The Mac Security Blog

Apple + How To + Recommended

How to Securely Empty Trash in OS X El Capitan

Posted on by

Secure Empty Trash OS X El Capitan

Previous versions of OS X used to have a Secure Empty Trash feature, which would securely delete the contents of the Trash. What this did was overwrite the files with zeroes, making it much harder — nearly impossible, in fact — to recover the files.

Unfortunately, when OS X El Capitan was released, Apple removed the Secure Empty Trash feature due to a vulnerability identifid as CVE-2015-5901. As the company says in its notes for security fixes:

Finder
Available for: Mac OS X v10.6.8 and later
Impact: The “Secure Empty Trash” feature may not securely delete files placed in the Trash
Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the “Secure Empty Trash” option.

When OS X saves a copy of a file, it doesn’t write that file to the same part of the disk. In layman’s terms, what this means is that while you may be able to securely delete a file or folder, you cannot be certain that other copies of that file are not recoverable. As such, securely emptying the Trash is not reliable. While many Mac users miss this option, Apple felt it’s better to be safe and not offer it if the feature isn’t 100% reliable.

How to securely delete files in El Capitan

There are still a couple of ways you can securely delete files in El Capitan. For example, you can use a command called srm, which can “securely remove files or directories.” To do this, open Terminal (go to Finder > Applications > Utilities); it’s in the Utilities folder in your Applications folder, and then type the following:

srm -v

Type a space after the above command. Drag a file that you want to delete into the Terminal window; you’ll see that Terminal adds its file path. Press Return, and the file will be securely deleted. If the file is very large, this may take a while.

If you want to delete a folder, then use this command:

srm -rv

However, this command may still not delete other copies of a file that had previously been written to other parts of your disk.

How to securely erase free space in El Capitan

To fully clean up your drive, you can use another Terminal command to securely erase all its free space. (This feature used to be available in Disk Utility, but Apple removed it.). The command is as follows:

diskutil secureErase freespace LEVEL /Volumes/DRIVE

Replace DRIVE with the name of your drive, and LEVEL to a number from 0 to 4. The following describes what these numbers mean:

  • 0 writes zeroes to the disk once
  • 1 writes a series of random numbers
  • 2 writes zeroes 7 times
  • 3 writes zeroes 35 times
  • 4 writes zeroes 3 times

Note that the time it takes to erase the free space is multiplied by the number of passes.

Why Apple’s FileVault is your best solution

To ensure that no one can use disk recovery software on your drive, it’s best to use Apple’s FileVault. Apple’s FileVault full-disk encryption ensures that even when files are saved multiple times in different areas of a drive, they are encrypted. The only way anyone could get at them is if they have your FileVault password.

If you haven’t yet given FileVault a go, it’s easy to enable. Make sure you have logged into OS X with an account that has admin privileges, and go to System Preferences > Security & Privacy > FileVault. Once there, press Turn on FileVault. With FileVault turned on, you no longer have to worry about securely deleting files.

Further reading:

About Kirk McElhearn

Kirk McElhearn writes about Apple products and more on his blog Kirkville. He is co-host of the Intego Mac Podcast, as well as several other podcasts, and is a regular contributor to The Mac Security Blog, TidBITS, and several other websites and publications. Kirk has written more than two dozen books, including Take Control books about Apple's media apps, Scrivener, and LaunchBar. Follow him on Twitter at @mcelhearn. View all posts by Kirk McElhearn →