Apple has made a number of changes to disk utility in OS X El Capitan. One of these changes is you can no longer securely erase your disk. I ran into this problem recently when I was selling my Macbook Pro Retina. Happily, you can still securely erase your hard disk using Terminal commands. This is a guide as to how to sell your Mac and securely erase your hard disk so you know the next owner cannot access your data.

Pro Tip - FireFault

If you would like to make your data harder to recover, I'd enable Firefault under system preferences. This encrypts the data before you'll be erasing, making your data more difficult to recover.

Booting into Recovery

To start, boot your Mac into recovery. To do this, hold the Command + R + Power keys. Next, Press Utilities in the upper toolbar and then click Terminal.

Why Secure Erase?

There is one option you need to know when securely wiping your drive, and that is how many times for the computer to write over the disk with data. When you erase your drive but don't do it securely (for instance by using Disk Utility), you are essentially tearing the table of contents out of a book. All the information is still there, but it cannot easily be found. Any knowledgeable person can recover the data using specialised software, that simply looks at the entire drive for data and bypasses the table of contents. We can fix this by writing over the data, hence the existing data no longer exists and cannot be recovered. This is particularly useful when selling your Mac, as you don't want the next owner of your computer to be able to access your data! Here are the terminal commands you need to know and what they do:

Terminal Code Commands & Explanations

Overwrite disk with 0's:

diskutil secureErase 1 /dev/disk0

Overwrite disk with random 0's and 1's:

diskutil secureErase 2 /dev/disk0

Overwrite disk with random 0's and 1's 7 times:

diskutil secureErase 3 /dev/disk0

Overwrite disk with random 0's and 1's 35 times:

diskutil secureErase 4 /dev/disk0

Overwrite disk with random 0's and 1's 35 times using a different algorithm:

diskutil secureErase 5 /dev/disk0

 

disk0 refers to the disk you are formatting. Most of the time this will be disk0. If you run into issues however, you can go to disk utility from recovery, select your main hard disk and press info. Here, you can find your drives designation (disk#). Note erasing the drive will not erase the recovery partition you are currently accessing. The reason why it overwrites the disk with either zeros or ones is computers operate using binary code (zeros or ones).

The thing that makes these commands different is the numbers listed after "secureErase" (yes, Terminal is case sensitive). The number determines the level of overwriting (the more overwrites, the harder to recover, and the longer it takes to erase). I generally would do 1 or 2, a whole disk overwrite with either random numbers or just zeros. Keep in mind if your Mac has an SSD, writing huge amounts of data to the disk may decrease its lifespan.

Once done, your disk will be "uninitialised." Erase the drive in disk utility, and that will partition the drive to install OS X onto.

Hope this helps you sell your Mac! Don't forget the FireFault encryption tip!

Update: Apple also has taken RAID functionality out of Disk Utility as of OS X El Capitan. Additionally, you can't side load the old, superior version of disk utility from a previous version of OS X. 

This guide was a part of my Ultimate Information Security & Privacy Guide. Be sure to check out any related content:

Comment