately, I opened up a data restoration program I had installed just in case a while back (Data Rescue 2). I fired it up and ten hours later, it had recovered 600 GB of deleted files. I had my photos back (albeit in a horrible, unorganized mess).

Sorting through the mess was a nightmare (and continues to be). I like to help people fix their computers when something goes wrong, which means that I've backed up a lot of hard drives to our external. Data Rescue gave me back all of my files, and all the files of everyone I've ever helped out, all lumped together in one inconvenient spot. I'm just going to come out and say it: there was a lot of porn.

Sweet Jesus, was there a lot of porn.

Thankfully, I had no way of identifying the source of the porn, so I don't have to give weird looks to my friends and family. I'm just going to assume they're all perverts and social deviants and leave it at that. I spent an hour (AN HOUR!) deleting all the porn and everything was well and fine. But then I started thinking- what if that wasn't anonymous porn? What if those naughty images were actually naughty bank statements or scans of social security cards? What if I tried to delete some sensitive information and had to hand over my computer to some random stranger to fix it? Like someone at a computer repair shop, the Apple Store, or Best Buy's Geek Squad?


Luckily for me, retrieving my missing files was laughably easy. It was as simple as opening a program and clicking "Go." Unluckily for me, though, everything I've ever deleted and wanted to remain deleted was up for grabs by the same process. I figured there had to be a way to easily add a layer of security to deleted data.

Now, I understand how this process works. Data deleted from a drive is still there until it is overwritten. That's why it's always good practice when giving away a computer to use a software that will overwrite all the data on the drive. It's just more secure. But I'm not going to do that with our external hard drive or my laptop, things I delete stuff from on a daily basis.

So here's my tested (Mac) solution: I took some sample images and packaged them into a disk image. This may sound complex to a novice user, but, really, it's pretty simple. I frequently use disk images to store sensitive information because it's so easy to encrypt them and add a password. So that's what I did with my test images. I created an encrypted, password-protected disk image on my flash drive. Then, I deleted the image and emptied my trash. From there, I opened up Data Rescue and attempted to recover the image.


And… it wasn't there. Neither the image or the photos I put inside of it were to be found. Data Rescue found all kinds of other stuff, but not that encrypted image. I did a quick Google search and stumbled upon some poor schmuck who duplicated my results (and is probably divorced by now).

So there you have it. Before deleting sensitive files, package them up in an encrypted disk image, delete them, and empty the trash. I have no idea how well this would hold up against powerful forensic tools (but this paper suggests they might hold their own quite well), but it's almost certainly going to protect you from your teenage son's shady friend or the guy you found on Craigslist. I'd be interested in seeing how this would be approached on a Windows computer (perhaps with an encrypted ZIP file?), but I no longer own a Windows computer. Perhaps you could try it and let me know down below?

Originally posted on my blog: