How to securely delete files in OS X 10.11 ‘El Capitan’

When you delete a file on your Mac, OS X only removes the index entry for the file, which tells the system the file’s contents are free to be overwritten; however, the data still technically remains and may be recovered using specialty software. To prevent this, you can use a secure-erase option that overwrites files you delete, but while this has been a built-in option in OS X, Apple has removed this in at least the initial release of El Capitan.

The reasoning for this change is that it could not be guaranteed to work with some of the storage hardware used in various Mac systems. Unfortunately there appears to be no workaround for this issue, so instead of giving users a false sense of security, Apple has removed this feature from OS X. However, there are still options you can use to invoke similar secure-deletion options to prevent recovery of sensitive files:

1. Third-party utilities

Some maintenance utilities for OS X like Cocktail and CCleaner include secure file deletion options. If you have one of these available, then you can use it to target and delete files securely.

2. The Terminal

While Apple removed secure-erase options from the Finder, Terminal commands still exist that can be used. The first is the classic “rm” file removal command, augmented with the “r” flags for recursive deletion of folders, and “P” to implement an overwrite of the removed files:rm -rP /path/to/file-or-folder

For more thorough secure deletion, you can use the “srm” command (for secure rm) along with similar options to recurse (r), force confirmation (f), and then be verbose to show information about files being removed (v). The second flag (-s) is important for the type of secure erase to perform:srm -rfv -s /path/to/file-or-folder

In this command, -s will perform a single-pass erase, but you can use -m for a seven-pass erase, or -z for overwriting with zeros. If you do not use this second flag, then the command will perform a 35-pass erase.

Erasing free space on a drive

In some cases, you might want to run an overwrite routine on the free space of a given drive, but unfortunately Apple has also removed options to erase free space in the new version of Disk Utility, which may leave you wondering how to do this. Granted on SSD devices, secure-erase can impact the life span of the drive, but it may still be useful for HDD devices.

To do this in El Capitan, you can again use Terminal commands:diskutil secureErase freespace LEVEL /Volumes/DRIVENAME

In this command, change LEVEL to a number of 0 through 4, where 0 is a single-pass of zeros, 1 is a single-pass of random numbers, 2 is a 7-pass erase, 3 is a 35-pass erase, and 4 is a 3-pass erase (note all non single-pass options may take a while to complete). Change DRIVENAME to the name of the mounted drive (encase the name in quotes if it contains punctuation or spaces), and then press Enter to run the command.

Author

Mac Issues

At Mac Issues, we're dedicated to helping you learn how to use your Macbook properly. With tutorials, how-to troubleshooting guides & real reviews, hopefully we can make your day that little bit easier.

Read more from Mac Issues