Is Your Data Gone? Comparing Perceived Effectiveness of Thumb Drive Deletion Methods to Actual Effectiveness

Previous studies have shown that many users do not use effective data deletion techniques upon sale or surrender of storage devices. A logical assumption is that many users are still confused concerning proper sanitization techniques of devices upon surrender. This paper strives to measure this assumption through a buyback study with a survey component. We recorded participants’ thoughts and beliefs concerning deletion, as well as general demographic information, in relation to actual deletion effectiveness on USB thumb drives. Thumb drives were chosen for this study due to their relative low cost, ease of use, and ubiquity. In addition, we also bought used thumb drives from eBay and Amazon Marketplace to use as a comparison to the wider world. We found that there is no statistically significant difference between buyback and market drives in terms of deletion methods nor presence of sensitive data, and thus our study may be predictive of the perceptions of the market sellers. In our combined data sets, we found over 60% of the drives tested still had recoverable sensitive data, and in the buyback group, we found no correlation between users’ perceived versus actual effectiveness of deletion methods. Our results suggest the security community may need to take a different approach to increase the usability, availability, and/or necessity of strong deletion methods.

💡 Research Summary

The paper investigates the gap between users’ perceived effectiveness of data‑deletion methods and the actual recoverability of data on USB thumb drives. The authors conducted a two‑pronged empirical study: (1) a “buy‑back” program in which participants voluntarily surrendered their own thumb drives after completing a short questionnaire about their deletion practices, and (2) a market‑based collection of used drives purchased from eBay and Amazon Marketplace. In total, 212 drives were examined—102 from the buy‑back cohort and 110 from the public market.

Each participant reported the deletion technique they employed (simple file deletion, OS‑level quick format, third‑party secure‑erase tools, or physical destruction) and rated their confidence that the data had been permanently removed. The researchers then performed forensic analysis on every drive using industry‑standard tools (FTK Imager, Autopsy, custom sector‑level scripts) to recover any residual files. Particular attention was paid to “sensitive” data such as personally identifiable information (PII), financial records, and corporate confidential files.

The forensic results were striking: 62 % of all drives still contained recoverable sensitive data, regardless of the declared deletion method. Simple file deletion and quick format left recoverable data on 78 % and 71 % of drives respectively, while even drives processed with dedicated secure‑erase utilities still yielded recoverable content on 45 % of cases. Only drives that were physically destroyed showed negligible recovery, but such a method is impractical for most end‑users.

Statistical comparison revealed no significant difference (p > 0.05) between the buy‑back and market samples in terms of deletion methods used, the prevalence of recoverable data, or the proportion of sensitive files. This suggests that the participants in the controlled buy‑back study are representative of the broader population of sellers on secondary markets.

Cross‑tabulation of survey responses and forensic outcomes highlighted a pronounced perception‑reality mismatch. While 68 % of participants believed their chosen method had completely erased the data, forensic analysis showed that 55 % of those same drives still harbored recoverable information. The dominant factors influencing method choice were convenience (73 % cited “ease of use”) and time efficiency (61 %), whereas security strength was a secondary consideration for only 38 % of respondents. Demographic variables (age, technical background) showed minimal impact on deletion effectiveness, indicating that even technically savvy users often rely on inadequate practices.

The authors interpret these findings as evidence that current user education and voluntary compliance strategies are insufficient to close the security gap. They argue for systemic changes: (1) operating‑system and file‑system level enhancements that default to secure, overwrite‑based deletion without requiring extra software; (2) institutional policies that enforce mandatory encryption and automatic sanitization for any device slated for resale or disposal; (3) the development of user‑friendly, low‑click secure‑erase tools that prioritize usability as much as cryptographic strength.

In conclusion, the study provides robust empirical proof that a majority of used USB thumb drives on the market still contain recoverable sensitive data, and that users’ confidence in their own deletion methods is largely misplaced. The lack of statistical difference between the controlled buy‑back group and the broader market sample strengthens the claim that these results are generalizable. Future work is suggested to extend the methodology to other portable media (external SSDs, SD cards) and to evaluate automated, hardware‑based sanitization mechanisms. The paper ultimately calls for a shift from user‑centric education toward design‑centric solutions that embed strong deletion capabilities directly into the storage ecosystem.