Performing custom secure file deletion via the OS X Terminal

Apple's "Secure Empty Trash" option will perform a seven-pass random erase on the files in the Trash, but you may wish to change this up a bit.

When you delete a file from your hard drive, the system will by default just remove that item's directory entry but will leave its data structure on the drive intact. This allows the file's data to be overwritten, but it also means that until this happens, the file's data can be read and reassembled if needed, as is done by various file recovery utilities. To prevent files from being recovered, OS X comes with a secure erase option that overwrites the location of files on the disk with random data, which interferes with the file's data patterns and prevents it from being recovered.

Apple Finder menu
Apple's "Secure Empty Trash" option is available in the "Finder" application menu.

Unfortunately, depending on the file size this can take a long time, since the system has to write data to the disk for each pass. For example, if you perform a secure erase on a 1GB file then you will have to wait for the hard drive to write 7GB of data to the disk before the routine is finished. This differs from a standard deletion where removing the entry from the directory takes a millisecond or two, regardless of the file's size.

Even though the idea of multiple-pass erases may provide ease of mind, for most intents and purposes a single pass of random data overwriting a file is enough to ensure no bit patterns of the original file can be detected and therefore render it irrecoverable. Unfortunately OS X does not have any options to change its default secure-erase routine, which uses a seven-pass erase scheme to overwrite the data.

Despite this, there is an option in OS X that can be used to better customize secure file deletion, which is the Terminal command "srm." If you are famiilar with the Terminal then the "srm" command has very similar syntax to the "rm" command, except that it has additional options for the secure erasing of the file, which are to overwrite it with zeros (with the "-z" tag), overwrite it with one pass of random data (the "-s" tag), or to use the Department of Defense recognized seven-pass deletion (the "-m" tag--for "medium"). If no specifications are issued, then the program will default to doing a 35-pass erase, which can take a very long time.

For people not familiar with the use of the command, all you have to do is the following:

  1. Open the Terminal and type the following, followed by a single space:

    srm -rfv -s

  2. Drag the files or folders to be deleted to the Terminal window (their full file paths should complete in the window).

  3. Press enter to delete them.

This option will perform the "Simple" or single-pass erase of the files, but if you change the "-s" to a "-m" then it will perform the seven-pass erase. If you just want to overwrite the file with zeros (which is also likely more than adequate for irrecoverably erasing files), then you can use the "-z" tag her instead. To have the program perform the full 35-pass erase, just remove this tag altogether so there is no "-s", "-z", or "-m" option in the command.

Do you have any tips or tricks for securely erasing files in OS X? If so then let us know in the commnts.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Featured Video

Walmart's five buck LED is one of the brightest we've tested

For basic lighting needs, this bulb looks like a solid pick, but its dimming performance leaves a lot to be desired.

by Ry Crist