O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

13.7. Securely Deleting Files

Normally, when you delete a file — either by dragging it to the Trash and emptying the Trash or by using the rm command in a Terminal window — Mac OS X doesn't erase it as such. It simply removes the file listing from its directory, making the space it occupies on disk available for other files. The effect, as far as you the user are concerned, is that the file is no longer there, and the free space on your disk increases by the size of the file. But in fact, the file's data is still right on your disk where it was before you deleted it, and with the right tools, you (or someone else) could recover its data (sometimes called undeleting a file).

Once a file has been overwritten with other data, however, all bets are off. Barring interventions by professionals with extremely expensive equipment and lots of time on their hands, data that's been overwritten is gone forever. Therefore, if you've deleted a file and want to make sure it's unrecoverable — or if you've encrypted a file and want to make sure the cleartext version is permanently eradicated — you must overwrite it. Unfortunately, because of the complexities of Mac OS X's file system, simply copying another file to the same folder doesn't work.

One way of securely deleting a file is to use a different deletion procedure than simply emptying the Trash normally. Using a special Finder command or a third-party program, you can overwrite a file as it's being deleted. If you've already deleted a file ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required