File deletion is the removal of a file from a computer’s file system. All operating systems include commands for deleting files (rm on Unix, era in CP/M and DR-DOS, del/erase in MS-DOS/PC DOS, DR-DOS, Microsoft Windows etc.). File managers also provide a convenient way of deleting files. Files may be deleted one-by-one, or a whole blacklist directory tree may be deleted.
Examples of reasons for deleting files are:
- Freeing the disk space
- Removing duplicate or unnecessary data to avoid confusion
- Making sensitive information unavailable to others
- Removing an operating system or blanking a hard drive
A common problem with deleting files is the accidental removal of information that later proves to be important. A common method to prevent this is to back up files regularly. Erroneously deleted files may then be found in archives.
Another technique often used is not to delete files instantly, but to move them to a temporary directory whose contents can then be deleted at will. This is how the “recycle bin” or “trash can” works. Microsoft Windows and Apple’s macOS, as well as some Linux distributions, all employ this strategy.
In MS-DOS, one can use the undelete command. In MS-DOS the “deleted” files are not really deleted, but only marked as deleted—so they could be undeleted during some time, until the disk blocks they used are eventually taken up by other files. This is how data recovery programs work, by scanning for files that have been marked as deleted. As the space is freed up per byte, rather than per file, this can sometimes cause data to be recovered incompletely. Defragging a drive may prevent undeletion, as the blocks used by deleted file might be overwritten since they are marked as “empty”.
Another precautionary measure is to mark important files as read-only. Many operating systems will warn the user trying to delete such files. Where file system permissions exist, users who lack the necessary permissions are only able to delete their own files, preventing the erasure of other people’s work or critical system files.
Under Unix-like operating systems, in order to delete a file, one must usually have write permission to the parent directory of that file.
The common problem with sensitive data is that deleted files are not really erased and so may be recovered by interested parties. Most file systems only remove the link to data (see undelete, above). But even overwriting parts of the disk with something else or formatting it may not guarantee that the sensitive data is completely unrecoverable. Special software is available that overwrites data, and modern (post-2001) ATA drives include a secure erase command in firmware. However, high-security applications and high-security enterprises can sometimes require that a disk drive be physically destroyed to ensure data is not recoverable, as microscopic changes in head alignment and other effects can mean even such measures are not guaranteed. When the data is encrypted only the encryption key has to be unavailable. Crypto-shredding is the practice of ‘deleting’ data by (only) deleting or overwriting the encryption keys.
Was this article helpful?