iMac Pro, iOS 11.3
Apple's built-in File Vault is as good as any other encryption software. There's no need to use a third party app to get the same result.
babowa's approach also works. Fill every bit of the drive with junk you don't care if anyone recovers, then erase the drive and reinstall the OS.
With an SSD, you only need to fill it once. First to explain the old reason for multiple fills, or using Secure Erase with a 7 pass overwrite. Here's part of an article explaining the process for attempting to retrieve overwritten data from some years back. Apologies to the author, I didn't save his name so as to give proper credit here.
Once the disk clusters that were occupied by a deleted file have been overwritten with new data, the file is gone forever. Or is it? In fact, the old data may still be present on the magnetic media, as a kind of wiggle in the waveforms that represent the data. Using intricate, high-tech equipment, technicians first copy the exact waveform recorded on an area of the disk, without translating the signal into bits and bytes. They then generate a perfect waveform representing the corresponding data bits, subtract the perfect waveform from the actual waveform, and amplify the differences. When successful, this process recovers the data previously stored in the specified area of the disk. Theoretically, you can even repeat the process, obtaining yet an earlier chunk of data. Physical limitations preclude more than seven repetitions of the recovery process. That doesn't mean you can recover seven layers of data, only that you can't recover more than seven. This level of recovery must be performed by experts, and is painstaking and expensive. In most cases, recreating the lost data from scratch is more cost-effective.
Note that doing this takes specialized equipment which costs thousands of dollars. There is no consumer level software you can buy that has even a slim chance of recovering data which has been written over even only once. So unless you have access to expensive hardware which can maybe, but successfully dig lower than seven passes of other data, your data is for all intents and purposes, gone. Seven passes is considered secure by the U.S. government for all but the most sensitive data. For that, they literally take a hatchet to the drive platters and break them apart. A 35 pass erase is extreme overkill that accomplishes literally only one thing - prematurely wearing out the drive.
None of this applies to an SSD. There is no magnetic material to work down through to try and rebuild overwritten data. Once a memory cell has been changed, that's it. Whatever was there previously is gone.
Apple's built-in File Vault is as good as any other encryption software. There's no need to use a third party app to get the same result.
babowa's approach also works. Fill every bit of the drive with junk you don't care if anyone recovers, then erase the drive and reinstall the OS.
With an SSD, you only need to fill it once. First to explain the old reason for multiple fills, or using Secure Erase with a 7 pass overwrite. Here's part of an article explaining the process for attempting to retrieve overwritten data from some years back. Apologies to the author, I didn't save his name so as to give proper credit here.
Once the disk clusters that were occupied by a deleted file have been overwritten with new data, the file is gone forever. Or is it? In fact, the old data may still be present on the magnetic media, as a kind of wiggle in the waveforms that represent the data. Using intricate, high-tech equipment, technicians first copy the exact waveform recorded on an area of the disk, without translating the signal into bits and bytes. They then generate a perfect waveform representing the corresponding data bits, subtract the perfect waveform from the actual waveform, and amplify the differences. When successful, this process recovers the data previously stored in the specified area of the disk. Theoretically, you can even repeat the process, obtaining yet an earlier chunk of data. Physical limitations preclude more than seven repetitions of the recovery process. That doesn't mean you can recover seven layers of data, only that you can't recover more than seven. This level of recovery must be performed by experts, and is painstaking and expensive. In most cases, recreating the lost data from scratch is more cost-effective.
Note that doing this takes specialized equipment which costs thousands of dollars. There is no consumer level software you can buy that has even a slim chance of recovering data which has been written over even only once. So unless you have access to expensive hardware which can maybe, but successfully dig lower than seven passes of other data, your data is for all intents and purposes, gone. Seven passes is considered secure by the U.S. government for all but the most sensitive data. For that, they literally take a hatchet to the drive platters and break them apart. A 35 pass erase is extreme overkill that accomplishes literally only one thing - prematurely wearing out the drive.
None of this applies to an SSD. There is no magnetic material to work down through to try and rebuild overwritten data. Once a memory cell has been changed, that's it. Whatever was there previously is gone.
"Bleaching" is a technology used by Norton. Norton products for Apple should be avoided like the plague. The closest AFAIK you can get to wiping the data off the drive is to boot into recovery mode, reformat the drive and reinstall the OS.
Outside of that the concept of "no data can be recovered" is not realistic. Data forensics is way past 0's and 1's.
Because of the way SSD drives operate, you cannot do either a simple erase, or an erase of the entire drive as you could with hard drives.
There is only one way to secure as SSD, other than physically destroying it. Encrypt the drive, then erase it. When you erase the drive, you wipe out the key, making it literally impossible to recover anything. The encrypted data is still technically there, but you no longer have a way to decrypt it.
That is along the lines of what I was thinking also. Do you think that the built-in FileVault (accessed from System Preferences: Security & Privacy) is good enough, or did you have some other third-party whole-disk-encryption for Mac software in mind?
Thanks for the fast and detailed response. I thought as much but in todays environment, one cannot be to careful with their data.
Again... thanks.
When I sold my MBP with an SSD (before I realized that I could encrypt it), I erased in internet recovery, then installed the OS, filled up the drive with large non-private videos, erased it, started over, and did that whole process three times. I figured that would do it.
Bleaching a SSD drive
