How to Secure Erase Free Space on Mac Drives with OS X El Capitan
Many Mac users running a modern version of OS X El Capitan have noticed the Secure Erase Free Space feature has gone missing from Disk Utility. What the “Erase Free Space” feature did (and still does in prior versions of Mac OS X) was overwrite the free space on a drive to prevent file recovery, adding a layer of security and privacy to file removal, much in the way that Secure Empty Trash performed a similar function of overwriting data after removal.
For those wondering, these features were removed from the modern version of Disk Utility in Mac OS X because they do not work on SSD volumes, which are becoming more commonplace and nearly all Mac laptops ship with them by default now. But not everyone has an SSD drive, and thus some users may still wish to perform a secure erase of free space on their Mac hard disk. To achieve the same secure erase in modern versions of Mac OS X you’ll need to turn to the command line. And yes, this works to erase free space on older versions of Mac OS X too, but since they can do the same task with Disk Utility it’s perhaps a bit less relevant to the prior releases.
This is for advanced Mac users only who are comfortable with backing up their Mac, using the command line with exact syntax, and the concepts behind permanently removing data. To be perfectly clear, this secure erases only the free space on a drive, aimed at preventing file recovery efforts, it does not perform a secure erase of the entire hard drive as described here.
How to Secure Erase Free Space on Mac OS X El Capitan Drives via Command Line, Without Disk Utility
Back up your Mac before attempting to use these commands. The command line requires precise syntax and is unforgiving, improper commands could lead to the unintended removal of data you do not want to delete, permanently, as this is a secure erase function. You have been warned, so backup your Mac data first, then proceed at your own risk.
To get started, launch the Terminal (found in /Applications/Utilities/) and use the following general syntax, replacing level and drive name as appropriate:
diskutil secureErase freespace (level 0-4) /Volumes/(Drive Name)
(level 0-4) is a number indicating the number of passes to write to the free space, ‘freespace’ indicates you are erasing only the free space and not the entire drive itself – a critically important difference – and (Drive Name) is self explanatory. Users can also choose the disk identifier if desired. If you aren’t sure of the name of the drive, using diskutil list will show you all mounted drives and partitions. If the drive in question has a space in the name, you should place it in quotes or escape it with backslashes.
For example, to perform a secure erase with 35 passes on free space on a drive named “Macintosh HD” you could use the following command string:
diskutil secureErase freespace 3 "/Volumes/Macintosh HD"
Hitting return will instantly begin the secure erase of any free space. This is irreversible, so as we’ve mentioned a dozen times already, be sure the syntax is exact.
The manual page entry on diskutil offers the following details on the secure erase feature, detailing the level of writing over free space.
secureErase [freespace] level device
Erase, using a secure method, either a whole-disk (including
any and all partitions), or, only the free space (not in use
for files) on a currently-mounted volume. Erasing a whole-
disk will leave it useless until it is partitioned again.
Erasing freespace on a volume will leave it exactly as it was
from an end-user perspective, with the exception that it will
not be possible to recover deleted files or data using utility
software. If you need to erase all contents of a partition
but not its hosting whole-disk, use the zeroDisk or randomDisk
verbs. Ownership of the affected disk is required.Level should be one of the following:
o 0 – Single-pass zero-fill erase.
o 1 – Single-pass random-fill erase.
o 2 – US DoD 7-pass secure erase.
o 3 – Gutmann algorithm 35-pass secure erase.
o 4 – US DoE algorithm 3-pass secure erase.
That’s all there is to it, and this is how you can continue to erase free disk space on a Mac running OS X El Capitan or later with the newly limited Disk Utility. Another option is to use an old version of Disk Utility in modern versions of Mac OS X, either from a boot drive or recovery mode, of an older Mac OS release, or with the application itself, but that is generally not recommended.
And yes, this works on both standard hard disk drives with spinning platters, and modern SSD disks, though with an SSD drive the feature is less relevant as TRIM / garbage collection should handle the file removal on it’s own. For SSD volumes, a better option is to enable and use FileVault disk encryption on the Mac, which encrypts data on the drive making it unrecoverable without the FileVault key, thus obviating the need to securely erase free space on the volume.
Know of any other helpful secure data removal tips or tricks, or another way to securely erase your free disk space in modern versions of Mac OS X? Let us know in the comments.
I am seeing some disinformation about C4 here. Just kidding that data is correct.
First, the article is wrong. It says secure erase “does not work on SSDs”. All you are doing is writing zeros here where file contents used to be. If you can’t do that, the drive actually isn’t working. Secure erase is still needed.
Second, most formats DO not do this. Formatting in most cases simply resets the pointers to the data. It does not erase the data. And if you are just trying to remove the deleted data, obviously you CANT format your drive because it’s in use! LOL.
Finally, Encrypting the data similarly DOES NOT WORK. Yes if you remove the encryption key you can’t get access to the data. HOWEVER, with Filevault 2 there is ONLY ONE ENCRYPTION KEY FOR THE WHOLE DRIVE. If you remove that… Goodbye to ALL your data. We are just trying to erase the DELETED data!
What I would agree is UNHEALTHY for SSDs: Writing many times to the same area. This would just kill the drive sooner. Instead, write zeros (or whatever) a single time. That is really enough to remove the data from the deleted space.
I just hope the command line works for SSD and apple hasn’t somehow disabled that.
Drive Genius offers a safe and reliable way to do this as well.
I get the same error using the terminal commands listed here. Says it can not set up temporary file. Does anyone know how to get past this problem ?
I just completed this on both iMac and MBP (running OSx 10.12.4 beta) but I used slightly different terminal command with no quotes as follows:
diskutil secureErase freespace 3 /
Both had avail sotorage > 400gb and only the imac threw a warning about storage possibly filling so just deleted some stuff.
All good.
Yes… receiving this error too. Does that mean it didn’t work?
Creating a secondary temporary file
Mounting disk
Error: -69847: Couldn’t create temporary file
Underlying error: 1: POSIX reports: Operation not permitted
I have tried this several times on two different macs and it fails every time. I first get a “Low Disk Space” message saying the system is running low on swap space. The I get another message saying “Your startup disk is full.” Then on the terminal screen itself I get “Error -69847: Couldn’t create temporary file. Underlying error: 1: POSIX reports: Operation not permitted.” I have nearly 400GB of free space and I am logged in as the system admin. What gives?
“though with an SSD drive the feature is less relevant as TRIM / garbage collection should handle the file removal on it’s own.”
It’s still relevant to SSDs because by default Apple disables TRIM on 3rd party SSDs.
To those who have an HDD Mac and are using El Capitan, simply install Snow Leopard 10.6.3 to zero out the hard drive as many times as you like (as in thousands of times with no damage to the HDD.) Then simply reinstall El Capitan. It really is that simple. If you have a SSD Mac, you will never be able to completely zero it out — plus you will wear out the SSD trying to do so.
Just send it to the guy from the hydraulic press channel on YouTube. He’ll take care of it.
Considering that FileVault leaves the mac a little bit freezing, this secure erase free space option is way better than any other for basic users.
“If you’re using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do.”
— Peter Gutmann, Secure Deletion of Data from Magnetic and Solid-State Memory, Epilogue.
I have an older version of Disk Utility from OS X 10.10 (renamed Disk Utility Yosemite) next to the current one and use that one for everything that the current version cannot do anymore.
You can run the 10.10 Disk Utility with El Cap?
Yes you can run Disk Utility from Yose in El Cap, but it is not recommended. Fairly technical process to get it set up:
https://justus.berlin/2015/10/restore-old-disk-utility-in-os-x-el-capitan/
If you care about security, why not just use filevault2 and not worry about secure erase?
Intel processors and OS X have been supporting hardware based encryption since 2011. If you have a system older than that, you’re likely not reading OSXDaily.
I take about 5 pounds of C4 and place it under the Mac. After it go boom, I don’t worry about it anymore. I get rid of the entire machine and not just the HD.
I just did this to a 6 month old Mac Pro we used in our office for a short time, then decided we no longer needed it.
Very useful, thank you.
I do zero out the drive when I resell any Mac, SSD or HDD. I usually do the 35-pass DoD method. It’s mostly so that I do not have to worry about a future owner accidentally turning up some private files or financial data, since many of us do online banking and so forth. We do this at work too for machines that are going to leave the office, since corporate and customer data is on the drives.
I use Filevault and do not zero out the free space, as I do the full erase instead, but I can see how this would benefit some Macs out there.
Important IT considerations, all of them. Good information as always.
Overwriting sectors on SSD drives is NOT a good idea.
There’s quite a lot of forensic documentation showing that SSDs are basically built to permanently wipe deleted files just by being powered up (to the chagrin of law enforcement agencies).
So, when you reset an SSD, stick to formatting it.
Your NAND (whose lifetime read/writes are numbered) and the buyer will thank you.
I think the “35-pass DoD method” was meant to be used with magnetic core store. It seems excessive for a hard drive and probably unnecessary altogether for a SSD.
I usually take old HDs and scrape the living hell out of it with a screwdriver. A lot more fun, and you get free magnets.