Monday, May 19, 2008

Apple OSX - securely erasing disks

Its well known that thee are techniques that allow the retrieval of data from supposedly "erased" disks.

If you use OSX and you would like to make the recovery of data harder eg you are selling or giving away a computer and you wish to make sure that all your credit card, medical and bank data really is gone, you would use have Disk Utility because it has 2 security options to help you.

You should choose either 7-pass or 35-pass if you wish to securely erase a volume. The complete list is:
  • Don't Erase Data
  • Zero Out Data
  • 7-Pass Erase
  • 35-Pass Erase

With the "Don't Erase Data" option, only directory information is erased, the data itself is left unchanged on the disk. The data WILL be recoverable and for some time. As noted in Apple article, this option is the quickest, but least secure.

The "Zero Out Data" option writes zeros over all data on the disk. The article claims that "this option provides good data security in a minimum amount of time" but this is not really true. If the only thing that matters to you is time maybe this will suffice.

The "7-Pass Erase" option is the first fairly secure option which conforms to DoD 5220.22-M. Of course this will take longer than the first 2 options. DoD 5220.22-M actually calls for 3 passes, but Disk Utility performs seven.

The most secure is the "35-Pass Erase" option which as you would guess writes data 35 times, not just zeros but using the Gutmann algorithm, which means 35 different patterns are written to the disk.

No comments: