When cyber expert Sai Shankar spoke to the media on his involvement in the Dileep conspiracy case last week, he said that he did not "delete" anything from the Malayalam actor's phones but used "junk data" to cover up the content. Lawyers representing Dileep – who is accused in two cases including the 2017 actor assault and a conspiracy to kill the police officials investigating it – had allegedly approached Sai to remove certain content from Dileep’s two iPhones, after the actor and others accused in the conspiracy case were asked to submit their devices for investigation. Unwilling to do so, the accused persons went to court, and it took days before the Kerala High Court asked them to submit the phones to the Aluva Magistrate.
It was amid these developments that Dileep’s counsel approached Sai to remove a large amount of data from his phones, said the hacker. However, he clarified that he did not ‘delete’ the content, but instead covered it up with junk data. “This is because even when you press delete on your computer or phone, you are not actually deleting the content you desire to. You are only removing the metadata – the information on where your content can be found in a system,” says Deepak P, a data scientist and associate professor at the Queen’s University in Belfast.
Storage devices such as smartphones and computers keep information on where specific data is stored, i.e., the memory location of the data. “Say if you have saved a text file between memory locations of 1000 and 2000, your metadata will say that this particular text file is saved in these locations. Now when you attempt to delete this text file, your system will erase this meta data – that is, the pointer to the address where the content is stored. Your actual content will continue to remain in those locations between 1000 and 2000. The only difference is that if you try to access the file as a user, the system can't find it since it doesn’t know where to look for it – the meta data, the pointer, has been erased,,” Deepak says.
This, however, would not stop a data recovery tool from retrieving the lost content, since it was never deleted. The tool will use pattern-searching algorithms to identify a certain kind of file – for instance, content with alphanumeric data for a text file – and bring it back. But this can be prevented if the actual content has been altered or replaced. This must be why Sai Shankar replaced the original content with junk data, Deepak reckons. “So even if a smart data recovery tool is used now, what will be retrieved is the junk data that Sai Shankar fed. The original content has been replaced,” he says.
However, Sai Shankar told TNM that he was confident about retrieving all the lost data. But he couldn’t divulge how he was going to do it, since the case investigation is still underway and he may need to help the police with the technology.