The Format command was never intended to remove data from a disk. The fact that it appears to do so is coincidental and has made it one of the most misunderstood and therefore dangerous commands in the computer lexicon.
If you had a book you wanted to destroy, would you simply rip out its index? Of course not. But that's all you're doing when you type FORMAT C:. Format is a disk preparation command. It readies the drive for reading and writing by clearing out its allocation tables (essentially the index of the disk's contents) and testing its tracks and sectors to make sure they're reliable. The ticking of that percentage-complete counter is not your data being zapped; it's analogous to the pages of a book being rifled through to check none are stuck together. The contents of those pages remain intact. Format has simply made the space available for overwriting.
Format-recovery programs have been around since the early 80s when pioneer Paul Mace (creator of the long-defunct Mace Utilities) discovered that deleted files actually weren't, and nor were reformatted disks. Most utility packages come with one - McAfee and Norton's are among the most popular in the PC arena - and they work by scanning through the drive and rebuilding the allocation tables from clues in the undeleted data. My own tests - and the results on these pages - show how well they work.
So what can you do before bundling those old machines off to auction? That rather depends on how badly you want to protect your data.
Again, most disk utility suites also contain secure deletion programs that physically overwrite files. McAfee, for example, has Shredder while Norton has WipeInfo. There are around two dozen other standalone products. A good indication of the program's effectiveness is given by whether its algorithms meet the US Defence department's standards: DoD 5200.28-STD or DoD 5220.22-M. When using, make sure to wipe the whole disk -including all free space which may still contain previously deleted files. Try to recover the disk just to make sure.
But in reality there is no defence against someone determined to recover the contents of your drive. Techniques such as magnetic force microscopy (MFM) and scanning tunnelling microscopy (STM) make it possible to even recover data that has been overwritten many times. This is because, at a microscopic level, there is always a certain amount of "spillage" into neighbouring regions of the media. Disk drive circuitry is designed to sample a broad band of bits, consigning this spillage to a low level of noise that is then filtered out. But by using MFM or STM, a high-quality digital sampling oscilloscope and a variety of algorithms that replicate the way information is laid down on the disk, it's quite possible to peel back the layers of data, revealing the same area's contents file-by-file like bands of fossils embedded in rock.
Even random access memory is not as volatile as commonly believed. Tests have revealed that data stored in static (SRAM) and dynamic (DRAM) chips can be recovered hours, days or even weeks after power has been removed.
So if your PC has, or once, contained data that you really don't want anyone to ever recreate, your best protection is to invest in and use a simple, inexpensive piece of hardware. It's called a hammer.
Palmer is a programmer and PC World contributor.