Why use secure deletion?

Operating systems do not actually remove the contents of a file when it is deleted, even after emptying the trash or explicitly removing the file, from the command line for example.

Instead, they simply remove the file's entry from the file system directory, because this requires less work and is therefore faster. The contents of the file—the actual data—remain on the storage medium. The data will remain there until the operating system reuses the space for new data.

Likewise, reformatting, repartitioning or reimaging a system is not always guaranteed to write to every area of the disk, though all will cause the disk to appear empty or, in the case of reimaging, empty except for the files present in the image, to most software.

Finally, even when the storage medium is overwritten, physical properties of the medium might make it possible to recover the previous contents. In most cases however, this recovery is not possible by just reading from the storage device in the usual way, but requires using laboratory techniques such as disassembling the device and directly accessing/reading from its components.

To learn more, see the Wikipedia article on data erasure.

Warning about USB sticks and SSDs

Secure deletion is not as reliable on USB sticks and SSDs (solid-state drive) as it is on traditional hard disks.

USB sticks and SSDs sometimes copy the same data to various memory cells to extend the lifetime of the device. USB sticks and SSDs also have 10–20% of spare memory cells for the same reason.

As a consequence, part of the data from a given file might still be written on the device even after securely deleting it.

This data could be recovered using advanced data forensics techniques, for example by professional data recovery services.

To mitigate this risk, you can:

  • Encrypt the device before use, to make it hard to recover any data.

  • Securely delete the entire device. Some old data might still be present in the spare memory cells.

  • Physically destroy the device.

Securely deleting files

Securely deleting files does not erase the potential backup copies of the file (for example LibreOffice creates backup copies that allow you to recover your work in case LibreOffice stops responding).

  1. Open the Files browser.

  2. Navigate to the folder containing the files that you want to delete.

  3. Select the files that you want to delete with the mouse.

  4. Right-click (on Mac, click with two fingers) on the files and choose Wipe.

  5. Confirm.

  6. The deletion will start. It can last from a few seconds to several minutes, according to the size of the files. Be patient…

Securely cleaning available disk space

In order to clean up the contents of all files that were previously suppressed but not securely deleted from a disk, it is also possible to securely clean all the free space on the disk.

The disk or the folder can contain other files. Those files will not be deleted during the operation.

  1. Open the Files browser.

  2. Click on the disk that you want to clean in the left pane to navigate to the root of this disk.

  3. Click on the Menu button in the right corner of the title bar and choose Show Hidden Files.

  4. If you want to empty the trash, delete the .Trash-1000 folder or similar.

  5. Right-click (on Mac, click with two fingers) in empty space in the right pane and choose Wipe available diskspace.

  6. Confirm.

  7. The cleaning starts. It can last from a few minutes to a few hours, according to the size of the available diskspace. Be patient…

    Note that a file with a name similar to tmp.7JwHAyBvA9 is created in the folder. It is made as big as possible to use all the available diskspace and then securely deleted.

Securely erasing an entire device

  1. Open the Disks utility.

    All the current storage devices are listed in the left pane.

  2. Plug in the USB stick or SSD that you want to securely delete.

  3. A new device appears in the list of storage devices. Click on it:

  4. Check that the description of the device on the right side of the screen corresponds to your device: its brand, its size, etc.

  5. Click on the Menu button in the titlebar and choose Format Disk… to erase all the existing partitions on the device.

  6. In the Format Disk dialog:

    • Choose to Overwrite existing data with zeroes in the Erase menu.

    • Choose Compatible with all systems and devices (MBR/DOS) in the Partitioning menu.

  7. Click Format….

  8. In the confirmation dialog, make sure that the device is correct. Click Format to confirm.