© 2019 R-Tools Technology Inc.
All rights reserved.
Delete vs Wipe
There are two distinguishably different ways of how computer systems erase files:
Deletion : The system marks the file as "not needed" anymore. macOS also removes all information about that file, including its name, time stamps, and other file attributes. But the file data remains untouched, which makes file recovery quite possible by applicable file recovery software, usually inexpensive and easily available.
Wiping : a wiping utility overwrites file information and data with a special data pattern and thus makes file recovery impossible. No file recovery utility can do that when a correct file wiping procedure is applied.
Wiping files on modern Macs
Most modern Macs have SSD devices rather than HDD ones as their prime data storages. HDD and SSD devices work completely differently, but the most important difference for us now is whether files can be irrecoverably wiped out on those devices.
An HDD device keeps file data always on the same physical and logical place which is known to the OS and, through it, to any software. Only the OS can move files across the device, and it's aware where and when it moved their data. Wiping makes sense for an HDD device, as the new data can be written exactly to the same place where the old data was stored. It becomes completely and irrecoverably destroyed, and its recovery is impossible. See more about file wiping algorithms oi the Wiping section.
An SSD device constantly shuffles the file data across its cells to level their wear, and only the device itself knows where the file data is stored at a certain time. The OS has no control over this process, and moreover, it has no means to know the actual location of the data. Using the TRIM command It regularly informs the SSD device that some blocks of data are not needed anymore. The SSD device marked the cells occupied by those blocks as "free" to internally wipe them later.
Therefore, file wiping by the OS or third-party software makes no sense for SSD devices, as the new data cannot be written to the same cells where the old data was stored. Most likely it will be written to other cells and the old data will remain untouched.
Eventually, the file data will be wiped out by the SSD device itself. But the main problem is when that will happen. Depending on many circumstances, it may take from several seconds to several days. Within this time, the file data will remain stored on the SSD device, and can be obtained by those how know how to do that. The good thing though is that practically only the SSD manufacturer has such knowledge, and they keep it as the top-most secret. They are very reluctant to reveal that information even to law enforcement agencies, but they can extract such data themselves, for example, under a court order.
There's also the bad thing though: there are some chances that advanced computer hackers can obtain such information through reverse engineering, although it's highly unlikely that they will do that for an ordinary computer user.
And the last. Do not confuse erasing of particular files on an SSD device with the Erase procedure that irrecoverably destroys ALL DATA on the SSD device making it fully blank.