I’ve been looking around alot and cant seem to find a basic clear answer. My understanding is if i delete photo001.jpg this deletes the index and assigns it to the free space to be overwritten. So this brings me onto my next scenarios.
If i have a device capable of 8gb memory, and it has been filled to is capacity. Is it likely that photo001.jpg has been overwritten if deleted say a month beforehand then replaced that data with junk or say a video that maxes out the storage?
Wouldn’t this be a more secure way of replacing data than the “wipe free space” which write 0’s?
With the method above how likely is it to retrieve the file after:
1 year? 6 months? 3 months? 1 week? 1 day?
I understand that bad sectors can sometimes retain data and that the advertised storage space is often larger than what is available without root, so how much storage space does my 32gb android actually offer in total then? Would this come up on a device data forensics analysis? If so what level of forensics would be required and situation to warrant such level of forensics?
If I use my phone near max capacity, say store “7.9gb of music” on the phone, allowing only 100mb free space. Is this not a good way to ensure data deleted will be more frequently overwritten, e.g that remaining 100mb will fill up with deleted data that is overwritten quicker due to there only being 100mb? If i was now deleting photo001.jpg, does my android choose to overwrite this instantly or does it avoid it until impossible to do so? Or is it really random when the device chooses to overwrite?
These are hypotheticals and i understand that the only sure way to delete something is encryption then wiping. I use full disk encryption for my mobile device/laptops etc. I’m just curious of the capabilities of computer forensics and android data storage.
I understand there is alot of questions here but i feel this was the best place to ask them as people seem friendly and helpful here.