9

I would like to sell my Macbook Pro, but I want to make sure that there is no way to retrieve the deleted data from my SSD.

Is there a way to completely delete all files on a hard drive so that even a forensic expert cannot recover anything?

Steve Chambers
  • 22,915
Lory
  • 203
  • 1
    What model of storage controller and storage is in your MacBook Pro? What amount of time and budget does the forensic expert posess for your threat model? I ask because there are three different hardware setups and the answer depends heavily on the age of your gear. – bmike Nov 02 '20 at 23:59

3 Answers3

10

You don't need to.

Once you erase an SSD on a Mac, it's unrecoverable even from a forensics standpoint. This is because of the type of TRIM command that the hardware (SATA controller on the logic board and the SSD) issues. Basically, if you were to stop an erase mid-process you theoretically could take it to a lab or the manufacturer to recover data. So, it's not impossible but highly, highly improbable recovery is possible. I've previously written about this topic:

Further, Micron Technologies, has a whitepaper that details how NAND FLASH SSDs handle the secure (sanitized) erase:

This is not an overwrite. It is a true erase of the media. Each targeted storage element is raised to an erase voltage (significantly higher than the standard program voltage), then that signal is dropped to ground, leaving no trace of the previous signal. After this, the storage element is now in a state where it is ready to be programmed with new data from the host computer. In fact, once complete, the drive as a unit is now in a performance state that we know as “Fresh-out-of-Box,” or FOB. Physically, each cell would be read back as a 1, however, as a practical matter, the drive sees “empty” cells, and interprets these cells as logical 0, meeting the requirement of SECURITY ERASE UNIT. That is, the entire user space is filled with 0s.

If you want to be even more certain, turn on File Vault (Apple recommends this) when you reset it. Then disable it (for the next user).

Allan
  • 101,432
  • hi thanks Allan. but I have a question. from your words, Once you erase an SSD on a Mac, <-- what does it mean exactly? you mean re-format ssd disk entirely or just deleting the specific one file? – noun lace Mar 30 '21 at 11:07
  • Once you erase an SSD on a Mac, <-- you mean deleting a file in SSD or deleting swipe SSD entirely? which case? – noun lace Mar 30 '21 at 13:13
  • Far from all SSDs implement the TRIM command (either correctly or at all), at least going by the official documentation and some reports. And even if/when they do, a regular rm operation won’t usually issue a TRIM command to the SSD controller on macOS as far as I can tell. – Konrad Rudolph Jan 31 '22 at 18:08
  • Is there a tool that can ensure that delete files and emptied BIN cannot be recovered in any manner? – Riccardo Feb 13 '23 at 11:29
  • 1
    @Riccardo, use FileVault encryption from the beginning then if you erase, it’s guaranteed to be gone. – Allan Feb 13 '23 at 13:46
  • Thanks......... – Riccardo Feb 13 '23 at 17:25
  • Hi @Allan, what would be the case when SSD is not Apple provided, but is a SATA? – Noz_Char Mar 06 '23 at 17:05
  • @Noz_Char- Apple doesn’t make SSDs nor the controllers for SATA or NVME. They are OEM’d from another manufacturer. It’s the controller on the SSD and the logic board that support These protocols are industry standard. – Allan Mar 06 '23 at 17:15
3

Because you have a SSD installed in your MBP, you cannot use the 'secure erase', nor the 'erase free space' options in Disk Utility. It is better to boot your MBP into macOS Recovery while your SSD is protected with FileVault, then wipe the drive and reinstall macOS.

From this post at Backblaze are instructions on how you can also use Terminal commands whilst in macOS Recovery to do the secure erase you're looking for:

Securely Erasing Free Space on Your SSD

If you don’t want to take Apple’s word for it, if you’re not using FileVault, or if you just want to, there is a way to securely erase free space on your SSD. It’s a little more involved but it works.

Before we get into the nitty-gritty, let me state for the record that this really isn’t necessary to do, which is why Apple’s made it so hard to do. But if you’re set on it, you’ll need to use Apple’s Terminal app. Terminal provides you with command line interface access to the OS X operating system. Terminal lives in the Utilities folder, but you can access Terminal from the Mac’s Recovery System, as well. Once your Mac has booted into the Recovery partition, click the Utilities menu and select Terminal to launch it.

From a Terminal command line, type:

diskutil secureErase freespace VALUE /Volumes/DRIVE

That tells your Mac to securely erase the free space on your SSD. You’ll need to change VALUE to a number between 0 and 4. 0 is a single-pass run of zeroes; 1 is a single-pass run of random numbers; 2 is a 7-pass erase; 3 is a 35-pass erase; and 4 is a 3-pass erase. DRIVE should be changed to the name of your hard drive. To run a 7-pass erase of your SSD drive in “JohnB-Macbook”, you would enter the following:

diskutil secureErase freespace 2 /Volumes/JohnB-Macbook

And remember, if you used a space in the name of your Mac’s hard drive, you need to insert a leading backslash before the space. For example, to run a 35-pass erase on a hard drive called “Macintosh HD” you enter the following:

diskutil secureErase freespace 3 /Volumes/Macintosh\ HD

Something to remember is that the more extensive the erase procedure, the longer it will take.

IconDaemon
  • 19,234
  • I will leave my answer, but this is a great correction about SSDs secure erase. +1 – X_841 Nov 03 '20 at 13:46
  • Unfortunately the linked article — and hence this answer, beyond the first paragraph — is completely wrong: diskutil secureErase freespace doesn’t work for SSDs, full stop. I don’t know what it would end up doing, but it sure as hell won’t erase empty blocks on the SSD. It’s pure snake oil for SSDs. It only works reliably for HDDs, and even on HDDs, only option values 0 and 1 make any sense whatsoever. Values 2–4 are unscientific security hocus-pocus. – Konrad Rudolph Oct 08 '21 at 11:02
  • @KonradRudolph - Please give us some citations, or links, which back up your assertions. I'd love to correct my answer for all to read. – IconDaemon Oct 08 '21 at 11:32
  • @IconDaemon man diskutil says as much, but it’s also just a basic property of how SSDs work, and there’s a lot of discussion of that fact on this site. – Konrad Rudolph Oct 08 '21 at 11:42
2

Yes

You can boot into the recovery mode and then erase your hard drive. By turning on security options when erasing the drive, it will overwrite the drive completely multiple times, which will make it nearly impossible to read any data again.

There is a good guide about how to prepare your Mac before selling it, which can be found here. Only thing to add is to enable security options when deleting - as mentioned by the answer from @IconDaemon this is not possible on SSDs. Even the Apple support page has a clear guide on what to do.

Note: It took me one search with the keywords erase mac hard drive for sale to find this article at the top.

X_841
  • 3,386
  • This answer is not correct for SSDs. As the original question is about SSDs, a hard-drive-specific answer is out of context here. – Alger Jan 30 '23 at 23:33
  • True, but if I remember correctly, the question was edited after I gave my initial answer. Also I clearly state that this only applies for HDDs – X_841 Jan 31 '23 at 07:21