How to securely delete files on a Mac so they can’t be recovered

Secure your files on the Apple Mac and prevent anyone from accessing them or recovering them when they are deleted

When files are deleted they are not removed from the disk and they remain there. If someone had access to your Mac they could recover them. Here’s how to stop them

There are clever utilities available for the Apple Mac like Disk Drill that can recover deleted files on disks and this shows just how easy it to access files you thought were gone forever.

What if you have private photos, documents and other files that you absolutely don’t want anyone to ever see? How do you make sure they cannot be recovered once deleted, even with the best file recovery software?

That depends on whether you have an old style mechanical disk drive, the sort of drive that used to be common until a few years ago, or whether your Mac has an SSD - a solid state disk.

Related: Secure the files on a USB thumb drive in case you lose it

Securely erase files on mechanical disks

If you have an old version of OS X, such as Yosemite and older, and a Mac with a mechanical disk drive, you can easily delete files securely so they cannot be recovered.

Open a Finder window and drag the files to the Trash, then go to the Finder menu and select Secure Empty Trash. This overwrites files with junk data before deleting them. If the file is recovered then all that is seen is junk data.

It deletes every file in the Trash and you can’t select individual ones though.

From El Capitan onwards this feature was removed and you could no longer securely delete files in the Trash. However, it is still possible to securely erase files in El Capitan using a command in a Terminal window.

Open Terminal in the Utilities folder (click Go, Utilities). At the command prompt, type:

srm -v

with a space after the v (srm is short for secure remove).

Now drag a file from a Finder window and drop it on the command in the Terminal window. This inserts the path to the file without you having to manually type it. It avoids typing slips too. Press Enter and the file is securely deleted by overwriting it with junk.

Securely delete files from the command line using Terminal on the Apple Mac
This used to work with El Capitan and earlier

If you want to remove a folder instead of a file, open a Terminal window and enter:

srm -rv

and drag a folder to the Terminal window to enter the path.

In macOS Sierra, Apple removed this Terminal command so you cannot securely delete files and folders from either Finder or Terminal.

Use a secure erase utility

Third party tools are becoming harder to find and some that used to be available have disappeared too.

There are still a few though. One of the few in the Mac App Store is File Shredder. Elsewhere there is MacPaw CleanMyMac 3 and IObit MacBooster 4.

If you want a free secure eraser for your Mac, try Permanent Eraser. When run, it securely erases files in the Trash (don't use it on SSDs).

Securely erase files on the Apple Mac disk drive with Permanent Eraser
Permanent Eraser securely deletes files on old disk drives

Drag Permanent Eraser from the Applications folder and drop it on the Dock to add an icon. Now you can drag files from Finder or the desktop and drop them on the icon to securely erase them.

Securely deleting files on a Mac running macOS and having a mechanical disk drive are limited and you are in the same situation as someone with a modern Mac with an SSD.

Securely erase files on solid state disks

The reason why secure erase features and tools have been taken out of macOS Sierra is because all MacBooks use SSDs these days and you cannot securely erase a file on an SSD.

When a file is stored on a mechanical disk it occupies a physical location on the disk surface. This means that overwriting it with junk data will prevent the file’s contents from ever being recovered.

SSDs can move files around, so if you try to overwrite a file, instead of the original contents being overwritten, a new file is created in a new location. The old one is still there and so could potentially be recovered. Secure deletion just doesn’t work.

Does this mean that new MacBooks running macOS Sierra are insecure? Yes and no.

You just have to do things differently.

Instead of securely deleting files when you have finished with them, they should be encrypted from the start. An encrypted file is always secure and no-one can access it without a password.

You don’t need to worry about individual files and you just encrypt the whole disk.

  1. Go to System Preferences
  2. Select Security & Privacy
  3. Select the FileVault tab
  4. Click the padlock in the bottom left corner and enter your admin password
  5. Click Turn On FileVault

FileVault encrypts the disk on the Apple Mac
Turn on FileVault and stop worrying about securely deleting files

The only way to access the files on the Mac’s disk is to log in with your username and password or a recovery key created when you enable FileVault (don’t lose them).

Nothing appears to have changed to you and your Mac works exactly as it did before, but to a thief that stole your Mac, they disk is garbled nonsense and cannot be read.

Without disk encryption your Mac is not secure, so encrypt it.

Create encrypted disk images

Apple sees disk encryption as the solution to securely deleting files. No-one can access the disk but you, so the contents, deleted or not, are secure.

The .dmg file has been used to distribute software for the Mac for many years and it is a great way to bundle files and distribute them over the internet. What you may not realise is that disk images can be encrypted and made to be read-write.

If you don’t want to encrypt the whole disk drive for some reason (it makes file recovery in the event of a disk crash harder or even impossible), you can secure files in an encrypted disk image.

  1. Open Disk Utility in the Utilities folder
  2. Select File, New Image, Blank Image
  3. Enter the filename for the .dmg file
  4. Enter the name (of the virtual disk you’re creating)
  5. Set the size to whatever you want, such as 100 or even 1000MB
  6. Click Encryption and choose on of the encryption methods. You must create a password
  7. Click Save to create the disk image

Create disk images in macOS Sierra using Disk Utility
Create a new blank disk image using Disk Utility

Encrypt disk images created on the Apple Mac to make them secure
Enable encryption with disk images to secure the files they contain

When the disk image (.dmg file) is clicked you are prompted to enter a password to access the contents. Only you know the password and so only you can access the files in the disk image.

Encrypted disk images (.dmg files) can only be accessed with a password
You need a password to open an encrypted disk image

If the .dmg file is deleted, the files it contains are encrypted so no-one can recover them. If you open the disk image and delete files then they are moved to the Trash folder. Someone could access them from there, so don’t delete files!

A way around this could be to create another encrypted .dmg file and move the files you want to delete to it, then delete the .dmg.

Creating and using encrypted disk images isn’t perfect and the best solution with SSDs or older Macs using mechanical disk drives is FileVault encryption. Encrypt the disk so only you have access to the files.

Just one last thought. Are your backups encrypted? There is no point in encrypting the disk drive if your then back up your files and store them on an unencrypted backup disk!

 

Share

Comments

1

Ho Roland, There is product called the 'Stellar Wipe Mac' that can secure erase files, folders, hard drives etc. beyond the scope of recovery.

Add new comment

By submitting this form, you accept the Mollom privacy policy.

Related items you will like...