Security & Privacy

Mac Security Tip: Securely Erase Free Space and Hard Disks

Posted on by

In our last Mac Security Tip, Securely Erase Trash, we explained that you can securely overwrite files, but pointed out that this may not be as secure as it seems.

When a computer writes a file to a hard disk the first time – when you first save a new file – it is stored in one location. When you next save the file, such as after you’ve written some text or entered some data in a spreadsheet, your Mac saves it in a different location, because it cannot safely overwrite the first version. And the next time you save the file, the same thing happens again. So each time you save a file, the new version gets written to a new location. Because of this, the final file that you securely delete is not the only trace of the contents of that file.

Let’s say that you’ve saved a file ten times, then securely deleted the final version; there are still a possible nine other versions of the file on your hard disk. The spaces where this data are written are not protected; other files can be written there. But you cannot be sure that this is the case, and there is the possibility that the free space on your hard drive contains confidential data that may be recoverable by disk rescue software.

With Apple’s Disk Utility (located in your /Applications/Utilities folder), you can erase the free space on your hard disk. Launch the program, select your disk in the sidebar, then click on the Erase icon in the toolbar. Click on the Erase Free Space button to see your options:

You can choose from three options here:

  • Zero Out Deleted Files: this writes zeroes over all the free space on your disk.
  • 7-Pass Erase of Deleted Files: this writes zeroes seven times over the free space, and takes seven times as long.
  • 35-Pass Erase of Deleted Files: this is for the truly paranoid; it writes zeroes 35 times, and takes a very long time.

In most cases, the first option is sufficient, but even if you zero out the deleted files, some disc recovery software may be able to recover data. So the 7-pass erase is probably safer if you’re worried about very confidential files.

This is certainly not an everyday operation. However, if you work with confidential files and are selling a computer, giving it to someone, or even sending a computer for service, you might want to do this. The same options are available from the Erase tab when you erase the entire disk or partition.