Passwordly

How to Securely Delete Files So They Cannot Be Recovered

💾 Data Protection

How to Securely Delete Files So They Cannot Be Recovered

Deleting a file does not erase it. Learn how data recovery works, why emptying the Recycle Bin is not enough, and how to permanently destroy sensitive files on any operating system.

Passwordly Team
9 min read

Why Deleting Is Not Erasing

When you delete a file and empty the Recycle Bin (or Trash on macOS), you probably believe the file is gone. It isn't. Standard file deletion does not remove the data — it only removes the reference to the data.

Think of it like a library card catalog. When you "delete" a file, the operating system removes the catalog entry (the pointer that says "this file is at this location on the disk"). The actual book — the file's data — remains on the shelf. The space is marked as "available" for new data, but until new data happens to overwrite that exact location, the original file sits there, fully intact and recoverable.

This is why:

  • Data recovery software can retrieve deleted files — it scans the disk for data without catalog entries
  • Forensic investigators routinely recover evidence from "deleted" devices
  • Selling or recycling a device without proper erasure exposes all your previously deleted files to whoever gets the device next
  • Discarded hard drives from businesses have been found to contain customer records, medical data, and financial information

A 2019 study by the University of Hertfordshire found that 67% of second-hand storage devices purchased on eBay contained recoverable personal data, including tax returns, passwords, and private photos. The previous owners had "deleted" their files but hadn't actually erased them.

How Data Recovery Works

Understanding how data is stored helps explain why recovery is possible:

File system structure. Your disk has two main areas: the file table (a directory listing where files are and how large they are) and the data area (where the actual file contents live). Deletion only modifies the file table.

What happens when you "delete":

  1. You press Delete → file moves to Recycle Bin (still fully intact, just relocated)
  2. You empty the Recycle Bin → operating system marks the file table entry as "free" and the data sectors as "available"
  3. The actual data remains on the disk until those sectors are overwritten by new data
  4. Recovery software scans for data in "available" sectors and reconstructs files

Recovery success depends on:

  • Time since deletion. The longer ago a file was deleted, the more likely its sectors have been overwritten by new data.
  • Disk usage. A nearly-full disk overwrites old data faster than a mostly-empty one.
  • File fragmentation. A fragmented file (scattered across the disk) is harder to recover completely than a contiguous one.
  • Drive type. SSDs handle deletion very differently than HDDs (see next section).

Commercial recovery tools like Recuva, DiskDrill, and PhotoRec can recover recently deleted files with high success rates. Professional forensic services use hardware tools and techniques that can recover data even after partial overwriting. Government forensics labs have recovered data from drives that were physically damaged by fire or water.

The takeaway: if sensitive data ever existed on a storage device, you should assume it's still there unless you've taken explicit steps to overwrite or destroy it.

SSDs vs HDDs: Different Challenges

The type of storage device fundamentally changes how secure deletion works:

Hard Disk Drives (HDDs):

HDDs store data magnetically on spinning platters. When data is overwritten, the new data replaces the old data in the exact same physical location. This makes overwriting a reliable erasure method:

  • Overwriting with zeros or random data is effective
  • The NIST SP 800-88 standard confirms that a single overwrite pass is sufficient for modern HDDs
  • The old belief that multiple overwrites (7-pass DOD, 35-pass Gutmann) were necessary is outdated — it applied to older, lower-density drives. Modern HDDs have track densities so high that recovering overwritten data is practically impossible even with laboratory equipment.

Solid State Drives (SSDs):

SSDs store data electronically in flash memory cells. They use a Flash Translation Layer (FTL) that maps logical addresses to physical locations — and this mapping changes constantly:

  • Wear leveling distributes writes across all cells to prevent uneven wear, meaning data may not be stored where the OS thinks it is
  • TRIM tells the SSD which blocks are no longer needed, but the SSD may not immediately erase them
  • Over-provisioning reserves hidden capacity (typically 7-28% of the drive) that the user can't directly access but may contain old data
  • Garbage collection asynchronously erases and reorganizes blocks in the background

Why this matters for secure deletion:

On an SSD, overwriting a file's logical location may write to a different physical location than the original data. The original data could persist in an old physical location, in over-provisioned space, or in a cell waiting for garbage collection. Standard file-level secure deletion tools are unreliable on SSDs.

The solution for SSDs is different: full-disk encryption (encrypt the data, then discard the key) or manufacturer-provided secure erase commands (which instruct the SSD firmware to erase all cells, including over-provisioned and spare blocks).

Secure Deletion on Windows

For individual files (HDD only):

Windows doesn't include a built-in secure delete tool for individual files. Use third-party options:

  • SDelete (Microsoft Sysinternals): A free command-line tool from Microsoft. Run it from Command Prompt to overwrite specific files or free space. Use the -p flag to specify the number of overwrite passes (1 is sufficient for modern drives).
  • Eraser: A free, open-source GUI tool that integrates with the Windows context menu. Right-click a file → Eraser → Erase. Supports multiple overwrite methods.
  • BleachBit: Free, open-source system cleaner that includes secure file deletion and free-space wiping.

For free space (erasing previously deleted files):

If you've already deleted files normally and want to ensure they can't be recovered, wipe the free space:

  • *cipher /w:C:* (built-in Windows command): Overwrites free space on the specified drive with zeros, then ones, then random data. Works on NTFS partitions.
  • Eraser: Can wipe free space as a scheduled or manual task.

For entire drives:

Use the full-drive options described in the "Wiping Entire Drives" section below.

Secure Deletion on macOS

Apple removed the "Secure Empty Trash" feature in macOS El Capitan (2015) because it didn't work reliably on SSDs — Apple's acknowledgment that traditional overwrite-based secure deletion is ineffective for flash storage.

macOS approach: Rely on FileVault.

Since all modern Macs use SSDs, Apple's recommended approach is FileVault encryption. With FileVault enabled, all data on the drive is encrypted. When you want to "securely delete" data:

  1. The data is already encrypted on disk
  2. Normal deletion removes the encrypted data
  3. Without the encryption key, the data is unreadable even if recovered
  4. When you erase the drive or decommission the Mac, discarding the encryption key renders all data permanently unrecoverable

This is why encryption is the best approach to secure deletion on SSDs — you don't need to worry about physical data remnants because they're encrypted.

For removable HDDs (external hard drives):

If you're using an external HDD with macOS:

  • Disk Utility can securely erase entire volumes with a multi-pass overwrite
  • The srm command (secure remove) was available in older macOS versions but has been removed
  • Use shred or gshred (install via Homebrew) for command-line secure deletion

Secure Deletion on Linux

Linux provides several built-in and available tools for secure deletion:

shred (built-in):

The shred command overwrites a file with random data multiple times and then deletes it. It's available on virtually all Linux distributions by default. A single overwrite pass is sufficient for modern drives.

Important caveats with shred:

  • Not effective on SSDs (same overwrite problems as other tools)
  • Not effective on journaling filesystems (ext4, btrfs) that may keep copies in the journal
  • Not effective on copy-on-write filesystems (btrfs, ZFS) that never overwrite in place
  • Works best on traditional HDDs with non-journaling filesystems

wipe:

Another file wiping utility available in most Linux package repositories. Provides various overwrite patterns and can recursively wipe directories.

Secure deletion on Linux SSDs:

As with other operating systems, the recommended approach for SSDs is LUKS encryption. With full-disk encryption:

  1. All data is encrypted
  2. Wiping the LUKS header (4KB of data) renders the entire drive unrecoverable
  3. For individual files, normal deletion within an encrypted filesystem is sufficient — recovered data is encrypted and unreadable

For bulk erasure: Use the hdparm security erase command for SATA SSDs or nvme format for NVMe SSDs. These commands trigger the drive's built-in secure erase function.

Wiping Entire Drives

When selling, donating, recycling, or decommissioning a storage device, you need to erase the entire drive:

HDDs — Overwrite the entire drive:

  • DBAN (Darik's Boot and Nuke): Free, bootable tool that erases entire hard drives. Boot from USB, select the drive, choose overwrite method. One pass of random data is sufficient.
  • nwipe: The successor to DBAN, available in Linux. Provides the same functionality with active development.
  • Manufacturer tools: Many drive manufacturers (Seagate, Western Digital) provide free tools for secure erasure.

SSDs — Use ATA Secure Erase or NVMe Format:

  • ATA Secure Erase: A firmware-level command that instructs the SSD to erase all cells, including over-provisioned and spare blocks. Use hdparm on Linux or manufacturer tools (Samsung Magician, Intel SSD Toolbox, Crucial Storage Executive).
  • NVMe Format: For NVMe SSDs, the nvme format command with secure erase settings erases all user data. This is the most reliable method for NVMe drives.
  • Manufacturer secure erase tools are typically the easiest option and are designed for exact drives.

Physical destruction (highest assurance): For highly sensitive data where no risk of recovery is acceptable:

  • Degaussing (HDDs only): A powerful magnetic field demagnetizes the platters, destroying all data and rendering the drive non-functional
  • Shredding: Industrial shredders reduce drives to small fragments
  • Drilling/hammering (HDDs): Drilling holes through the platters destroys the magnetic surface. Not fully reliable as data between holes may survive.

NIST SP 800-88 ("Guidelines for Media Sanitization") is the authoritative reference for selecting the appropriate sanitization method based on data sensitivity and the storage medium.

The Best Approach: Encryption

The most effective approach to secure deletion in 2026 is encrypt first, then don't worry about residual data:

Why encryption solves the secure deletion problem:

  1. Enable full-disk encryption (BitLocker, FileVault, LUKS) from day one
  2. All data written to the disk is encrypted before it reaches the storage medium
  3. Remnant data from wear leveling, over-provisioning, or journaling is encrypted
  4. When you want to permanently erase: destroy the encryption key
  5. Without the key, all data on the drive — including fragments in hidden areas — is cryptographically unrecoverable

This approach is:

  • Effective on both HDDs and SSDs — bypasses all the physical-level concerns about residual data
  • No performance penalty — modern CPUs with AES-NI make full-disk encryption virtually free
  • Protects against physical theft — data at rest is always encrypted
  • Simplifies decommissioning — securely erase the key store, and the entire drive is unrecoverable

Practical recommendation:

  1. Enable full-disk encryption on every device you own (it should be the default in 2026)
  2. For normal file deletion, use standard delete — the encrypted remnants are unreadable
  3. When selling or recycling a device, perform a factory reset (which discards encryption keys) plus an ATA/NVMe secure erase for defense in depth
  4. For the most sensitive situations, combine encryption key destruction with physical destruction of the media

The simple truth is that "delete" has never meant "erase." Understanding this distinction is essential for protecting sensitive data. Whether you choose overwriting tools for HDDs, firmware-level erasure for SSDs, or — best of all — full-disk encryption as a foundation, the critical step is recognizing that secure deletion requires deliberate action, not just pressing the Delete key.

Share:

Tags

secure deletiondata erasurefile shreddingdata recoveryprivacy

Related Articles

Continue exploring related topics