I might be able to find something but this is sufficient enough for me to be worried:http://en.wikipedia.org/wiki/National_Industrial_Security_Program
Look under Data sanitization
"As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable."
That applies to traditional disks. SSD's and flash drives require a slightly different approach.
In Windows, small files can be kept in the MFT instead f the normal portion of the hard drive.
Sometimes, if the opponent spends enough money, an electron microscope can glean data even after wiping.
Evidence eliminator uses a procedure called magnetic underwriting whereby not only is the drive zeroed it also magnetically underwrites the entire disk to polarize any remnants that could remain.
SSD and such still require a little different approach.
The technology to reconstruct portions of usable data has been around for over a decade.
Since real life cases containing procedures and listing of methods are hard to come by you can be sure that those do exist. Otherwise companies wouldn't try to sell tools to ensure 100% erasure of even the smallest amount of data.
At one time Norton had a means to directly view and alter data directly on the platter. I used this years ago to get rid of a nasty virus that wouldn't go away.
I could see bits and pieces of data even after a low level format. Enough to be able to see (guess) what was there. But not all the data was evident.
Data contained in file slack is there unless you delete and zero out the file, and sometimes even then.
Here is a link that talks about forensic cleaning of disks:http://www.x-ways.net/winhex/forensics.html
This one explains a bit on how the FBI gets zeroed information:http://wiki.answers.com/Q/Can_data_be_recovered_from_a_zero-filled_hard_disk
And if you want to 'zero' a flash or ssd drive then you are doing it the wrong way. 1st you write all 1's, at least 4 or more times. That will make it quite difficult to glean data.
But not impossible.
Here is a machine that can erase a disk as well:http://www.veritysystems.com/degaussers/nsa-approved-degausser.asp?gclid=CPuS8tvmqbQCFQioPAodPkIATw
And those are but a scant few ways that data can be recovered.
You don't need to know the specifics on how it can be done but you DO need to know how to ensure that data cannot be read.
Tons of information can be obtained simply by reading 'between the lines'.
Data can be stored for HOURS in your computer RAM too, even with the power disconnected. And can easily be copied at most police labs and many high end private investigator labs.
The next generation of RAM will indefinitely store what is in it (presumably) for speedy boots and restarts. Of course this will leave you vulnerable if someone takes your computer.
A sophisticated way to circumvent data recovery is to encrypt everything, including what gets put into ram.
Also, did you know that companies are trying to use cross browser cookie theft to obtain your info?
This is not to say that there are any real world examples, but it is entirely possible and they are working on a way to do it.
Eventually, all of this will go by the wayside in favor of cloud computing. You will only have a 'terminal' (e.g. cell phone, tablet, etc) and everything will be stored in the cloud for whatever nefarious reasons someone would ant it for.
There won't be any such thing as an operating system for people. You use what they give you and you have to be happy if you want to or not. You will have no control over your data, nor who does what with it.
Right now, can you be 100% certain that no one, anywhere, has ever looked at any of your browsing habits or data?
You can't. No one can.
So, in the meantime, try to CYA as much as you can. Someone out there is wanting everyone's data.
They make loads of money off you and you don't see a dime of it.
Ever do a search on yourself online?
Zabasearch and Spokeo both have a lot of information on people. And if you sign up and pay for premium services they add all your info to their data base as well, to sell to someone else.
It is called data brokering. They want it, you got it, and if they can get it for nothing, they will sell it.
We will need to start a new thread if we want to continue. I enjoy discussing security... :-)
Note: It is entirely possible to have unnecessary data stored into the uefi sector of a hard drive. Only Microsoft knows for sure....