I asked one of our program managers, Dan Stevenson, to address the questions we’ve received about security and privacy and the Shadow Copy feature (aka Previous Versions) in Windows Vista. Below Dan describes how shadow copies work and provides ways to help increase the security and privacy of deleted files. For a brief overview of this functionality, see the Windows Vista website’s section on Backup.
If you turn on volume shadow copies on your volume (which is the default for Windows Vista), Windows will track changes made to that volume at the block level.
A shadow copy is a previous version of a file, which is “reconstituted” by applying in reverse all the accumulated block-level changes to that file.
If you delete a file on the “live” volume, then those “changes” (deleting the blocks) are tracked by Windows, and you can later restore the shadow copy of the file. Earlier shadow copies may also still be available; volume shadow copies are maintained on a space-available basis, with the oldest being deleted to create room for newer ones. In Windows Vista, a maximum of 15% of the disk is set aside for maintaining shadow copies.
There are two ways to encrypt your data in Windows Vista: using Encrypting File System (EFS) and using Bitlocker Drive Encryption. Both of these features are limited to the Premium or Business editions of Windows Vista.
EFS protects your files from access by other users. If you encrypt a file using EFS, then any subsequent shadow copies of the file will also be encrypted. Note that since encryption generally involves changing every block in the file, you won’t get the same space-saving benefits from changing just a small part of a file which you would get with a non-encrypted file.
If the entire volume is encrypted using BitLocker, then everything, including the shadow copies, is encrypted. This volume-level encryption protects files from unauthorized external access, such as from a Linux boot disk.