How to Use Mac’s Disk Utility to Securely Wipe a Drive

There may come a time when you want to completely remove all traces of information on your Mac’s drives. It may be because you’re selling or donating your Mac, and you want all your personal information wiped clean from the drive. Or perhaps you want to wipe an older drive that you’re replacing because it’s too small, or because it has started to show a few errors when you test the drive.

No matter the reason, wiping a drive is an easy – though sometimes very long – process that just about any Mac user can take care of on their own.

So, if it’s so easy, why the need for this guide? Well, while the process is simple, there are some important considerations to understand that will affect how you erase your Mac’s drive.

Using Disk Utility to Wipe a Hard Drive
First, we’re going to look at wiping the contents of a hard drive. It doesn’t matter if it’s an internal, external, or your Mac’s startup drive; using these techniques you can obliterate the contents of the selected drive, making it all but impossible to recover the data.

These methods will work for any hard drive you may be using with your Mac. They should not, however, be used with any SSD (Solid State Drive), including a Fusion drive, which contains an SSD element. Don’t worry, though; SSDs can also be wiped, they just require a different technique. We’ll cover SSDs a bit later in this guide.

(Use the slider to select one of four secure erase options.)

Erase It and Then Erase It Again
Disk Utility includes a secure erase option that will not only erase the hard drive’s catalog files, which point to where individual files are stored on the drive, but will also overwrite the actual data on the hard drive with new information. Depending on the choices you make in the secure erase options, there may be a single data write pass, or up to 35 passes with various data patterns to ensure that all the original data is scrambled beyond recovery.

Note: There are two versions of Disk Utility commonly in use: OS X Yosemite and earlier, and OS X El Capitan and later. For the most part, the steps in the process are the same for both versions of Disk Utility. The only real difference is the look of the UI. As such, we won’t call out the exact differences, but be aware that what you see in the version of Disk Utility you’re using may not exactly match the images in this guide.

Warning: This process will absolutely remove the data that currently occupies the selected drive. If you need any of the information, make sure you have a backup before proceeding.

Launch Disk Utility, located at /Applications/Utilities/Disk Utility.

In Disk Utility’s sidebar, select a volume or a drive. Selecting a volume will only erase the individual volume or partition you selected. Selecting a drive will erase all volumes and partitions associated with the drive.

Select the Erase tab.

Pick a format type to use. Mac OS Extended (Journaled) is the format normally used with the Mac OS.

Enter a name. You can just leave this entry as is.

Click the Security Options button.

Use the slider to pick the secure erase option you wish to use:

Fastest: This is not a secure erase option and does not overwrite data. This is the default erase method that just erases the catalog entries.

Single Pass of Zeros: Erases the catalog entry plus writes a single pass of zeros to all locations.

3-Pass: This option erases the catalog entry and performs a 3-pass write to all data locations. The first two passes use random data; the third pass uses a known data pattern. This option meets the minimum DOE requirements for securely erasing a drive.

Most Secure: This secure erase option erases the catalog entry and performs a seven-pass write over all data locations. This method meets the DoD 5220.22 M standard for securely erasing magnetic media.

Note: OS X Snow Leopard and earlier also offered a 35-pass secure erase option that is quite excessive, and takes a very, very long time to perform.

Make your selection, and click OK.

Click the Erase button to start the secure erase.

(Selecting a drive will erase all volumes and partitions that were created on the drive.)

The time the secure erase will take is dependent on the secure erase option you selected. Selecting the Most Secure option can take a large amount of time, while the Single Pass of Zeros is quite a bit shorter. We recommend the Single Pass of Zeros for any drive that you’ll retain control of, such as in a Mac you’re giving to a family member. The 3-pass option is a better choice when you’ll no longer retain possession of the drive. The Most Secure option is appropriate if you need to meet the DoD requirements, but be prepared for a very long wait.

Secure Erase Startup Drive
If the drive you need to perform a secure erase on is your Mac’s startup drive, you’ll need to first boot from another drive with a Mac system installed, or from the Mac OS Recovery volume.

(Booting from the Recovery HD will allow you to erase your Mac’s startup drive.)

You can use the instructions in the Everything You Need to Know About OS X Recovery guide to boot from the Recovery HD. Once the Utilities window opens, select Disk Utility, and then follow the instructions above to perform a Secure Erase.

Securely Erasing an SSD or Fusion Drive
SSDs (Solid State Drives) have a vastly different structure than hard drives, and require a different method to securely erase the SSD without causing damage. Using the same secure erase techniques as those used for hard drives can be detrimental to an SSD, decreasing its operating lifetime because of the excessive number of writes involved.

Luckily, securely erasing an SSD is actually easier and faster. Using Disk Utility to perform a simple erase (no secure erase options selected) will result in an SSD that will prove very difficult to recover meaningful data from. Let’s examine why this is true.

(The internal architecture of SSDs makes for a simplified erase process that is also very secure.)

SSD Internal Architecture
Speaking in general terms, an SSD has very little in common with a hard drive, other than that they both store data long term. The architecture of an SSD is much more similar to RAM than a hard drive.

SSDs use a map that communicates the logical file location to the computer, but behind the scenes, the SSD may be moving data blocks around in an attempt to ensure all memory cells see the same usage, a process known as wear leveling. The point being that the computer never knows where the actual physical file is located on the SSD, only the logical location provided by the map. The upshot is that once the map has been erased, a computer or an app used to recover data has no way to know the physical location of a file, nor for that matter, anything about the physical structure of the SSD, making any type of recovery by pattern recognition an almost impossible task.

FileVault Can Add Another Level of Security
If you want to go the extra step in securing your data, you can use FileVault to encrypt the data in the SSD before you erase the drive. By using FileVault, all the data on the drive will be encrypted with a 128-bit AES encryption algorithm, and a 256-bit encryption key will be created that can be used to encrypt and decrypt the drive.

(For added peace of mind, you can use FileVault to scramble the data on your SSD before erasing it.)

Once you use FileVault to encrypt the drive, you can then erase the drive, which will also erase the encryption key, leaving a befuddling array of data scattered about the SSD with no key to decrypt it. What’s left on the SSD will be impossible to reconstruct without the benefit of a large government with very deep pockets, and a whole lot of time on their hands (brute force cracking of 128-bit AES is estimated to take one billion billion years).

Start by using the instructions in the Data Privacy Day: Keep Your Data Safe From Prying Eyes With FileVault guide to encrypt the SSD.

Once the encryption is complete, you can erase the SSD using Disk Utility and the normal erase option.

If you’re erasing your Mac’s startup drive, you’ll need to follow the instructions for booting into the Recovery HD volume, and then use Disk Utility to perform the erase.

Wrap Up
When you need to ensure your data is really gone:

  • Use the secure erase options in Disk Utility for hard drives.
  • Use the normal erase option for SSDs (with or without pre-seasoning with FileVault).
  • For those who want to go the extra mile, a sledgehammer may be a handy tool.

LEAVE A COMMENT


  • Disk Sanitation

    Is there an application to:

    1. Format the hard disk.
    2. Copy into it a large file (eg., movie) all required times until filled.
    3. Copy into it a smaller file (eg., 1 kb) all required times until filled. Now the disk has zero free space.
    4. Format again the hard disk

    That would be great to sanitize large hard disks overnight!!!

    Thanks.