Disk areas filled with sensitive information

  • The unused (free) disk space. When a file is deleted, the area (or the space) previously used by the file is marked as unused (free) and it becomes available for other files. However, the area is not cleared so the content of the deleted file continues to be stored there until the operating system allocates the area for another file. That’s why the unused (free) disk space is a warehouse of sensitive information and previously ‘deleted’ data.
  • The Windows swap file. The Windows Swap file is the system file used for virtual memory support. The size of this file changes dynamically, and it can temporarily store the parts of files or other information.
  • The Windows Recycle Bin. When you delete files Windows usually moves them to the Recycle Bin instead of removing them from disk. These files can be retrieved using recovery methods.
  • Configuration and data files and the Windows registry. Windows and a lot of programs (such as your Web browser – Internet Explorer, Google Chrome, Mozilla Firefox, etc) store a lot of sensitive information in configuration and data files on your hard disk or in the Windows registry. Most of the information is stored without your knowledge or approval.
  • The slack portion of files. The file slack is usually filled with random information that comes from your computer. The information can be a listing of a directory, a part of a password file or other sensitive data from your computer.
  • File/Folder names and properties. After deleting files and folders on FAT or NTFS drives, recovery utilities may still be able to find the names and properties of the files and folders you have deleted, even if they are not able to recover any information from their contents. This may reveal very sensitive information.