This should, for example, include all your keychains and any other account information. All other private data which you don’t want others to see.
You need to be confident that these are completely destroyed, but can choose how to do that yourself. Private files which would potentially have serious consequences to you and others, but are not covered by data protection legislation.This may well involve physical destruction, and you will need appropriate certificates to demonstrate that whatever you have done is within those legal requirements. Here you must follow best practice as laid down by your national data protection authority. Any legally-protected information, covered by national data protection law.In most cases, the storage or computer must be returned to security experts, who will almost certainly send it for secure destruction. Don’t go it alone, but get proper security advice. If you ever handle any of these, you will be subject to national legal requirements and must follow those. Files which have national security content.Governments and large organisations use security classification systems, and you should think in similar terms: If it’s going for recycling, the issue is quite different: I will consider that in a future article here.īefore you even think about how to clean these files up, you must know what they contain, and what risk they would pose if someone else were to be able to view them. On the far right, you’ll see an IDENTIFIER column that column contains the identifier that diskutil needs.The most common reason for wanting to clean up sensitive files on internal or external storage is when you’re going to sell or give your Mac (or drive) away. Just use diskutil list to see a list of all drives and partitions.
Consider using APFS encryption (FileVault).īut how do you figure out what to list for device, which is the disk (or partition) that has the free space you’re trying to securely erase? diskutil can provide that information, too. Strongly-encrypted data can be instantly "erased" by destroying (or losing) the key (password), because this renders your data irretrievable in practical terms. The modern solution for quickly and securely erasing your data is encryption.
Modern devices have wear-leveling, block-sparing, and possibly-persistent cache hardware, which cannot be completely erased by these commands. NOTE: This kind of secure erase is no longer considered safe.
O 4 - Three-pass erase, consisting of two random fills plus a final zero fill. O 2 - Seven-pass erase, consisting of zero fills and all-ones fills plus a final random fill. Ownership of the affected disk is required. If you need to erase all contents of a partition but not its hosting whole-disk, use the zeroDisk or randomDisk verbs. Erasing freespace on a volume will leave your files intact, indeed, from an end-user perspective, it will appear unchanged, with the exception that it will have attempted to make it impossible to recover deleted files. Secure erasing makes it harder to recover data using "file recovery" software.Įrasing a whole-disk will leave it useless until it is partitioned again. Within the man pages, you’ll find the explanation for how to securely erase a disk’s free space using diskutil: secureErase level deviceĮrase, using a "secure" (but see the NOTE below) method, either a whole-disk (including all of its partitions if partitioned), or, only the free space (not in use for files) on a currently-mounted volume. To find out about diskutil in detail, type man diskutil at the Terminal prompt.