Recovery of "Deleted" Email
igb at batten.eu.org
Mon Aug 15 09:57:59 BST 2011
I was asked this question yesterday:
If two people, communicating via ordinary commercial webmail services, exchange unencrypted email, and they both then delete the messages using the normal deletion facilities the providers' usual interfaces offer, how recoverable are the messages by a discovery motion?
His contention was that, for practical purposes, a sufficiently resourced adversary all email is discoverable indefinitely, or, alternatively, you cannot know that it is not discoverable at any specific point in time.
My suspicion is that commercial providers don't take their whole email float to tape, and therefore "at some point" (where that point is ill-defined) the email will not be recoverable even with forensic tools, so the position is "you cannot know when, but it will become non-discoverable within a year or so of notional deletion". I'm assuming that service providers buy disk on demand, so over time "older" storage will fill and overwrite deleted items. But I may well be being naive.
More information about the ukcrypto