When deleting a file, most operating systems just delete the reference to this file, not its actual content. For illustration, that’s like removing a chapter from a book’s table of contents without actually removing (and shredding) the according pages in the book.
So, in order to really (securely) delete a file on a hard disk, there are basically two methods (simplified; from a technical point of view it’s both the same):
- Overwrite the file content (i.e. its clusters) with random data
- Delete the file as usual, empty the trash and overwrite the whole free space on the according hard disk with random data
For the second method, here’s how to do it using Mac OS X:
- Delete the file(s) and empty the trash
- Find out the device name of the according hard disk by opening a new ‘Terminal’ window and executing the “df” command. For example, for a RAID 1 disk, the path of the disk might be something like “/dev/disk2”
- In the opened ‘Terminal’ window, execute:
diskutil secureErase freespace 1 /dev/disk2
where “1” stands for “single-pass random-fill erase” and “/dev/disk2” is the disk device (adjust this to match your disk). When prompted, enter the admin’s credentials.
Note that overwriting free space like this takes quite some time depending on the amount of free space there is and how many passes you need (e.g. use “2” for a US DoD 7-pass secure erase or “3” for a Gutmann 35-pass secure erase). For more information about diskutil and its options, see “man diskutils”.