residual data residing underneathe files

i know there is hidden data underneath the files on a computer because those files were written on top of old files or data that is still accessible. so when you copy files onto a different drive, does the computer carry all of that invisible under-data with it? and if not, how can the computer tell what is the data from the file you want, and the invisible leftovers from previous files?

 

Whether some of the data that was previously stored on a cluster of a hard drive might be discernible after new data has been written over it would be a subject for those who are experts on magnetic storage, the specific hard drive that is being used, and advanced data recovery. Lets focus on normal scenarios and operation. What is the objective? To be able to, in order:

1) Write "987...321" to cluster X on the hard drive
2) Write "123...789" to cluster X on the hard drive
3) Read "123...789" from cluster X on the hard drive

IOW, if the hard drive isn't reading the last written information from the magnetic media and isn't transmitting that last written information in digital form to the host system and OS/application, we have a major fail. So if by "under data" you meant data that has been written over by a more recent write, that isn't what is of interest and it would be ignored/lost even if the hard drive itself could sense it.

However, there is something called file slack. We assume the filesystem assigns an integer number of clusters to hold each file, and each cluster is 4KB in size. We create File A that contains 4KB of data, and it is stored on Cluster X. We delete File A and Cluster X is marked available to use again, but Cluster X is not overwritten when that file is deleted. So the contents of File A is still there physically stored on Cluster X. We now create File B of size 1024 bytes. The filesystem just happens to assign Cluster X to hold it. What we end up with is the first 1024 bytes of Cluster X storing File B contents and the remaining portion of Cluster X storing File A contents.

When it comes to copying things from one drive to another, software has a choice. It can tell that File B contains 1024 bytes of data and arrange for just those 1024 bytes of data to be copied from Cluster X to a cluster on the other drive. This minimizes the amount of data passing through the hard drive interface(s) and is what I would generally expect software to do. However, the software could if it wanted to decide to use a "copy whole clusters" approach for some reason and instead copy all of Cluster X to a cluster on the other drive. This approach would cause stale, potentially sensitive data to be leaked onto the other drive. Some drive imaging/cloning software may work this way, I don't know.

You can pull up file properties and look at both the file size and size on disk figures. You can also use a disk editor/viewer to examine what is actually stored on clusters.

 

95h5b,
IMO, you're viewing this from an analog perspective, like hearing faint music on a cassette that's been re-recorded or hearing a distant AM station through the local station when the music pauses. PCs themselves don't work this way. On its most basic level, digital equipment recognizes 2 signal states, 0 and 1, off and on. The design eliminates or ignores background noise, whether it's a weak signal or overwritten data. Computers read and copy the data contained in the signal, not the raw signal itself. Not including data stored in file slack and such that were described in the post above, looking at a disk from an analog perspective would require specific equipment that looks at the raw disk data itself as opposed to the current digital signal it contains. It's not something that can be done from a conventional PC.

 

Eraser and R-wipe overwrite Slack space.