13.7. Securely Deleting Files

Normally, when you delete a file — either by dragging it to the Trash and emptying the Trash or by using the rm command in a Terminal window — Mac OS X doesn't erase it as such. It simply removes the file listing from its directory, making the space it occupies on disk available for other files. The effect, as far as you the user are concerned, is that the file is no longer there, and the free space on your disk increases by the size of the file. But in fact, the file's data is still right on your disk where it was before you deleted it, and with the right tools, you (or someone else) could recover its data (sometimes called undeleting a file).

Once a file has been overwritten with other data, however, all bets are off. Barring interventions by professionals with extremely expensive equipment and lots of time on their hands, data that's been overwritten is gone forever. Therefore, if you've deleted a file and want to make sure it's unrecoverable — or if you've encrypted a file and want to make sure the cleartext version is permanently eradicated — you must overwrite it. Unfortunately, because of the complexities of Mac OS X's file system, simply copying another file to the same folder doesn't work.

One way of securely deleting a file is to use a different deletion procedure than simply emptying the Trash normally. Using a special Finder command or a third-party program, you can overwrite a file as it's being deleted. If you've already deleted a file ...

Get Mac® Security Bible now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.