Gone, But Not Forever
By John Roach, special to MSN Tech & Gadgets
E-mail difficult to delete, easy to recover, experts say
As Karl Rove may soon find out, truly deleting an e-mail is a difficult thing to do, according to computer forensics experts.
The White House and the Republican National Committee announced last month they may have lost millions of e-mails from an RNC-sponsored computer system.
Congressional leaders are keen to find and read the e-mails—especially those sent by Rove, President Bush’s chief political adviser—because they may contain information on the controversial firings of eight federal prosecutors. Some leaders believe the dismissals were politically motivated.
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) is confident the e-mails can be found.
____________________________________________________________
Sound Off: Have you ever been burned by a deleted e-mail?
____________________________________________________________
"You can't erase e-mails, not today. They've gone through too many servers," he said last month from the Senate floor.
Leahy later added to reporters that "a teenage kid in my neighborhood can go get 'em for them."
Really? How hard is it to make an e-mail message disappear forever? How hard is it to find an e-mail you thought was long gone?
Marc Rogers, chairman of the cyber forensics program at Purdue University in West Lafayette, Ind., says that truly deleting e-mail is "very difficult" and that finding deleted e-mail is a "pretty trivial" process.
Hitting "Delete"
Every e-mail program has a delete button that, when hit, will make a message vanish from the inbox. This action cleans up clutter and generally helps people feel on top of their workload.
But does that mean the message is gone?
"To be quite honest, nothing happens to the actual data itself," Rogers says.
Hitting the delete button, he explains, is like taking an eraser to the table of contents but not the contents themselves.
"It basically gets delisted as an area that has any information, and your system can write back to it,” he says. “But until your system actually writes back to it, that data in that storage area is not affected at all."
Michele Lange is the director of legal technology for Kroll Ontrack, a Minnesota-based computer forensics company. She likens deleting an e-mail to removing a card catalog entry for a book.
"Only until the librarian actually goes out to the library shelf and takes the book off the shelf and puts a new one in its spot is the book truly gone," she says.
Most hard drives today are so large that they are like a library with rows and rows of unused shelves. Rogers explains that computers tend to fill up the unused space before they reclaim areas with deleted data.
"That data stays there for a long time," he says.
The White House and the Republican National Committee announced last month they may have lost millions of e-mails from an RNC-sponsored computer system.
Congressional leaders are keen to find and read the e-mails—especially those sent by Rove, President Bush’s chief political adviser—because they may contain information on the controversial firings of eight federal prosecutors. Some leaders believe the dismissals were politically motivated.
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) is confident the e-mails can be found.
____________________________________________________________
Sound Off: Have you ever been burned by a deleted e-mail?
____________________________________________________________
"You can't erase e-mails, not today. They've gone through too many servers," he said last month from the Senate floor.
Leahy later added to reporters that "a teenage kid in my neighborhood can go get 'em for them."
Really? How hard is it to make an e-mail message disappear forever? How hard is it to find an e-mail you thought was long gone?
Marc Rogers, chairman of the cyber forensics program at Purdue University in West Lafayette, Ind., says that truly deleting e-mail is "very difficult" and that finding deleted e-mail is a "pretty trivial" process.
Hitting "Delete"
Every e-mail program has a delete button that, when hit, will make a message vanish from the inbox. This action cleans up clutter and generally helps people feel on top of their workload.
But does that mean the message is gone?
"To be quite honest, nothing happens to the actual data itself," Rogers says.
Hitting the delete button, he explains, is like taking an eraser to the table of contents but not the contents themselves.
"It basically gets delisted as an area that has any information, and your system can write back to it,” he says. “But until your system actually writes back to it, that data in that storage area is not affected at all."
Michele Lange is the director of legal technology for Kroll Ontrack, a Minnesota-based computer forensics company. She likens deleting an e-mail to removing a card catalog entry for a book.
"Only until the librarian actually goes out to the library shelf and takes the book off the shelf and puts a new one in its spot is the book truly gone," she says.
Most hard drives today are so large that they are like a library with rows and rows of unused shelves. Rogers explains that computers tend to fill up the unused space before they reclaim areas with deleted data.
"That data stays there for a long time," he says.
