What is a factory reset?
A factory reset (also known as a master reset or factory restore) resets an electronic device back to its default settings as it was when it left the factory. It wipes all user data, including photos, messages, apps, and other personal files (Source). The operating system is also reinstalled in its original form. Essentially, the device is restored to a clean state as if it was brand new right out of the box.
Factory resets are commonly done on smartphones, tablets, laptops, smart speakers, smart TVs, and other electronics. Users may choose to factory reset a device if they are selling it, passing it to someone else, or having performance issues they hope a fresh install of the OS will fix. Manufacturers also have factory reset options built into devices to allow users to easily restore to default settings.
Does it delete everything?
A factory reset wipes all user files, applications, and custom settings from a device, restoring it back to default factory conditions. The process involves reformatting the hard drive or storage media, which deletes all data stored in user partitions and protected system files.
However, a factory reset does not always fully erase the entire hard drive or storage media (source). Formatting only removes files from the logical file system structure and marks the drive space as available for new data. It does not overwrite or delete the raw data stored on the physical drive. Portions of the hard drive that contain system data may also be untouched during a reset.
Therefore, while a factory reset removes all user accounts, programs, and files, remnants of the previous data may still exist in unused and unallocated space that the reset process does not wipe. The remaining data fragments are not readily accessible to users but could potentially be recovered forensically with advanced tools.
Secure erase vs quick reset
Secure erase completely overwrites the entire SSD with zeros, erasing all data beyond recovery. It essentially restores the drive to a factory-fresh state. In comparison, a quick reset or format only deletes the file pointers, but the actual data still remains on the disk. The data remains recoverable using data recovery tools until it gets overwritten by new files.
As explained on the TechPowerUp forums, “Secure Erase will delete all mapping tables on the drive including all data. Sanitize will delete all mapping tables and will erase all blocks …” (source)
Overall, secure erase provides a much more comprehensive reset by overwriting all data sectors, making recovery virtually impossible. Quick reset is faster but data remnants remain recoverable.
Data recovery after reset
After a factory reset, some data may still be recoverable from the device’s storage using forensic data recovery tools and techniques [1]. This is because a quick factory reset typically only deletes the index linking files to storage sectors, but does not overwrite the actual data stored on the sectors. So the files remain intact until the sectors are reused.
However, once the reset device is used again and new data is written, the original data in overwritten sectors becomes permanently unrecoverable [2]. The only way to ensure no data can ever be recovered is to do a full secure erase, which overwrites all sectors with random data.
In summary, while some data recovery is possible after a quick factory reset, overwritten data cannot be recovered. For full and permanent data deletion, users should utilize secure erase methods instead of a basic reset.
Reset on HDD vs SSD
The effect of a factory reset differs between traditional hard disk drives (HDDs) and solid state drives (SSDs). On a HDD, a reset simply erases the file pointers that tell the operating system where data is located on the physical drive. The data itself remains intact until it gets overwritten by new content (Tom’s Hardware).
In contrast, resetting an SSD performs a full wipe according to the ATA standard, obliterating all old data by resetting all memory cells to their factory state. This is done for security reasons, as SSDs have spare capacity that is not visible to the operating system. A simple reformat on an SSD could potentially leave recoverable data in those hidden areas (Quora).
Why resets don’t fully wipe
Factory resets prioritize speed over completely eliminating all data. Performing a full wipe of a hard drive takes a very long time, as the drive needs to be overwritten with random data multiple times. This ensures no trace remnants of data are left behind. However, most users don’t require that level of secure deletion.
A quick factory reset simply marks all previous data blocks as available for overwrite. While remnants of files may still exist until those blocks are reused, this poses minimal security risk for most users. The time investment required for a full wipe isn’t necessary for consumer devices.
When reset is inadequate
There are some situations where a factory reset may not fully erase all sensitive data from a device. Here are some examples:
Sensitive unencrypted data: If a device contains unencrypted sensitive documents, photos, browser history, etc., a factory reset may not completely wipe this data. Forensic data recovery methods could potentially recover some remnants left behind. According to one source, data remnants can often be recovered after a reset.
Device being donated/resold: If you plan to donate, sell or give away your old device, a basic reset may not be sufficient to prevent the next user from accessing your data. Per Apple’s guidelines, you may want to do a full erase rather than a standard reset before reselling.
Compliance requirements: Certain regulations like HIPAA require proper data sanitization when disposing of devices with sensitive health records. A simple reset alone would likely not meet these compliance standards. Specific IT procedures for permanent data deletion would be necessary.
In summary, for maximum data removal in sensitive situations, a factory reset alone is likely inadequate. More advanced drive erasure methods would be required.
Alternatives for full wipe
If a factory reset is not sufficient to fully erase sensitive data from a hard drive, there are some alternatives to completely wipe the drive:
Use disk utility secure erase – Most operating systems like Windows and MacOS have built-in disk utilities that can perform a secure erase. This overwrites all sectors of the drive with random data to make previous data unrecoverable (Source).
DBAN tool to overwrite sectors – The Darik’s Boot and Nuke (DBAN) tool boots from a USB and completely overwrites all sectors on a hard drive. It is an open source data wiping tool recommended by many experts (Source).
Physical destruction if needed – For ultimate data security, physically destroying the hard drive platters will ensure no data can ever be recovered. However this is generally overkill for most home users.
Reset sufficient for most
For the majority of people selling or giving away their old device, a factory reset is usually sufficient to protect personal data (Source 1). While remnants of data may remain on the device after a reset, these are typically small fragmented files that would require advanced skills and recovery software to piece together (Source 2). For added security, encrypt any personal data on the device prior to performing the reset. As long as proper precautions were taken beforehand, a basic factory reset makes data recovery unlikely for the average user.
Summary
A factory reset deletes all user data on a device by resetting it to its original manufactured state (https://community.oneplus.com/thread/62889). The reset erases personal files, apps, settings, and most other user information from the device’s storage. However, data remnants often remain recoverable if special tools are used, as the reset does not fully overwrite all storage sectors (https://android.stackexchange.com/questions/242372/reset-factory-and-recovery-in-android). For true high security wipe needs, more advanced drive erasure is required through secure erase tools or physical destruction methods. But for most consumer purposes, a factory reset sufficiently deletes personal information, even if traces exist.
