Apple - What's the difference between "Empty Trash" and "Secure Empty Trash"

This excerpt from Tech Republic explains it quite well (emphasis mine):

The Secure Empty Trash command prompts Mac OS X to perform a seven-pass* erasure of the file Instead of just removing a directory entry to the file or files in question, Mac OS X's Secure Empty Trash command initiates a series of seven different passes in which random information is written to the hard disk sectors previously occupied by that file. In fact, Apple states that this secure erasure meets United States Department of Defense security standards.

*This is incorrect. It's a 1X pass. See edit.

In comparison, "Empty trash" does not write over the 'deleted' data at all - it just marks the blocks where this data is stored on your HDD as available for use. It does not erase the actual data you discard.

Writing over a disk even one time takes a while. Simply telling the system "these blocks are now available to be written over" takes no time as well.

You should use "Secure Empty Trash" if you are deleting sensitive information and you want to make sure it won't be recovered in the future.

Edit:

That Tech Republic article is incorrect. As Andrew Medico correctly pointed out in his answer, securely emptying the trash performs a 1X pass. From Apple's Training Manual:

There are varying levels of security offered depending on the number of passes and whether each path uses a specific data pattern or random data. Disk Utility in OS X offers multiple sanitization options for an entire volume or free space. A seven-pass erase option is available that meets U.S. Department of Defense standards (DOD 5220-22M).

Users can also initiate sanitization while deleting files using the Secure Empty Trash command in the Finder. This command overwrites files as they are deleted using a single-pass erase.

While the Erase Free Space option in Disk Utility offers 7X pass, the secure empty trash feature is only a 1X pass. Tech Republic seems to have conflated the two.


When you perform Empty Trash the data is not erased from the disk, instead the disk space which was occupied by these files becomes available for the System to use. As the information is still there it can be accessed and retrieved with forensic software and utilities.

When you perform Secure Empty Trash the files' disk space is overwritten so that the information is very unlikely to be recovered.

So Secure Empty Trash should be used when sensitive information wants to be completely removed from the disk. If this is not the case just using Empty Trash will do the trick and, besides being faster than doing it securely, could save you in occasions in which you accidentally delete an important file and want to recover it.


According to Apple, as of OS X 10.8 (and probably all other releases supporting Secure Empty Trash):

Secure Empty Trash ... overwrites files as they are deleted using a single-pass erase.

This prevents data recovery after the data has been overwritten.

The ordinary Empty Trash command just marks the file areas as available, but does not overwrite them. The data could still be recovered by specialized tools.

Tags:

Macos

Mac

Trash

Secure Erase

Related

Apple - Create a LAN between Mac Mini and two MacBooks without internet Apple - How can I remap Caps lock to both Escape and Control? Apple - small button on the left-hand side of MacBook pro Apple - Why do I get different Available/Used spaces with Disk Info and df? Apple - hdiutil: compact failed – Function not implemented Apple - Is the screen dry or wet? Apple - How do I disable (and re-enable) my Thunderbolt port from the terminal? Apple - Is it possible to take a screenshot in Recovery Mode? Apple - The operation can’t be completed because the original item for “Foo” can’t be found Apple - What folders can be safely excluded from Time Machine backup? Apple - How to make command apm available after installing atom? Apple - Are there iphone apps or automation for taking photos and sharing low resolution versions?

Recent Posts