Securely wipe disk drives

• Overview
• Use DBAN
• Use macOS

---

Overview

When erasing sensitive data, always make sure that the data cannot be recovered. A few ways to do this include Darik's Boot and Nuke (DBAN), or various options within macOS.

Use DBAN

To securely wipe a disk drive using DBAN:

1. Download DBAN.
2. Use DBAN to create a bootable DBAN CD, and then boot your computer using this CD.
3. At the boot: prompt, press Enter to start DBAN in interactive mode.
4. Press M (Method). On the "Wipe Method" screen, use the arrow keys to navigate to your preferred wiping method (for example, Quick Erase [one pass], DoD Short [three passes], or DoD 5220.22-M [seven passes]). Press the Spacebar to save your selection and return to the Disks and Partitions menu.
5. If only one disk is present in your computer, select the top option that appears in the Disks and Partitions menu, and then press the Spacebar. The selection box will display "[wipe]" to indicate what will be securely erased:
   • If you see "[****]", the section of the disk you selected will also be wiped.
   • If you see "[----]", you have already selected a section of the disk for wiping. Uncheck your selection and instead wipe the entire disk.
6. Press the F10 key to begin the secure erase process. As soon as you press F10, data erasure will begin.

The "Statistics" box at the top right will display an estimate of the time remaining on the disk wiping process.

Use macOS

Due to the prevalence of solid-state drives (SSDs), Apple has removed many of the tools previously provided to securely erase data from hard disk drives (HDDs). The best method to use for any SSD is full-disk encryption; FileVault is Apple's full-disk encryption.

macOS has retained the following built-in options for securely removing data:

• For whole file systems, use the Disk Utility, which can be found in any of the following places:
  • In the Applications/Utilities/ folder on your hard drive
  • In the Recovery HD partition

  In Disk Utility, choose the file system you want to wipe, and then select the Erase tab. If you have a hard disk drive, select Security Options to choose the security level of the erasure. If a solid-state drive is detected, Security Options may not be available for selection.

• For individual files, use rm -P from the command line. This overwrites files three times before deleting them. Because of the way solid-state drives work, this method may only be effective on traditional hard disk drives.