Skip navigation

Version Comparison: Secure erase data on a Solid State Drive?

Comparing: Revision 4 » Revision 5

The user tip body was too large to do a version comparison

 
 
Color Key: Addition Deletion Change
Revision 4   By ds store at 9 months, 3 weeks ago Revision 5   By ds store at 9 months, 3 weeks ago

Hello and welcome to my User Tip

 

 

Since Apple started introducing computers with Solid State Drives, some people have been asking how to securely erase data on them like they used to be able to do on hard drives.

 

One might go to Disk Utility only to find there is no secure erase options for SSD's or Fusion drives.

 

 

Well this is the fact, you can't securely erase them. Only the traditional (100%) hard drives (not "Fusion Drives" or "Hybrids") can be securely erased, nothing that has any flash memory.

 

 

The NSA approved method for data destruction on a SSD, flash drives, hybrids etc., is by grinding them into a fine powder.

 

The Department of Defense approved method for traditional hard drive secure erase is a 7x overpass of random data.

 

 

So before one goes placing sensitive data on their machines, they should research how to retain physical control over the SSD or flash memory/hybrid drives in the matter of data destruction, as now many Mac's, iPhones and iPads are sealed up and no user replaceable parts inside.

 

 

Apple advises using Filevault to encrypt a boot drive, however that's not really secure because Filevault stores it's keys in memory and software tricks have been used to get the keys, thus the encrypted deleted data (after being recovered off the SSD) can be decrypted and read. Also one has to give up the password for repairs to be done on the machine.


http://www.lostpassword.com/

 

 

In fact a nifty device from a company called Cellbrite that can read the storage off iPods, iPads and iPhones, even deleted data, even with password protection. Does this also extend to portable Macs? Likely will be in the near future yes.


http://www.cellebrite.com/

 

 

Ideally it's best NOT to place any data into these newer machines that you rather not share with anyone else, it's the sad fact.

 

 

 

 

 

SSD's and flash memory have limited write capability, unlike the unlimited writes of traditional hard drives (which can be scrubbed witha  7x overwrite to meet Department of Defense approval in data destruction).

 

However traditional hard drives are being phased out for the more shock resistant, non-bit rot suffering and faster SSD's instead of the traditional vulnerable spinning platters.

 

So because of this securely erasing SSD's would wear them out prematurely, and if under AppleCare or warranty would be a replacement cost to Apple that they rather not have to pay for, so Disk Utility will not secure erase these solid state drives.

 

Because of their limited write capability, SSD's have software called "wear leveling" or TRIM support, which always writes to the least used areas on the SSD.

 

Newer OS X versions of Lion, Mountain Lion and above have new file saving features like "Versions", saving files automatically. Also if a laptop, TimeMachine local backup files also on the boot drive itself are being saved in hidden files.

 

So even if you go and delete a file and manage to scrub the SSD by overwriting with random data, those hidden files still contain your unwanted data.

 

Therefore if you secure erase needs don't warrant total drive or machine destruction into a fine powder you may want to try my untested method below, however it's complex and time consuming, don't use often as it will prematurely wear out your SSD.

 

 

1: Copy off all wanted user data by selecting the known files themselves, not folders which can contain hidden data, to a regular external drive and disconnect.

 

Do not use TimeMachine or plan on only restoring from that as it also copies hidden files, databases etc., users accounts in a wholesale manner that can contain the unwanted data.

 

2: Hold command  r keys down (wired or built in keyboard) and boot into  RecoveryHD, select Disk Utility and then select your MacintoshHD partition.

 

3: Use Erase and erase the MacintoshHD partition, make sure it's formatted OS X extended journaled. OS X, files, accounts, programs etc., will be gone. This is unfortunately necessary to remove all the little hidden caches, log files, databases and files squirreled around on the partition.

 

4: Quit and reinstall OS X using your AppleID and password, you will need to be on a fast and reliable Internet connection.

 

5: Reboot and setup, do NOT restore from TimeMachine unless your positive it does not contain the unwanted data.

 

6: Return known and verified copies of users files from the external drive.

 

If you have problems getting files or they contain a red "no", then Finder > Get Info on the external drive and at the bottom "Ignore Permissions on this volume"

 

If need too you may have to later do a #6 Repair Users Permissions/ALC's so the ownership of those files turns over to the new account.

 

..Step by Step to fix your Mac

 

7: Now comes the fun part, you need to overwrite the remaining free space on the boot SSD.

 

Take a small file and Finder > Duplicate it inside a folder repeatedly until slightly more than 50% of your remaining boot SSD space is filled.

 

Then delete the folder, Finder > Empty Trash (so it's really gone) and use another small file in another new folder and do it again until it shows another 50%+ filled, then delete it. (Finder > Empty Trash)

 

Use Activity Monitor to see your drive results that it is being filled up, just make sure you don't fill it up 100% or bad things will occur and the machine might not boot up again.

 

With the TRIM/wear leveling and small files filling all the cracks, hopefully all the remaining free space of unwanted data will be overwritten, however don't bet your life on it.

 

I would like to repeat that I haven't tested this method and do NOT approve for anything super sensitive. I can't say for sure that your unwanted data will be gone, but it should work well enough for those who just want to keep nosey types out, selling the machine etc. Because eventually someone will sell software somewhere that will be able to bypass the file structure and direct read the sectors of a SSD to recover deleted data.

 

It's like hardware is now being made as not to obey users anymore.

 

http://hardware.slashdot.org/story/11/02/17/1911217/confidential-data-not-safe-o n-solid-state-disks

 

 

Good Luck and hope it works for you.

This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.