As Gary C mentioned, the deletion of a file is mechanically trivial, setting the character in the name.
When a file is created, several things happen.
An entry is logged in the directory associating a name with the file.
Sectors of data are written out, and the entry pointed to the first sector of the file. The remaining sectors are linked with each sector having a pointer to the next sector of the file.
Finally, a bitmap of free sectors is maintained by the system. All of those sectors that are used, get their corresponding bits marked as in use.
When a file is deleted, the directory entry is tagged as available so that it can be reused. Similarly, the bitmap is updated so that all of the files sectors are now marked as free and available.
What remains, however, is all of the sector pointers. The directory entry still points to the first sector of the file, and each file sector remains unchanged.
So, file recovery consists of reclaiming the directory entry (with the new character for the file name as Gary mentioned), traversing the in place sector chain, and then updating the sector bitmap to tell the system those sectors are again in use.
This is why it's important nothing else has been done before you try the undelete.
If an existing file is extended, it could claim one of the newly freed sectors and overwrite it, thus breaking the deleted file's chain of sectors.
If a new file is created, it can stomp on the deleted directory entry. Either of these will make complete recovery of the file, if not impossible, much more difficult.
Mind, forensic analysis of a disk can recover all sorts of remnants of things. But those would mostly be incomplete files. But it's also important to understand why deleting a file is not "safe" if you're trying to remove sensitive information.