How to Securely Erase Storage Media in Mac OS X

Inevitably, there will come a time when you have to donate, sell, or return your Mac. Maybe it’s just a bit too old and slow, and it’s time for a replacement. Maybe you’ve changed jobs, and you need to return your computer back to the mothership. Maybe you’re ready to donate the too-slow-for-me-but-great-for-a-student Mac to the local school.

When preparing for such a situation, it’s important that you do more than just delete your personal files and clear the browsing history. Even using the Finder’s “Secure Empty Trash” feature often isn’t enough, because it doesn’t account for the files and folders you may have deleted in the past, yet which still remain.

This is bad news if you’ve ever stored private data like bank information, family photos, or proprietary corporate data on your computer. These are probably not the kind of things you’d want to share.

Don’t Forget the Flip, Memory Stick, or CF/SD Card

Just a quick mention: these techniques aren’t reserved just for the hard drives in your computer. They’ll work just as well on a Flip, a CF or SD card, memory stick, or external USB or Firewire storage devices.

From Beyond the Filesystem Grave

These files remain because deleted files aren’t really removed. Modern disk tools and utilities make it easy to recover so-called “deleted files” from a hard drive with surprisingly little effort. This is because in a normal delete operation (and this is true for most operating systems, not just Mac OS X), files and their contents aren’t actually removed. Instead, only the file’s listing in the directory is removed, leaving the full contents of the file on the hard drive. Although the files won’t appear in the Finder (or with ls on the command line), the data will remain until the operating system writes new data over the place where the old data lives. This may happen right away, or it may take years.

There are a number of reasons for this, but two come to mind. In many cases, you might not have meant to delete the file — maybe you deleted it by accident, or just emptied the Trash without thinking. It’s also done for the sake of system performance, speed, and efficiency. Why go to the trouble to truly delete a file, when you can just delete its entry in the file listing?

The term for this persistence of data or residual information is data remanence, and understanding it provides a window into how many system utilities can recover accidentally deleted files and data from a hard drive. Many disk tools and utilities, such as those used by data recovery companies, government agencies, and the script-kiddie who’s about to inherit your old iMac, have no problem pulling back data from beyond the filesystem grave with ease.

Reformatting the Drive Is Not Enough

So then, according to Apple:

[Even when you reformat a drive] Disk Utility only erases the information used to access the files on the disk, not the actual files. Because of this, the erased files can be recovered.

Although repartitioning a drive is generally a nice, destructive measure, even when paired with a reformat, it still isn’t enough to truly remove all of your data.

Erasing Disks Securely

Although there are a number of methods you can use to truly clean up a hard drive, Mac OS X offers some built-in functionality to do this for you using a straight-forward, although somewhat hidden feature of Disk Utility. I’ve verified that this feature is available in both Tiger (10.4) and Leopard (10.5), and I seem to recall that it was available in earlier releases as well (feel free to let me know in the comments).

There are two main ways you can use Disk Utility to clean things up: Erase Free Space and Secure Erase. The first doesn’t require you to reformat or repartition your drive and doesn’t require you to reinstall the operating system. The second requires a reformat and reinstallation.

There are actually four options you can use to securely erase your data, from a basic but still somewhat secure way to a method that meets or exceeds the U.S. Department of Defense requirements for erasing confidential data. From the user perspective, the difference between methods is just time. The more secure you want to be, the longer it’ll take to clean up the data.

How It Works

Before we get into the actual steps you’ll take to truly delete your data, let’s take a look at the four different methods Disk Utility can use to do it:

Zero Out Data

This method writes zeros over all of the data on the drive. This provides a decent level of file security, and takes the least amount of time to run.

7-Pass Erase

Now we get into the world of real data security. Select this option and Disk Utility will write data over the entire disk seven times. This option conforms to the DoD 5220.22-M specification, which means very few people on planet Earth would be able to get the data back. The 7-Pass erase takes 7 times longer than the Zero Out Data option, so be prepared to let it run the whole day or overnight.

35-Pass Erase

This option is also known as the “I Think They’re Watching Me” method. It writes data over the entire disk 35 times. Yes, 35 times. And as you might have guessed, it will take 35 times longer to run than the Zero Out option.

You can learn more than you ever wanted to know about the algorithms in use by Disk Utility on Apple’s About Disk Utility’s secure erase options web page.

Generally speaking, I recommend the 7-Pass Erase option. It takes a bit longer, but it’s very secure, and you’ll sleep better at night.

A Quick Warning

We’re talking about completely and permanently erasing your data in a way that should be beyond recovery, even by the most effective techniques.

Make sure you have a really good backup before you do this.

You might also want to consider the legality of reformatting a drive in a system that belongs to another entity, like your employer.

Option One: Erase Free Space

If you’d rather not have to reformat your hard drive — perhaps time is a factor, maybe you need to return the machine exactly as it was delivered to you, or if you don’t have Tiger or Leopard install disks, and you don’t mind combing your entire drive to delete personal or private information, this is the option for you.

Using Disk Utility, and without having to reformat or repartition your drive, you can perform what Apple calls a “Secure Erase” of your hard drive.

Disk Utility: Erase Free Space

Remember that you’ll want to make sure you’ve deleted any private information from your drive before you start this process. Here’s what to do:

  1. Launch Disk Utility. You’ll find it in /Applications/Utilities.
  2. Select the hard drive (or storage device) you’d like to perform the operation on from the list on the left.
  3. Click the Erase Free Space … button. A pane will slide down prompting you to select one of the security options I’ve described above.
  4. Select the level of security you’d like from the pane.
  5. Click the Erase Free Space button.
  6. Wait a long time.

Disk Utility: Erase Free Space Options

When it’s finished, all of the free space on your drive will have been overwritten and assuming you didn’t leave anything behind, it’ll be free of your private data.

Option Two: Secure Erase

Although this option is a bit more complicated, it’s the only way to be absolutely certain that your system is entirely purged of all data.

There’s also the added benefit that it will be returned to its original, from-the-factory state. This is great if you’re giving the machine away to somebody, as they’ll have the experience of starting up the Mac for the very first time. They’ll get to watch the Welcome to Apple video (there’s a trick to make this work, more on that later), and you won’t have to worry about deleting user accounts, application licenses, etc.

If you’re running this on a drive or media that isn’t your boot drive, you can skip steps 1 and 2 below. Otherwise, to use this method, you’ll need to have either a Tiger or Leopard install CD/DVD, or (even better) the original restore CD/DVD that came with your computer, which will install all of the extras that often come with a system when you buy it.

Disk Utility: Secure Erase

Here’s how you do it:

  1. Boot the Mac from the CD/DVD (hold down the C key while the machine starts, until it’s booted)
  2. After the initial language selection screen, once the Installer has launched, go to the Utilities menu and select the Disk Utility … item. This will launch Disk Utility.
  3. Click the Security Options … button. A pane will slide down prompting you to select one of the security options I’ve described above (with an additional “Don’t Erase Data” option, which you can ignore).
  4. Select the level of security you’d like from the pane and click OK.
  5. Click the Erase … button.
  6. When prompted, click the Erase button in the dialog box.
  7. Wait a long, long time.

Disk Utility: Secure Erase Options

If this was an external drive or storage device, you’re done. If this is the Mac’s primary drive, you’ll need to follow a few more steps:

  1. Quit the Disk Utility application. This will return you to the Installer.
  2. Install Mac OS X as you normally would.
  3. When the computer reboots, it will play the Welcome to Apple video, and then prompt you to collect registration and account information. Instead of entering any information, press Command-Q to exit the Registration application.
  4. Select Shut Down when prompted.

Now, when you hand your computer over, it will be completely free of any private data and ready to go in a first-run, factory fresh configuration.

Final Thoughts

I run through this process on every machine, hard drive, or storage device that I sell, give away, or donate. In reality, the chance that somebody will actually try and recover data from your drive is pretty slim, but if it’s a concern, if you have a good backup, and if you’re within your legal rights to do it, it’s well worth the extra effort.

More articles in the Archive →