If you’ve watched the news, you know that Secret Service text messages were deleted. Now they’re trying to recover them.
If those text messages were encrypted before deletion, and the key was also intentionally deleted, are those text messages still recoverable?
It depends on many factors.
First let's dispense with the encryption part. Encryption has nothing to do with recovery. Whether the content can be decrypted is a function of key recovery but has no bearing on recovery in itself.
Plain text messaging is not encrypted.
Recovery can be complicated or dirt simple depending upon details of the system:
Are you attempting recovery from an end-device, i.e. a phone? Depending upon the phone and the text message app, it could be simple or impossible if a secure wipe was performed. Contrary to one of the comments, Flash storage does not necessarily physically delete the data, that would be a TRIM function.
Depending upon the system, messages may have gone through a central server. In that case, an entire history of messages could be sitting on the server waiting to be pulled off.
Deleted data can be recovered as long as nothing else has written over that memory space, some tools write garbage data over memory space for that reason. They won't be readable nor decryptable if it is recent Android or iPhone. When you say text messages do you mean SMS? SMS get sent by carriers without encryption. Most carriers keep information about SMS like when it was sent and who to and by who etc.. some carriers even store the content. It is easier to get from the carriers if the messages were recent than decrypting data, more info is needed though about the phone.
This depends on the storage being used and encryption being used. There's zero difference between deleting encrypted or non-encrypted files - all the files on the disk are just data.
The biggest difference is whether the decryption key is still available and then there are methods of encryption when altering/wiping relatively little data is enough to make it impossible to restore anything even if the password/decryption phrase is recovered, e.g. check LUKS.
In the case of an SSD storage wear levelling could theoretically be used to recover overwritten data but to this date I've not heard of such cases.
It could be done in a controlled lab environment or by the OEM but it's near completely out of the realm of possibilities for a normal application running in your run of the mill operating system such as Windows, Linux or MacOS.
Since the information on how and where the data in question was stored (or e.g. backups had been made) is not available it's impossible to answer your question in regard to this exact situation. As for the average use case encrypted data can be destroyed a whole lot faster than destroying individual files one by one.
