How to Securely Delete Files So They Can't Be Recovered
Deleting a file doesn’t actually remove it from your drive — it just marks the space as available. Here’s how to truly erase data.
Why Normal Deletion Isn’t Enough
When you move a file to the Trash and empty it:
Your file: [●●●●●●●●●●●●●●●●]
File system: [················] (marked as "free space")
Data on disk:[●●●●●●●●●●●●●●●●] (still there until overwritten)Recovery software can undelete files that were only “emptied” from the Trash.
Windows
SDelete (Sysinternals)
Microsoft’s official secure delete tool:
# Download from Microsoft
# sdelete.exe [options] file-or-folder
# Delete a file (3 passes)
sdelete sensitive.docx
# Delete a folder (recursive)
sdelete -s C:\path\to\folder
# Wipe free space (slow, but overwrites deleted files)
sdelete -c C:Cipher (Built-in)
Overwrites deleted data on NTFS drives:
# Wipe free space on C: drive (takes hours)
cipher /w:C:\File Shredder (GUI)
Third-party tools with graphical interface:
- File Shredder (free)
- Eraser (free, open source)
- BCWipe (paid)
- CCleaner Drive Wiper (free, built-in)macOS
Secure Empty Trash (Legacy)
Modern macOS has removed the “Secure Empty Trash” option. Use Terminal instead.
Disk Utility Erase
Applications → Utilities → Disk Utility
Select drive → Erase → Security OptionsDrag the slider to choose how many overwrite passes.
Terminal
# Overwrite a file with random data before deleting
srm sensitive.docx
# srm options:
# -s (simple: 1 pass of random data)
# -m (medium: 7 passes) - default
# -z (zero: overwrite with zeros)
# Remove recursively
srm -r /path/to/folder
# Wipe free space
# Create a large file to fill remaining space, then delete it
dd if=/dev/zero of=~/tempfile bs=1m
rm ~/tempfileLinux
shred (Coreutils)
# Overwrite a file (3 passes by default)
shred sensitive.docx
# Verify by reading back
shred -v sensitive.docx
# Remove after overwriting
shred -u sensitive.docx
# More passes (for paranoia)
shred -n 10 -u sensitive.docx
# Shred entire partition
sudo shred -v /dev/sda1wipe
# Install
sudo apt install wipe
# Wipe a file or directory
wipe sensitive.docx
wipe -r /path/to/folderdd (Wipe Entire Drive)
# Overwrite with zeros (fast)
sudo dd if=/dev/zero of=/dev/sda bs=4M status=progress
# Overwrite with random data (slower but more secure)
sudo dd if=/dev/urandom of=/dev/sda bs=4M status=progress
# Multi-pass
for i in 1 2 3; do
sudo dd if=/dev/urandom of=/dev/sda bs=4M status=progress
doneWipe Free Space
# Create a file to fill all free space
dd if=/dev/zero of=~/tempfile bs=1M
rm ~/tempfileSSDs vs HDDs
SSDs make secure deletion harder due to wear leveling — the drive’s controller spreads writes across all cells, so overwriting a file’s location may not hit the original physical cells.
| Method | HDD | SSD |
|---|---|---|
| Single overwrite | ✓ Mostly sufficient | ✗ Not reliable |
| Multi-pass | ✓ Very reliable | ✗ Not helpful |
| ATA Secure Erase | ✓ | ✓ (built-in command) |
| Physical destruction | ✓ | ✓ |
ATA Secure Erase (SSD)
Built into the drive itself:
# Install hdparm
sudo apt install hdparm
# Check if drive supports secure erase
sudo hdparm -I /dev/sda | grep -i "secure erase"
# Set a password (temporary)
sudo hdparm --user-master u --security-set-pass p /dev/sda
# Issue the secure erase command
sudo hdparm --user-master u --security-erase p /dev/sdaPhysical Destruction
For maximum security (disposing of drives):
- Degaussing (magnetically erase HDDs)
- Drilling holes through the platters (HDD)
- Crushing with a hydraulic press
- Shredding (industrial shredders)
- IncinerationHow Many Passes Do You Need?
| Standard | Passes | Use Case |
|---|---|---|
| 1 pass zeros | 1 | Most files, non-sensitive |
| DoD 5220.22-M | 3 | Government documents |
| Gutmann | 35 | Paranoid (1990s HDDs) |
| Schneider | 1-3 | Modern drives (1 is enough for HDD) |
| ATA Secure Erase | 1 | SSDs |
For most people: 1 pass of zeros is sufficient. Modern HDDs can’t recover data after a single overwrite. The 35-pass Gutmann method is obsolete — it was designed for 1990s MFM/RLL encoding.
Related: Learn about password managers and browser privacy.