How to Secure Erase Free Space on Mac Drives with OS X El Capitan
Many Mac users running a modern version of OS X El Capitan have noticed the Secure Erase Free Space feature has gone missing from Disk Utility. What the “Erase Free Space” feature did (and still does in prior versions of Mac OS X) was overwrite the free space on a drive to prevent file recovery, adding a layer of security and privacy to file removal, much in the way that Secure Empty Trash performed a similar function of overwriting data after removal.
For those wondering, these features were removed from the modern version of Disk Utility in Mac OS X because they do not work on SSD volumes, which are becoming more commonplace and nearly all Mac laptops ship with them by default now. But not everyone has an SSD drive, and thus some users may still wish to perform a secure erase of free space on their Mac hard disk. To achieve the same secure erase in modern versions of Mac OS X you’ll need to turn to the command line. And yes, this works to erase free space on older versions of Mac OS X too, but since they can do the same task with Disk Utility it’s perhaps a bit less relevant to the prior releases.
This is for advanced Mac users only who are comfortable with backing up their Mac, using the command line with exact syntax, and the concepts behind permanently removing data. To be perfectly clear, this secure erases only the free space on a drive, aimed at preventing file recovery efforts, it does not perform a secure erase of the entire hard drive as described here.
How to Secure Erase Free Space on Mac OS X El Capitan Drives via Command Line, Without Disk Utility
Back up your Mac before attempting to use these commands. The command line requires precise syntax and is unforgiving, improper commands could lead to the unintended removal of data you do not want to delete, permanently, as this is a secure erase function. You have been warned, so backup your Mac data first, then proceed at your own risk.
To get started, launch the Terminal (found in /Applications/Utilities/) and use the following general syntax, replacing level and drive name as appropriate:
diskutil secureErase freespace (level 0-4) /Volumes/(Drive Name)
(level 0-4) is a number indicating the number of passes to write to the free space, ‘freespace’ indicates you are erasing only the free space and not the entire drive itself – a critically important difference – and (Drive Name) is self explanatory. Users can also choose the disk identifier if desired. If you aren’t sure of the name of the drive, using diskutil list will show you all mounted drives and partitions. If the drive in question has a space in the name, you should place it in quotes or escape it with backslashes.
For example, to perform a secure erase with 35 passes on free space on a drive named “Macintosh HD” you could use the following command string:
diskutil secureErase freespace 3 "/Volumes/Macintosh HD"
Hitting return will instantly begin the secure erase of any free space. This is irreversible, so as we’ve mentioned a dozen times already, be sure the syntax is exact.
The manual page entry on diskutil offers the following details on the secure erase feature, detailing the level of writing over free space.
secureErase [freespace] level device
Erase, using a secure method, either a whole-disk (including
any and all partitions), or, only the free space (not in use
for files) on a currently-mounted volume. Erasing a whole-
disk will leave it useless until it is partitioned again.
Erasing freespace on a volume will leave it exactly as it was
from an end-user perspective, with the exception that it will
not be possible to recover deleted files or data using utility
software. If you need to erase all contents of a partition
but not its hosting whole-disk, use the zeroDisk or randomDisk
verbs. Ownership of the affected disk is required.
Level should be one of the following:
o 0 – Single-pass zero-fill erase.
o 1 – Single-pass random-fill erase.
o 2 – US DoD 7-pass secure erase.
o 3 – Gutmann algorithm 35-pass secure erase.
o 4 – US DoE algorithm 3-pass secure erase.
That’s all there is to it, and this is how you can continue to erase free disk space on a Mac running OS X El Capitan or later with the newly limited Disk Utility. Another option is to use an old version of Disk Utility in modern versions of Mac OS X, either from a boot drive or recovery mode, of an older Mac OS release, or with the application itself, but that is generally not recommended.
And yes, this works on both standard hard disk drives with spinning platters, and modern SSD disks, though with an SSD drive the feature is less relevant as TRIM / garbage collection should handle the file removal on it’s own. For SSD volumes, a better option is to enable and use FileVault disk encryption on the Mac, which encrypts data on the drive making it unrecoverable without the FileVault key, thus obviating the need to securely erase free space on the volume.
Know of any other helpful secure data removal tips or tricks, or another way to securely erase your free disk space in modern versions of Mac OS X? Let us know in the comments.