File by CybXSan
FileXBlog › Does deleting a file actually erase it? NIST 800-88, SSDs, and secure erase

Does deleting a file actually erase it? NIST 800-88, SSDs, and secure erase

Sanjoy Karmakar·July 6, 2026·4 min read·CybXSan

Drag a file to the trash, empty it, and it's gone — right? Not really. On most systems, "delete" removes the file's entry in the index, like tearing a page out of a book's table of contents while leaving the chapter in place. The bytes sit on disk, fully readable, until something else happens to overwrite them. Free, widely available recovery tools bring "deleted" files back every day.

If you're selling a laptop, returning a work device, or handing off a folder that held sensitive documents, "deleted" is not the same as "unrecoverable." Here's the real picture, and the standard that defines it.

Deleting vs. overwriting

Two very different operations get called "deleting":

The distinction is the whole game. To sanitize a file you have to overwrite its bytes before releasing it — not just drop the pointer to it.

The standard: NIST SP 800-88

The reference framework for getting rid of data is NIST Special Publication 800-88 ("Guidelines for Media Sanitization"). It defines three escalating levels:

Level What it means Defeats
Clear Overwrite user-addressable storage with new data Standard software recovery / undelete tools
Purge Techniques that resist even laboratory recovery — e.g. cryptographic erase, or a drive's built-in secure-erase command Forensic recovery in a lab
Destroy Physically shred, incinerate, or pulverize the media Everything (the media no longer exists)

Most people, most of the time, need Clear: overwrite the file's bytes so ordinary recovery tools find nothing. That's the level a browser-based tool can reach.

The myth of 35 passes

You'll see tools boasting about DoD 5220.22-M (3 or 7 passes) or the Gutmann method (35 passes). Those multi-pass patterns date from the era of magnetic platter drives, where faint remnants of overwritten bits were a theoretical concern. On modern drives, NIST 800-88 is explicit: a single overwrite pass is sufficient for Clear. The elaborate multi-pass rituals persist mostly for policy checkboxes and compliance recognition, not extra real-world security. More passes mostly means more waiting.

SSDs change everything

Here's the part that trips up even careful people: on SSDs and flash storage, overwriting a file in place does not reliably destroy the old bytes.

Flash can't rewrite a cell in place the way a hard drive can. To spread wear evenly and stay fast, SSD controllers use wear-leveling: when you "overwrite" a file, the controller often writes the new data to a different physical location and quietly retires the old block. Your operating system thinks the bytes were replaced; physically, the originals may still be sitting in a retired block the OS can't even address anymore.

On an SSD, a software overwrite gets you a best-effort logical wipe. It defeats normal recovery tools, but it can't guarantee that a physical remnant is gone. That's not a flaw in the tool — it's how flash works.

Reaching Purge on an SSD means going beyond software overwrites:

Both need lower-level access than a web page has.

What FileX does — and where its two tools draw the line

FileX gives you two options, and it's honest about exactly what each achieves:

The in-browser Eraser tool uses the browser's File System Access API to overwrite a file's bytes (one or more passes, your choice of standard) and then delete it. That's a best-effort logical wipe — NIST 800-88 "Clear." It reliably defeats undelete and file-recovery software. On SSD/flash it can't promise the physical bytes are gone, and it says so — right in the tool and on the certificate it generates.

The downloadable FileX Eraser Tool (a native desktop/CLI app) goes further: it can do cryptographic erase and NIST 800-88 Purge, target whole drives and servers, run offline, and produce the same tamper-evident certificate format. That's the tool for decommissioning hardware or meeting a compliance requirement.

Matching the method to the medium is the whole point: Clear for erasing files you're done with, Purge or Destroy before hardware leaves your control.

Practical guidance

Want to clear out a folder of sensitive files right now? The in-browser Eraser overwrites and deletes them locally and hands you a certificate — nothing is uploaded.

Try the tools

Securely erase files with a certificateRemove hidden metadata from a PDF