There are programs out there that recover deleted files from the hard drive and also ones that overwrite free space in order to prevent deleted files from being recovered.
The act of overwriting free space seems understandable. The program creates files and writes arbitrary bytes to them.
However, when it comes to reading deleted files, I'm stumped. I understand that deleting a file only gets rid of the reference in the file system and that recovery programs search for common file headers in order to determine which part of the 'free space' could be a recoverable file.
But how can a program read data from the hard disk that is not part of the file system? Any language that I've used or read some documentation about, allows reading from the hard disk only by opening a file - which is not free space.
I would also be grateful for a small example of a read from hard disk maybe in C++, Java or Python.
Also, I am a Windows user.
EDIT: This is what the Java guys came up with : How to access specific raw data on disk from java
Every OS out there has the notion of a block device - with a hard disk being the canonical example. Now the beauty is, that in most implementations (this includes Windows), these can be opened just as if they were files on a file system by referring to special file names, that would be invalid inside the file system (appropriate user privileges are assumed).
On Windows, e.g. opening \\?\Device\Harddisk0\Partition1 will give you access to the first partition of the first harddrive. With read access to this special "file", you can now read the drive's content without going through the file system, giving you the possibility to discover and salvage objects, that are no longer part of the file system, but have not yet been overwritten or trimmed.