Insights For Success

Strategy, Innovation, Leadership and Security

OPSEC - How to securely delete files

GeneralEdward Kiledjian

You should also read my previous article "OPSEC - Introduction to Malware". 

Most computer (or smartphone/tablet) users believe that when you use the delete function in your operating system, you have securely destroyed the file beyond recovery, but that simply isn't the case. In most cases, the entry to the file was removed from the index but unless that disk space is needed by the operating system, the file is most likely still on the disk (just isn't normally accessible anymore).  The only sure way to ensure that the information is permanently deleted is by using a special process or tool that overwrites the drive. 

Let's talk about solid state drives

Note :  Deleting files from flash drives is very hard (Solid State Disks, USB keys, SD Cards, etc) The information in this post applies only to traditional spinning disks (what we call hard drives). 

The best recommendation I can make for these types of media is to use encryption as soon as you unpack the medium. 

What about Windows

The most widely recommended tool to securely delete a file or write over empty space to ensure previously deleted files aren't recoverable is a freeware tool called Eraser. Once installed, you can right-click a file or folder and choose Eraser > Erase from the right-click menu. 

You can also delete all the previously delete data from your computer by overwriting the empty space. 

What about Mac OS?

On MacOS 10.4 running on a computer with a normal hard drive, you can

  • open the Trash folder
  • Go to Finder > Secure Empty Trash

Unfortunately, in the El Capitan update, Apple removed this option because it could no longer guarantee that the new SSD disks in its devices would overwrite the files. Their comment can be found here and reads:

An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the “Secure Empty Trash” option.
— Apple blog

Apple's mitigating control is that they encrypt the entire disk using FileVault and thus without your password, the data would look like jibberish anyway. 

What do I do before selling my computer?

Regardless if you use a Windows or Mac machine, or if you use a hard disk or more modern SSD, the key is to remove the storage medium from the machine before you sell it. Then physically destroy the disk. In the commercial space, we use specialized disk shedders but you can drill holes in it then bank the daylights out of it with a hammer. Just remember to be safe.

How do I dispose of CD-ROMs or DVDs?

Most office supply stores sell inexpensive paper shedders that also shred (or in most cases physically destroy the storage medium) of CD-ROMs and DVDs. I recommend you invest in one of those or physically break the disk into hundreds of pieces using pliers.