Q: Where is SECURE ERASE FREE SPACE in El Capitan Disk Utility ?

I have the same question.

I have discovered that you can perform the secure erase free space function from the terminal window using the diskutil secureErase freespace command, as described in the article below.

http://www.macworld.com/article/1139688/erasefreespace.html

I've read more than a few comments from people saying that running this utility creates a temp file to create the overwrite data to securely erase your free space, and that if your hard drive doesn't have enough free space to hold this temp file (someone said "More than half" of the hard drive should be free), you could end up with this situation where your computer locks up and bad things happen while running secureErase, so I'm sort of scared to try it. DEFINITELY back up your computer first if you are considering using this command.

Has anyone that reads this thread been able to successfully run this command? Any pitfalls to look out for so I don't brick my laptop?

I also have a stupid (related) question....when I perform "diskutil list" in the terminal window (so I can find the exact name of the drive for which I want to erase the free space), I have two "Macintosh HD" volumes listed....one is "Apple_CoreStorage" under /dev/disk0 (internal,physical), and the other is "Apple_HFS" under dev/disk1 (internal, virtual). I'm assuming this "Internal,virtual" drive has something to do with the fact that I enabled that FileVault encryption thing, so this is related to mounting the unencrypted drive (my guess)....but if I DO perform secureErase, I'm supposed to do it to the Apple_CoreStorage (physical) Macintosh HD, right? Not the Apple_HFS (virtual) one? Complete NOOB question, sorry.

This method is potentially disastrous for the integrity of your OS and not in the best interest for the casual user:

from the article:

Warning! It’s critically important that you include the freespace portion of that command. If you don’t, diskutil will happily start securely erasing the entire disk, instead of just the free space!

Instead of that possibility it may be safer to use the Delete Immediately option by selecting the file in the finder

then go to FILE while holding down the OPTION KEY

It can also be used for individual or multiple files in the trash by opening trash, selecting the file(s) and RMB or LMB+OPTION and selecting Delete Immediatly

Secure Delete has been eliminated from El Capitan as it adds unnecessary wear and tear on SSD drives.  It's been replace with the Delete Immediately option when Control (right) - clicking on the file or with the use of the Option+Command+Delete key combination on any selected file on the hard drive. You'll be presented with this warning:

It is also bad for SSD's, which many users now have, sometimes as a fusion drive and sometimes not.

How to securely delete files in OS X 10.11 ‘El Capitan’

How to securely delete files in OS X 10.11 ‘El Capitan’ (2)

MarcelloM1973 wrote:

 

This is different.. SECRUELY ERASE had different options including 7-pass erase. This means not only deleting but writen random data then 000 then random data etc.. many times up to government secure standards.

Except the security bulletin states it wasn't actually doing that reliably.

An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage.

So, I would suggest you encrypt your disk, which is reliable, and you won't have to waste time securely erasing the disk.

I just called AppleCare and this article explains how to do this (and it is working). Note you do NOT have to be in Recovery mode. Hope this helps.

http://www.macworld.com/article/1139688/erasefreespace.html

"wear and tear" -- really?

Isn't that something you typically hear from your auto mechanic? These aren't gaskets that wear out. This is writing binary data over binary data. There's no more wear and tear than any other heavy processing a computer might do. And it's an infrequently used feature anyway.

I'm not one for conspiracy theories, but it's not hard (and most unfortunate) to suspect that this is more likely the result of nudging from Washington D.C. and northern Virginia to make it more difficult for Americans to destroy data.

The feature was convenient to use, even though a little intimidating. Now it's far more intimidating as that article out. Triple-check to make sure that "freespace" is in the command.

First, you can use the Disk Utility to determine the device name of the disk, which is usually "disk1" before using Terminal.

iRaindrop wrote:

 

"wear and tear" -- really?

 

Isn't that something you typically hear from your auto mechanic? These aren't gaskets that wear out. This is writing binary data over binary data.

Except that:

1) With SSDs it isn't writing binary data over binary data -- that's the main reason the command was removed.

2) SSDs are composed of memory cells that do gradually wear out, loosing their ability to retain data. That's why they include wear leveling routines to extend their service lives.

Thanks R C-R, and Old Toad, I stand corrected. My apologies, and to Apple as well. I am suspect these days, given the headlines, when talking about security and everyday terms such as 'wear-and-tear' are used - as they seem to be convenient to placate the novices.

Below is my experience from running the command. I just did a 1 pass, but it took a LOT longer than when the feature was in Disk Utility. The error (69847) happened in Yosemite too (when I got my mac) so it looks like the same thing. Nevertheless, it worked as Wondershare's data recovery app found absolutely nothing.

<my>-MacBook-Pro:~ <me>$ diskutil secureErase freespace 1 /dev/disk1

Started erase on disk1 Macintosh HD

Creating a temporary file

Securely erasing a file

Creating a secondary temporary file

Mounting disk

Error: -69847: Couldn't create temporary file

Underlying error: 1: POSIX reports: Operation not permitted

<my>-MacBook-Pro:~ <me>$

But better than erasing free disk space is secure erase - which is also still available in Terminal, and explained in this article.

iRaindrop wrote:

I am suspect these days, given the headlines, when talking about security and everyday terms such as 'wear-and-tear' are used - as they seem to be convenient to placate the novices.

 

The irony of this is that Apple is in fact trying to discourage users from relying on "secure" erase options that are not really effective or reliable, thus making it much easier for those agencies the headlines scream about to recover data from users' drives if they rely on any of those methods, including command line tools like srm. That OS X daily article mentions but glosses over the fact that, as it says, the srm method is nothing more than equivalent to the now removed Disk Utility option. That means it is subject to exactly the same limitations!

The bottom line is even if one of these methods succeeds in overwriting the virtual storage location the storage device uses for the file (which is unlikely in the extreme for SSDs) the physical location of some or all of that files data could be different & inaccessible by the OS ... but not by agencies using advanced forensic tools & techniques.

Good info, RC-R. I would just add that there is a need for a "secure" erase for those who are not in the league as the folks who are trying to evade ultra advanced forensics. For example such data as NDA documents, code projects, financial stuff, pics you don't want the tabloids to get, etc, where a secure erase is sufficient to avoid most file recovery programs - but not trying to to beat the advanced electromagnetic forensics that only a lab can do. There is still value for the customer in that, even through it is not 100% secure.

iRaindrop wrote:

 

Good info, RC-R. I would just add that there is a need for a "secure" erase for those who are not in the league as the folks who are trying to evade ultra advanced forensics. For example such data as NDA documents, code projects, financial stuff, adult ****, etc, where a secure erase is sufficient to avoid most file recovery programs - but not trying to to beat the advanced electromagnetic forensics that only a lab can do. There is still value for the customer in that, even through it is not 100% secure.

Or, they can just encrypt their hard drive with FileVault.