The highlights I've gleaned so far:
1) Files are always encrypted at rest with AES-256-XTS
2) File names are always encrypted at rest with AES-256-CTS
3) Unique encryption keys are derived using HKDF-SHA512 for regular files, directories and symbolic links....
So if I delete files or directories on GrapheneOS are the associated keys deleted in a forensically unrecoverable way, even if encrypted file data is not?