Mac OS X v10.5 or later: About Disk Utility's erase free space feature

Summary

Disk Utility in Mac OS X v10.5 and later has the ability to securely erase the free space on a hard drive, to reduce the chances of deleted files being recoverable.

There are three erasure options that offer different levels of security:

Zero Out Deleted Files: This is the quickest free space erasure option, and provides good security. It writes zeros over the unused disk space (one pass).
7-Pass Erase of Deleted Files: This option provides better security and takes seven times longer than "Zero Out Deleted Files." It writes over the unused space in the disk seven times.
35-Pass Erase of Deleted Files: This option provides best security and takes thirty five times longer than "Zero Out Deleted Files." It writes over the unused space in the disk thirty five times.

Read below for more detailed and advanced information.

Products Affected

Mac OS X 10.5

"Zero Out Data" option

This writes zeros over all free space on the disk. This option provides good data security in a minimum amount of time.

"7-Pass Erase" option

Writes data over the free disk space seven times. This provides a highly secure erasure of disk data. A 7-Pass erase takes seven times longer than a Zero Out Data erase.

Advanced: The 7-Pass Erase option conforms to the DoD 5220.22-M specification. This specification calls for three passes, but Disk Utility performs seven. Click here for more details about the specification.

7 pass overwrite data (DoD 5220.22-M specification)
Pass	Data written
Pass	In binary notation	In hexadecimal notation
1	11110110	0xF6
2	00000000	0x00
3	11111111	0xFF
4	Random	Random
5	00000000	0x00
6	11111111	0xFF
7	Random	Random

"35-Pass Erase" option

This writes data over the entire disk thirty five times. This option provides highly effective security against the recovery of data. It takes 35 times longer to perform than the Zero Out option.

Advanced information: The 35-Pass erase option uses the Gutmann algorithm, which means 35 patterns are written to the disk to overwrite data. You can find out more about the Gutmann method here and here. In the chart below, RLL means Run Length Limited, and MFM means Modified Frequency Modulation.

35 pass overwrite data (Gutmann)
Pass	Data written		Encoding scheme targeted
Pass	In binary notation	In hexadecimal notation	Encoding scheme targeted
1	Random	Random
2	Random	Random
3	Random	Random
4	Random	Random
5	01010101 01010101 01010101	55 55 55	(1,7) RLL		MFM
6	10101010 10101010 10101010	AA AA AA	(1,7) RLL		MFM
7	10010010 01001001 00100100	92 49 24		(2,7) RLL	MFM
8	01001001 00100100 10010010	49 24 92		(2,7) RLL	MFM
9	00100100 10010010 01001001	24 92 49		(2,7) RLL	MFM
10	00000000 00000000 00000000	00 00 00	(1,7) RLL	(2,7) RLL
11	00010001 00010001 00010001	11 11 11	(1,7) RLL
12	00100010 00100010 00100010	22 22 22	(1,7) RLL
13	00110011 00110011 00110011	33 33 33	(1,7) RLL	(2,7) RLL
14	01000100 01000100 01000100	44 44 44	(1,7) RLL
15	01010101 01010101 01010101	55 55 55	(1,7) RLL		MFM
16	01100110 01100110 01100110	66 66 66	(1,7) RLL	(2,7) RLL
17	01110111 01110111 01110111	77 77 77	(1,7) RLL
18	10001000 10001000 10001000	88 88 88	(1,7) RLL
19	10011001 10011001 10011001	99 99 99	(1,7) RLL	(2,7) RLL
20	10101010 10101010 10101010	AA AA AA	(1,7) RLL		MFM
21	10111011 10111011 10111011	BB BB BB	(1,7) RLL
22	11001100 11001100 11001100	CC CC CC	(1,7) RLL	(2,7) RLL
23	11011101 11011101 11011101	DD DD DD	(1,7) RLL
24	11101110 11101110 11101110	EE EE EE	(1,7) RLL
25	11111111 11111111 11111111	FF FF FF	(1,7) RLL	(2,7) RLL
26	10010010 01001001 00100100	92 49 24		(2,7) RLL	MFM
27	01001001 00100100 10010010	49 24 92		(2,7) RLL	MFM
28	00100100 10010010 01001001	24 92 49		(2,7) RLL	MFM
29	01101101 10110110 11011011	6D B6 DB		(2,7) RLL
30	10110110 11011011 01101101	B6 DB 6D		(2,7) RLL
31	11011011 01101101 10110110	DB 6D B6		(2,7) RLL
32	Random	Random
33	Random	Random
34	Random	Random
35	Random	Random

Additional Information

If you are erasing the free space of your Mac OS X startup volume, you may see this message:

"Your startup disk is almost full.
You need to make more space available on your startup disk by deleting files."

This is a normal, temporary part of the erase free space process. Once the free space has been erased, the disk space is available again.

Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website. Please contact the vendor for additional information.

Rate this article: