39

From reading around on the internet I get the impression that barring physical damage, deleted data can be always be recovered using sophisticated digital forensics.

For this reason the advice is that you should encrypt your data.

So at what point is data irrecoverable even to sophisticated digital forensics?

Yoshi
  • 407
  • 4
  • 3
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/109485/discussion-on-question-by-yoshi-at-what-point-is-deleted-data-irrecoverable). – Rory Alsop Jun 17 '20 at 14:25

7 Answers7

40

This depends a lot on what medium is used to store the data and what you consider "irrecoverable".

"Deleting" data mostly does not what most people think it does. Simply put, after a standard deletion, the data isn't gone but only the link between "Data XY lies at 0x000000" and the actual storage location 0x000000 is being deleted. Your data is still at 0x000000. File recovery programs will easily restore this data.

HDDs: When deleting data or formatting/deleting partitions, you are not actively erasing the data but also only making it not actively indexed. To actually erase the data, you need to overwrite every bit.

Actually, to make it really secure, you need to do that multiple times as data on magnetic drives can be recovered even after overwriting it with zeroes.

SSDs: Wear leveling and other features prevent SSDs from actually erasing or overwriting sectors even if specifically advised to. Instead, the SSD controller writes the new data to somewhere else and creates a pointer from the old to the new, actual location. Your old data still lies on the disk.

Most SSDs offer a Secure Erase feature that is designed to tackle those exact problems.

There are research papers dedicated to erasing data on SSDs:

NIST offers an overwriting standard NIST SP-800-88 Rev. 1 that elaborates on 64 pages on the difficulties of erasing data on different mediums.

dmuensterer
  • 1,144
  • 5
  • 13
  • Comments are not for extended discussion; this conversation has been [moved to chat](https://chat.stackexchange.com/rooms/109486/discussion-on-answer-by-dmuensterer-at-what-point-is-deleted-data-irrecoverable). – Rory Alsop Jun 17 '20 at 14:25
11

While the current leading answer dives into the technical details of data recovery, I will (try to) take the broader approach.

How do we define "irrecoverable"?

Depending on the circle you may associate with, "irrecoverable" could mean only some insignificant portion of the data is recoverable.

While I don't practice law, this could prove "sufficient" as a legal defense in some countries. Any critical metadata (timestamps, permissions, etc.) would be missing and thereby limits arguments given by prosecutor against a defendant's alibi.

In other circles—especially malware authors—using XOR operations or base64 encoding makes data "irrecoverable" to the general populous. Good enough for their purposes and easy to implement.

The answer also depends on time scale. Are we done with the data, or do we still want to access the data over time?

I assume that the author is "done" with the data on a given storage medium.

How does data become "unrecoverable"?

It largely depends on:

  • Storage medium (magnetic, optical, ROM, NVRAM, etc.)
  • Storage medium manufacturer
  • Storage medium age/wear
  • Environmental conditions
  • Compliance with storage interface standard(s)
  • Age of said storage interface standard(s)
  • Data writing/reading process

At a higher level, most operating systems lack a way to truly validate if data is actually "gone" or "irrecoverable". This is important to note because auditing is a cornerstone in information security.

This is because most software (operating systems and such) don't have a view into the raw data storage — how the controller handling storage medium reads and writes data.

For instance, magnetic storage mediums typically require multiple passes (and multiple orientations) to ensure any residual fields are dissipated. Last time I checked, no firmware on a hard drive exposed a "read the direction and strength of the magnetic field at X, Y, Z". They offer a "tell me what bits are in sector/block X".

How does encrypting data make it "irrecoverable"?

It is believed by many that because the sensitive data was encrypted before the storage medium controller got its hands on it, that is only part of the battle.

Claiming "encrypted with AES-256... military-grade encryption" is common in many pieces of marketing literature. Encrypted data can be easily recovered if it uses one or more weak algorithms, implementations, keys, or seeds. An example of this is "export grade crypto".

Depending on the level of sophistication of the "attacker", a false sense of encryption won't matter if attackers look at the storage medium at a high level (mount the device in an OS), or low level (with a scanning electron microscope).

The advice is that you should encrypt your data.

While I may receive some flak for saying this, most consumers don't want or need encryption for data at rest.

Before some flame war starts, I will explain.

Information security deals with risk assessments. If a storage medium is guaranteed to not hold sensitive data, why would it be encrypted? Encryption often incurs a performance penalty.

Most everyday people would find no encryption on data at rest helpful. As much as it pains me to say it, a lack of encryption allows for easy data recovery. In IT support, it is vastly more common to be asked "I lost my files" than "I want to lose my files".

If you do banking on a device with "encryption", you have many other problems besides the data at rest being secure.

Most amateur street thieves are interested in wiping the device and selling it off. Encryption doesn't help in this case, a factory reset makes data "irrecoverable" to amateur street thieves.

Taking your storage medium to a shredding company is more than sufficient if you no longer have any use for it. That is what I assume the question is asking about.

What if I really need to make my data irrecoverable on some level?

What if I really need to make my data irrecoverable over time while still accessing it?

Assuming you do have sensitive files, corporate secrets, or some other legitimate reason, 3DES or even RC4 may prove enough to encrypt your files — given a strong enough key, reasonable implementation, and your potential attackers belonging to the general (and uniformed) population.

You should be asking who or what you are protecting your data from/against.

If you are looking for generally "unrecoverable", pick a random reputable cipher, give it a completely random key that even you don't know (somewhere in the order of 256 bits), and wait for the process to complete.

Assuming every line of code in the pile of software did its job (and every transistor in every chip) this should prove "irrecoverable" to the wide population.

If you have hesitations, encrypt the data on the drive every decade or so. This way you can ensure that you stay "up to date" on any weaknesses in the cryptography you used.

Be sure to flush any caches that may exist, devices use these for performance and likely contain clear-text contents.

If you are interested in securing data over time, that's a whole other area of information security.

dark_st3alth
  • 3,062
  • 9
  • 23
6

On many kinds of magnetic disk drives, overwriting a sector even once with random data is likely to render the data permanently irrecoverable even with advanced forensic techniques. A variety of factors may cause some data to "escape" destruction, however. For example, if a removable disk is written with a drive whose heads produce a stronger magnetic field than the drive used to overwrite it, the width of the stripe that is written by the first drive may be slightly greater than the width that is erased by the second. If e.g. the first stripe was 10% wider than the second, it would be impossible to read the outside portions by conventional means, but if one had a drive whose head that was slightly narrower even than the second, and whose position could be precisely controlled, one could erase the middle 90% of the later track, then try to read the inner and outer edges, then move the head to erase the middle 95%, then try to read the inner and outer edges, etc. If one were to uniformly polarize the entire area covered by the new stripe, then attempting to read the outer portions of the track would yield a signal that was 1/20 of the original speed, but had the newly written data removed.

I don't know whether the amplitude of such a signal would be sufficient to allow reliable recovery, but if one knows where a 256-bit private key is stored and one can identify bit values with 99% reliability per bit, a brute-force search which (oversimplifying) starts with the bit pattern on the disk, and then all patterns that differ by one bit, and then all patterns that differ by two bits, etc. it may be possible to crack the key far more quickly than if one didn't have a partially-recoverable key to use as a starting point.

On the Apple II, if one wants to scrub a floppy, it's possible to use programs that will move the head in half-step increments rather than full-step increments while erasing the disk. If the drive is working properly, data erased by such a program will be well and truly gone. I don't know of any hard drives that offer similar abilities, however, other than--as mentioned elsewhere--by using encryption.

supercat
  • 2,049
  • 11
  • 10
  • Wow, did not expect to see a discussion of Apple II half-tracking on Infosec StackEx – kindall Jun 16 '20 at 16:52
  • 1
    @kindall: As it happens, I'm presently working on building an interface to feed data from the PC to the floppy interface, and once that's done I'm planning on experimenting with shingling and other techniques using quarter-track control. My suspicion is that if one doesn't need to be able to write a track without corrupting the track above (e.g. if one writes tracks in order), it should be possible to robustly store data with 3/4-track spacing, and if one is willing to use a destructive read process, data could probably be stored robustly with half-track spacing. – supercat Jun 16 '20 at 17:05
  • 2
    @kindall: Note that even the "destructive" read wouldn't require destroying any piece of data until after it was read successfully, so one could e.g. use a protocol that would read a track, write its data elsewhere, uniformly polarize the area that was read, read the next track, write its data elsewhere, uniformly polarize it, etc. I'm also planning on testing such an approach with quarter-track spacing; though I don't particularly expect that to yield anything resembling reliable results, it would be cool if an Apple floppy could push 500Kbytes+ per side (normal capacity is 140K) – supercat Jun 16 '20 at 17:23
3

While this is true, and used to me a lot "more true" in the past (is there any such thing as more true?) it is not necessarily a problem.

Of course, if you want to be 100% certain because you are in the top-5 of the CIA's wanted list, there is no other option than to physically destroy the drive with a wrench, and with fire, after formatting it (though, honestly, for 99% of all users, this is total nonsense!). Oh, and shoot everybody who may have seen your face.

But is deleted data recoverable or not? Whether or not that's the case is hard to tell.

First of all, it depends on what "delete" means. For example, deleting a file typically, first and foremost, deleting metadata in the filesystem, this merely marks the actual data blocks as being available for being reused/overwritten eventually. There are exceptions, and there exist "secure delete" tools which actually overwrite the file, sometimes several times. Whether or not these tools actually work is debatable on modern hardware (and with some filesystems). Deleting data from memory will make it unrecoverable (pretty certain!), unless the memory page has been written to swap. In which case you cannot tell if it can ever be deleted at all (short of burning the drive in a furnace). Note that on journalling filesystems, even if the data is deleted, a copy may still be in the journal. A copy-on-write filesystem may, surprise, have a copy that you don't know about, and are unable to overwrite at all.

It also depends a lot on which century you live in. With 1990s tech, it was pretty mainstream to reconstruct data that was overwritten half a dozen times from residual magnetism. On the other hand side, at that time, secure erase was reasonably safe, too, since you had kind of a guarantee that you actually overwrite the data, or get a failure.

With modern drives, things are a bit different. On the one hand side, restoring overwritten magnetic data is a pretty daunting task nowadays. I don't know whether residual charge could be used to restore data in flash memory, but if one is determined to do it, then at least in theory... why not.
On the other hand side, you never know when something is overwritten, or if at all, or if the same sector that you write to is actually the same sector. Often, it is not, and on SSD it is practically guaranteed that this isn't the case. Wear-levelling and reallocation is 100% transparent, and you have no way of telling. You might not be able to overwrite a sector at all, no matter how hard you try. Modern drives (not just "hybrid" drives which are already dying out again) may have several levels of storage, using one or the other for caching. Some SSDs work that way with SLC/MLC combinations, for example. So, even if you do delete something you never know for sure if there's not a copy.

On the other hand side...

Older drives used some sort of bit mixing for technical reasons (more favorable to the hardware, both on magnetic and solid state). Modern drives almost exclusively use AES which is not really significantly better at mixing bits, but it's readily supported in cheap, omni-present hardware, and you can write "AES, secure!" on the box, which is good for sales.
Most, if not all present-day drives are SEDs (self-encrypting drives), although that does not automatically mean that they are secure. It comes down to how/where the decryption key is stored, and how it is accessible. On a self-encrypting drive that has a single built-in decryption key which everyone can access, the fact that it is self-encrypting is irrelevant. A drive where the decryption key is only available to users who have authenticated to the BIOS is a different story.
The same goes for the secure erase / factory reset function that virtually all drives support. Some (Seagate, much to my annoyance, not only is it insecure, it also takes hours) actually overwrite the drive with garbage. Some (Samsung, for example) just erase the encryption key, instantly rendering all data unreadable. Some, I've been told, keep a copy of the decryption key around although you said "secure erase". Not sure if that's actually true (hardly imaginable), but it sure is a theoretic possibility. You have no way of telling for sure.

What does it mean in practice?

For most people, using a properly configured, no-crap self-encrypting drive is just good enough. Before throwing the computer away, secure-erase the disk, and you're good to go. This will prevent a random person pulling your disk out of the trash as well as the average criminal from accessing your stuff.
For most people, just deleting a file (which doesn't happen to be a super special secret file) that isnt needed any longer in Windows Explorer is just good enough.
If you want to be 100% certain that some vital data cannot be accessed if the computer is stolen, you can create an encrypted partition or container on the disk (Veracrypt or the like). But really, few people actually need that.

There's roughly three categories of secrets in the world:

  1. Such that are just too boring and worthless, nobody wants to steal them anyway. It doesn't hurt to encrypt these, but other than making it less obvious what information may be worth stealing and what information is worthless, this is of little avail. Still, because it does make it more difficult to find out what's interesting, you want to encrypt them, anyway (plus, encrypting whole partitions/disks is easier). Just like you want to simply put every piece of paper in the document shredder, not just your bank correspondance.
  2. Such information that you want to protect from the average criminal. These should be reasonably safe. Encryption is a good plan to prevent them from being accessed (or eavesdropped) too trivially. To avoid leaking them when throwing away the disk, erasing the disk prior to doing so is just fine.
  3. Such information that is really important, information that people will injure and kill for. You will reveal that kind of information anyway because when you reveal it, you will be tied to a chair and beaten until you do. It doesn't really matter how you protect these secrets, to be honest.

So, long story short, just delete your files normally, and erase the disk when you toss it away.

Damon
  • 5,211
  • 1
  • 20
  • 26
  • 3
    *"So, long story short, just delete your files normally, and erase the disk when you toss it away."* I can't believe to read this in an information security forum. I strongly disagree with almost every statement you made. Your answer argues very much against the principle of security first and encourages users to not encrypt data. Regarding your "three categories of secrets": 95% of corporate data is somewhere inbetween 2 and 3, where standard deletion is **NOT** sufficient but state actors are not overwhelmingly interested in the data. – dmuensterer Jun 14 '20 at 16:17
  • 3
    @dmuensterer: Are you playing dumb on purpose, or did you just miss the part about a properly configured self-encrypting disk? Which, to my knowledge, every single of those corporate laptops uses (and which 2/3 of home users, and 100% of all smartphone owners use without knowing what it is). Deleting files normalls is 100% sufficient in that scenario, and any kind of "safe delete" demonstrates serious lack of knowledge (keyword: sector remapping / wear levelling). Safe delete is not safe at all, it's mere stupidity, costing write cycles to no avail. – Damon Jun 14 '20 at 18:50
  • 1
    I did read the statements about self-encryption, however, most drives today are not SEDs and blindly relying on them is not good. Most of your statements about SEDs are also about SED systems that don't contribute to actual security as the private key is saved on the disk. There are plenty of reasons against SEDs, for example: lack of trusted auditing facilities, worse data availability due to key managements and many more. For most people, just deleting files and throwing the drive away is not the secure way to go. – dmuensterer Jun 14 '20 at 19:27
  • 1
    @dmuensterer _"For most people, just deleting files and throwing the drive away is not the secure way to go."_ - Please note that Damon said to erase the disk before throwing it away. Assuming "erasing" means at least one complete zerofill, that should indeed be adequate for most people. – marcelm Jun 15 '20 at 19:27
  • @marcelm Yes, i agree. If *erasing the disk* means a complete zerofill that would propably be adequate for most people. "Erasing the disk" could also mean deleting all partitions though. – dmuensterer Jun 15 '20 at 20:53
  • 1
    "physically destroy the drive with a wrench, and with fire, after formatting it". Formatting doesn't really achieve much. – Jon Bentley Jun 16 '20 at 11:51
1

You should distinguish claims about "theoretical" and "practical" data recovery. By the use of the word "always" I assume you refer to the practical aspect.

Theoretically, if you get a fluctuating value which is interpreted as "1" 51% of the time and as "0" 49% of the time, it still provides some information about the system it's coming from, as opposed to a perfectly random value, so you recover useful data by reading it. If you know for a fact that the bits you are reading belong to an encryption key, you can use this technique to recover it: even guessing 10 correct bits speeds up the brute forcing by a factor of 1000.

Practically, data recovery means you can restore e.g. a lost file from a thumb drive. This means reading millions of bits without a single mistake. A file with 1% of bits flipped is essentially useless. In many cases, even flipping just a dozen of bits makes the recovery impractical.

Theoretically, if you overwrite a file, it may still be recoverable: there's no guarantee that every single bit of it was overwritten. Practically, if you overwrite a file, you kiss it goodbye.

Dmitry Grigoryev
  • 10,122
  • 1
  • 26
  • 56
  • It depends on what sort of recovery you need. If you need to read the file absolutely free of corruption then yes, 1% flipped bits is a problem. If you just need to prove that the suspect had a copy of an illegal bomb-making manual, then establishing 99% of the bits is probably enough to satisfy the criminal standard of proof. – Jon Bentley Jun 16 '20 at 12:02
  • @JonBentley That's the same sort of recovery as with the encryption key. You don't need the full data, just some bits of it. – Dmitry Grigoryev Jun 16 '20 at 12:17
  • 1
    It's a different case. With the encryption key you *do* need the full data, but you can use the partial data to brute force the missing data more quickly. With data recovery, partial data may be useful in and of itself, even without ever recovering the missing part. I'd argue that for practical purposes, most data deletion is going to be concerned with full data deletion rather than partial. It's e.g. no consolation to a company that 1% of its confidential data was irrecoverable. – Jon Bentley Jun 16 '20 at 12:24
0

Encryption is not a method of data destruction, encrypted data is explicitly intended to be recovered, but only by authorised persons. By design, data that is encrypted should always be recoverable, although it should be prohibitively difficult for unauthorised users.

To answer your question as written, there are different lengths you can go to delete data, "irrecoverable" depends on who it is trying to recover it and how much money/time they are willing to invest to do so.

Deletion:

  • "Normal" file deletion that most user are familiar with
  • The 1s/0s are still present on the storage
  • Once identified the data can be recovered reliably

Overwriting:

  • The 1s/0s of the relevant storage is overwritten
  • The data cannot be recovered by conventional data access, specialist equipment is required

Residue purging

  • Residual physical traces of the 1s/0s are removed through repeated overwrites
  • Specialist equipment is no longer able to resolve the storage history more reliably than random noise

Physical Destruction

  • Independent of the above, does not consider actual 1s/0s
  • Makes physical reconstruction of the device impossible

To answer you question generally, residue purging and physical destruction will make your data irrecoverable, the specific processes required to do this will depend on the storage medium.

David258
  • 141
  • 3
  • 1
    The first paragraph is somewhat misleading. Encryption *is* widely used as a method of deletion and this can be either with or without limiting the data only to "authorised persons". For example, it is common to encrypt a drive, but store the encryption key in plaintext on the same drive. This offers no access protection but allows you to delete (= make irrecoverable) the data by simply securing erasing the key instead of the whole drive. – Jon Bentley Jun 16 '20 at 11:57
  • @JonBentley Perhaps this is being pedantic, but surely that is just a special case where there are zero authorised users? Further, by using this as a (sole) means of data destruction you are guaranteeing that it is _possible_ to recover, even if it's very hard, whereas the question asked about how to make data "irrecoverable" – David258 Jun 16 '20 at 12:15
  • 2
    Modern encryption methods are not breakable even theoretically, and brute force is not an option here because we are talking about the key itself, not a password. Practically speaking, "very hard" is equivalent to "impossible". To recover such data your only viable strategy is to hold onto it and hope that some future maths or technology weakens the encryption algorithm in some way. In any case I wasn't trying to imply your answer is somehow wrong, or that encryption is the best/only solution. Merely that your first paragraph implies that encryption is totally useless here. – Jon Bentley Jun 16 '20 at 12:21
  • @JonBentley - That's a fair point; I'll think of a way to rephrase. – David258 Jun 16 '20 at 12:27
  • @JonBentley - thinking/reading further, does Crypto-shredding only really apply to deleting the keys to data that's already encrypted? I'm not sure how it would apply to deleting unencrypted data, as you'd still have to go through the purging of the original files? – David258 Jun 16 '20 at 14:15
  • Yes, it only applies when it has been planned in advance. – Jon Bentley Jun 16 '20 at 14:18
  • Deleting the keys from an encrypted drive makes the data irrecoverable only if that's the only copy of the keys. – kindall Jun 16 '20 at 16:54
0

In terms of storage medium (overall integrity):

Magnetic Storage Medium:

For magnetic storage mediums like HDD and Floppy Disks, the state of the magnetic film or platers determines the ability to extract any data from the storage medium. If an HDD were to be jack hammered, the HDD casing and platers would be destroyed into many pieces. Another scenario where the HDD or a Floppy Disk got induced to extreme magnetic forces, the magnetic fields on the disk would be rearranged and the data would be lost.

In the case of a jack hammered hard drive, even if someone tried to put the pieces of hard disk platters together like pieces of a puzzle, there would still be some data lost. Presuming a specially designed magnetic reader, that moves over the plater, were to be created to read over as many blocks on the disk platers. It still will not be able to recover majority of the data. Magnetic objects that break or have their magnetic fields rearranged, and the edges of the break will also experience the most magnetic rearrangement. As for deleted data on the disk, it depends on what can be read and how sophisticated forensic technology is at that point to read fragmented parts of an HDD.

A strong magnetic field affect could possibly make it even harder or near impossible to get back the deleted data. Unlike the effects of breaking or banging an HDD, the effects of strong magnetic fields can rearrange all the magnetic fields of all blocks on the HDD platters. If there was deleted data on the disk, it can be considered at this point that the data is irrecoverable.

Flash storage medium:

A surge of electricity induced on the NAND memory chip of a flash drive or SSD can fry or damage it. Depending on how the memory chip has been fried or damage, can determine how much data can be recovered. Now consider the situation where you use an electric chainsaw and cut straight thru the middle of the memory chip, perpendicular to the edges of the chip that have the circuit board connector pins. Not only the memory chip is cut in half, but it would require a lot of electrical engineering to be able to connect the two halves together or use them separately on a circuit board or some forensic equipment.

As @dmuensterer stated, deleted files is not automatically overwritten or deleted from an SSD. This is for wear leveling and SSD life enhancement purposes. They also said how special tools are required to carry out such tasks for really deleting deleted files immediately.

With the above two paragraphs into consideration, it can be assumed that the current state of the memory chip and how the deleted files data were treated, determines if the deleted data is recoverable or irrecoverable.

Optical Disks:

Some formats of optical disks like CD(±RW), DVD(±RW), and Blu-Ray (RE), when formatted for computer data, does support file deletion. The deletion on optical disks acts similar to deletion on a hard drive, where the file metadata and pointer is removed. When adding a new file or folder, the old data is over written. The only difference is the trace of the earlier data is a lot less. This is because physical structure is involved here. More writes over the same area will further change the topology of the surface. Thus, the deleted data's recoverability on optical disks depends on, how much information can be obtained from the topology of the surface of the optical disk.

Using a blowtorch is the easiest way to make the data irrecoverable. This is done by putting a blowtorch on the data surface of the optical disk and heating it long enough so that the data composite layer melts or changes shape at a microscopic level. At this point the data is lost and is irrecoverable.

In terms of Read and Write Cycles:

HDD:

Data on an HDD is not really reflected by read and write cycles in theory. As long as the arm does not hit platter the HDD can go thru multiple read and write cycles, there are no problems. Platters are made from metal, and metal objects never loses the property of becoming magnetized and demagnetized. We are referring to the platter that what holds the data, not the arm which only reads or writes it. In theory if a dead arm is replaced the HDD data is still accessible again.

SSD:

As others have said above, an SSD will stop working to a point where it may no longer be able to be written or even read. Because the data is stored in an electric state (not magnetic or physical), there will be no way to access the data again in that situation. A dead SSD can be considered that any deleted data is irrecoverable.

Optical Disk:

All rewritable optical disks have a write limit. There is no read limit like an SSD, although there is something called an optical disk age limit. Rewritable DVDs typically have around less write cycles than a rewritable CD (1). The pits or bumps on a rewritable DVD can be changed around 1,000 over the same spot(2). This is because optical disks are usually made from dyes. After data cannot be written over, the only way to destroy deleted data is to blowtorch the optical disk in the manner said previously. There is also a point where the optical disk can no longer be used (even read), and it is because of these dyes. The dyes can decay and deform over years (usually decades), after which the optical disk is no longer readable. In this situation the deleted data becomes irrecoverable. Referenced is a study carried out by NIST (3). Reference from somewhere else (4).

In terms of encryption:

Encrypted disk data containing deleted data, can be considered another avenue for making deleted data irrecoverable. However, there are a few catches. There are conditions that must be met which are:

  • After encryption, the key must be lost.
  • There are no copies of the key.
  • The encryption algorithm used has not been broken or is not too easy for brute force.

Deleted encryption key with no copies is important here:

A deleted encryption key with no copies of it, means the only way to recover the data is by either using a flaw in the encryption algorithm or by brute force. Which leads to the final section.

A strong encryption algorithm with no feasible brute force:

An encryption algorithm that has a flaw, take RC4 for example, can gets its key found.(5). RC5 will take 105 years to break (6 and 7). Also an encryption algorithm that is too easy like Caesar Cipher will take no time to decrypt.

A strong encryption algorithm like AES-256, will take till eternity to brute force and thus deleted data can be considered irrecoverable for now.

Amol Soneji
  • 346
  • 1
  • 5