I am new when it comes to computer forensics so bear with me, but I just have a general enquiry about this.

Is every file on somebody's computer recoverable? Is there no such thing as permanently deleting a file? I'm talking about a scenario where a picture or a document that has been deleted permanently from the recycle bin for months, or almost a year. Is it possible for that file not to be corrupted and is still accsessible over months the time it was created? Because what if you find some data on your forensic case but you can't open it because it's corrupted?

And also can this data be recoverd by free forensic software such as FTK Imager or does paid software enable me to do this?

Thanks for your help.  

General answers to general questions. Since you didn't specify, I'm operating on the assumption that it's a Windows system (XP/Vista/Win7).

Is every file on somebody's computer recoverable?

No, not necessarily.

Is there no such thing as permanently deleting a file?

Yes, there is. Files can definitely be wiped and no longer recoverable.

I'm talking about a scenario where a picture or a document that has been deleted permanently from the recycle bin for months, or almost a year. Is it possible for that file not to be corrupted and is still accsessible over months the time it was created?

Yes, it is possible for the file not to be corrupted. It would depend on a number of things, including how close the hard drive was to being full and how much computer activity there was in the ensuing months, to mention a couple of factors.

Because what if you find some data on your forensic case but you can't open it because it's corrupted?

It's very common for files to be partially recovered and therefore corrupted. Sometimes they're still usable. Sometimes not.

And also can this data be recoverd by free forensic software such as FTK Imager or does paid software enable me to do this?

While paid forensic software will recover deleted files, there are lots of free tools as well. Which tool is the right one depends on a lot of factors. If this is an actual legal case, I recommend you don't attempt it yourself. Hire an expert to ensure the results will be admissible in court.
_________________
Scott Tucker
Aptegra Consulting, LLC
www.aptegra.com 

- TheOJM

Is every file on somebody's computer recoverable?

No. Not every.

- TheOJM

Is there no such thing as permanently deleting a file?

Yes. (such thing as to permanently delete a file does exist, voluntarily or "by accident" like the OS defragging the disk, or downloading/copying data to disk and overwriting the given file - totally or partially)

- TheOJM

I'm talking about a scenario where a picture or a document that has been deleted permanently from the recycle bin for months, or almost a year. Is it possible for that file not to be corrupted and is still accsessible over months the time it was created?

Yes. (it is possible that a file is still accessible, as well it is possible that it cannot be recovered )

- TheOJM

Because what if you find some data on your forensic case but you can't open it because it's corrupted?

Maybe it can be recovered/fixed, maybe it cannot, maybe it can be recovered partially.

- TheOJM

And also can this data be recoverd by free forensic software such as FTK Imager or does paid software enable me to do this?

A tool (Commercial or Freeware) is a tool, what really counts is the hand that drives it (and the knowledge/experience/etc. of the brain behind the hand).
At the very basic, all you need (if you know what you are doing) is a disk editor and a calculator.
Tools, Commercial or not are only handy ways to do something, sometimes they *all* work, sometimes one will be able to do something that another one cannot, sometimes all the tools in the world won't produce a result.

- TheOJM

Thanks for your help.

You are welcome though, each and every of your questions is so "generic" that they can ALL be answered by "it depends", i.e. they have no real unique (or actually useful) answers.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

Thank you.
I just tested freeware recovery programs such as Mini Tool Power Data Recovery to see what files I could recover from my Windows system and some files were corrupted. Do you think forensic software would still detect them as corrupted or would you think it'd likely be accessible?  

Do you think forensic software would still detect them as corrupted or would you think it'd likely be accessible?

You may want to try several tools that do "data carving," and see if any are successful. There's no canonical approach, so some algorithms are more successful than others at recovery, and it would be impossible to predict which will be successful, based on the very limited info you've provided.

Incidentally, I hope you're doing this work on a bitstream copy of the hard drive, not on the original, right? Because, depending on your approach, you could be writing data to the drive, further diminishing the chances of success. As I said before, if this is actual forensics, hire an expert. If not, you may want to consult a data recovery firm.
_________________
Scott Tucker
Aptegra Consulting, LLC
www.aptegra.com 

So far, I am yet to see a freeware data recovery tool that can reliably carve more than a few types of deleted files. In your case, the procedure would be as follows:

1. Choose a data recovery tool that can work with drive images AND supports file carving (e.g. Belkasoft Evidence Center (see my signature), or Diskinternals Partition Recovery, or HDD Recovery Pro, but there are *many* of those). Make sure to install the tool anywhere BUT the disk you're about to recover.

2. Take a bitstream copy ("virtual image", "disk image" or whatever else the tool calls it) of the drive you're about to recover, with the tool of your choice.

3. Use that tool on that copy, making sure the carving mode (we call it "carving", Diskinternals and HDD Recovery Pro call it "PowerSearch") is engaged. You may be able to discover a lot more or a lot less data than expected, depending on how they were stored, whether or not there was a scheduled defragmentation going on, how much disk activity etc.

4. If a file comes out corrupted, it does not necessarily mean it's completely unrecoverable. User-created documents are often saved multiple times; they are about 80% more likely to get fragmented in the process. Most commercial data recovery tools will NOT carve fragmented files correctly UNLESS information about them still appears in the file system (which is less likely if a lot of time has already passed). Depending on exact type of informatio, you may or may not be able to carve fragmented files (e.g. text-based formats such as .txt, .htm, .xml, .eml etc. are easier to carve even if they are scattered around the disk).

5. If you need to present the results, make sure to document your every step.
_________________
Digital Evidence Extraction Software
belkasoft.com 

- Belkasoft

So far, I am yet to see a freeware data recovery tool that can reliably carve more than a few types of deleted files.

I would have thought that Photorec does more than "a few" types:
www.cgsecurity.org/wik...le_formats

Known file formats

PhotoRec searches for known file headers. If there is no data fragmentation, which is often the case, it can recover the whole file. PhotoRec recognises numerous file formats including ZIP, Office, PDF, HTML, JPEG and various graphics file formats. The whole list of file formats recovered by PhotoRec contains more than 390 file extensions (about 225 file families).

www.cgsecurity.org/wik...y_PhotoRec

Of course fragmentation is an issue (often a very serious one).

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. -