File Erasure on SSD and HDD devices

Top  Previous  Next

Delete vs Wipe

There are two distinguishably different ways of how computer systems erase files:

Deletion: The system marks the file as "not needed" anymore. macOS also removes all information about that file, including its name, time stamps, and other file attributes. But the file data remains untouched, which makes file recovery quite possible by applicable file recovery software, usually inexpensive and easily available.

Wiping: a wiping utility overwrites file information and data with a special data pattern and thus makes file recovery impossible. No file recovery utility can do that when a correct file wiping procedure is applied.

 

Wiping files on modern Macs

Most modern Macs have SSD devices rather than HDD ones as their prime data storages. HDD and SSD devices work completely differently, but the most important difference for us now is whether  files can be irrecoverably wiped out on those devices.

 

HDD devices:

An HDD device keeps file data always on the same physical and logical place which is known to the OS and, through it, to any software. Only the OS can move files across the device, and it's aware where and when it moved their data. Wiping makes sense for an HDD device, as the new data can be written exactly to the same place where the old data was stored. It becomes completely and irrecoverably destroyed, and its recovery is impossible. See more about file wiping algorithms oi the Wiping section.

 

SSD devices:

An SSD device constantly shuffles the file data across its cells to level their wear, and only the device itself knows where the file data is stored at a certain time. The OS has no control over this process, and moreover, it has no means to know the actual location of the data. Using the TRIM command It regularly informs the SSD device that some blocks of data are not needed anymore. The SSD device marked the cells occupied by those blocks as "free" to internally wipe them later.

Therefore, file wiping by the OS or third-party software makes no sense for SSD devices, as the new data cannot be written to the same cells where the old data was stored. Most likely it will be written to other cells and the old data will remain untouched.

Eventually, the file data will be wiped out by the SSD device itself. But the main problem is when that will happen. Depending on many circumstances, it may take from several seconds to several days. Within this time, the file data will remain stored on the SSD device, and can be obtained by those how know how to do that. The good thing though is that practically only the SSD manufacturer has such knowledge, and they keep it as the top-most secret. They are very reluctant to reveal that information even to law enforcement agencies, but they can extract such data themselves, for example, under a court order.

There's also the bad thing though: there are some chances that advanced computer hackers can obtain such information through reverse engineering, although it's highly unlikely that they will do that for an ordinary computer user.

And the last. Do not confuse erasing of particular files on an SSD device with the Erase procedure that irrecoverably destroys ALL DATA on the SSD device making it fully blank.

 

You may erase a single file selecting Wipe with R-Wipe&Clean on the Finder contextual menu, or several files and folders on the Wipe Lists panel.

The default wiping preferences may be set on the Wiping tab of the Preferences panel.

 

R-Wipe & Clean for Mac Overview

R-Wipe & Clean for Mac Main Panel

Customization, Preferences, and Logging

Cleaning a Computer

Erasing Presets and Scheduler

Contact Information and Technical Support