There are other ways an attacker can obtain information that should be secret from your system, and Mac OS X is proactive in plugging these holes. Securely Erasing DisksDisk Utility and the diskutil command-line utility can erase either an entire volume or just the free (unused) space, with several different levels of security. Simply writing over the old data with zeros or random data might seem sufficient, but it can actually leave behind traces of magnetization from what used to be on the disk. These traces are very difficult to extract, but for security-critical data it's best to use a multipass erase to make sure all traces have been overwritten. Note Overwriting the disk takes time proportional to the number of times the disk is overwritten. If the disk is large and/or slow, it could take several hours per pass, so budget your time accordingly. Under Disk Utility's Erase tab, clicking the Security Options button gives you the options shown in the following figure.
More Info For additional information on the Gutmann algorithm, visit www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html. If you are using diskutil to erase a disk or volume, the following command-line options are available:
If you want to be doubly sure that all data has been erased, use the diskutil randomDisk or secureErase option, followed by the diskutil eraseDisk option, followed by the command sudo od /dev/disk4s7 You will change the number (in this case, 4) and the slice (in this case, 7) to reflect the appropriate device you want to erase. If the disk was zeroed successfully, the output should look something like this: localhost:~ george$ sudo od /dev/disk1 0000000 000000 000000 000000 000000 000000 000000 000000 000000 * 356000000 localhost:~ george$ After verifying that the volume is truly zeroed, you can use Disk Utility or diskutil to partition it and create volumes. Erasing Free SpaceErasing free space with either Disk Utility or diskutil is very similar to erasing an entire volume (although diskutil has fewer erasure options). Under Disk Utility's Erase tab, the Erase Free Space button enables you to overwrite free space with zeros, perform a 7-Pass Erase, or perform a 35-Pass Erase. These are directly analogous to the options for full erasure listed in the previous section.
With diskutil's secureErase option, adding the freespace option restricts the erasure to just free blocks: sudo diskutil secureErase freespace 1 diskname sudo diskutil secureErase freespace 2 diskname sudo diskutil secureErase freespace 3 diskname Note When using Disk Utility or diskutil, free space can be erased only from a mounted volume, not an entire disk. Using Secure Empty TrashWhen files are removed from a volume, either by taking out the Trash or by using the CLI rm command, the blocks on the volume are freed up for use by other files by unlinking the blocks. However, the content of those blocks is not modified, so potentially secret data may still be contained on the volume (and easily obtained by scouring the volume). To prevent this from happening, a secure version of rm, called srm, may be used to not only free up the blocks by unlinking, but also overwrite those blocks with either all 0s, using seven U.S. DoDcompliant passes, or with a single pass of random data. More Info See the man page for srm to see how to enable these different options. The Mac OS X Finder now has a GUI menu option called Secure Empty Trash, which uses srm to remove the Trash instead of using the default rm. To empty the Trash securely, choose Finder > Secure Empty Trash.
Using Encrypted Swap FileThe built-in virtual memory system on Mac OS X functions by swapping out currently unused RAM memory to a file on the boot volume called a swap file. So, at least temporarily, memory that would otherwise be inaccessible if it was in RAM is stored on the boot volume in a well-known place that could be easily copied and then analyzed. Passwords, financial data from an Excel spreadsheet, or anything that the OS decides to temporarily swap out of RAM and onto the boot volume can potentially be stored here. If you want this to happen in a secure way (it is not possible to disable virtual memory, and you really wouldn't want to), you can tell the operating system that you would like it to use an encrypted swap file. To do this, run System Preferences and navigate to the Security pane. Select the "Use secure virtual memory" box (if it is not already), and you will then have an encrypted swap file.
This may cause minor slowdowns in the swapping of virtual memory (since everything needs to be encrypted and decrypted now), so decide how important this is to you. If you want to make a backward check of your swap files, you can boot into single-user mode and erase all of those older swap files (they may not be cleared automatically after crashes) by using the srm command on the swap files: # srm /var/vm/swapfile* |