8

So I know how to secure delete files. But at our company, we have a laptop which had many important documents, which now have been deleted, but not in a secure way.

We can't perform a full format of the disk since it would be a complex task to restore everything again. I would like to ask if there's a way to do a "secure clean" of the remaining free space, so those documents couldn't be recovered anymore.

System that is being used is Mac OS X.

AviD
  • 72,138
  • 22
  • 136
  • 218
John
  • 81
  • 1

3 Answers3

7

See How can files be deleted in a HIPAA-compliant way?

For OS X, the system includes a way to wipe all free space in the Disk Utility program, but that does not take care of slack space (the space between the end of a file and the end of its block). BCWipe can take care of slack space.

HFS+ reserves chains of filesystem space before writes in order to speed up writing. Space may be reserved and then later freed, resulting in free space containing data after a wipe.

Cache files, preloads and memory paged to disk may also result in unexpected disclosures. If you really feel it's still worth approaching, How to wipe file slack on OS X has some tips.

Community
  • 1
Jeff Ferland
  • 38,090
  • 9
  • 93
  • 171
6

You could create big files until the disk is full. Something like this:

dd if=/dev/zero bs=8192 of=junkfile
# ... wait for the disk to fill up, at which point this command exits
sync
rm junkfile

The sync command makes sure that all the zeros in the new file make it to the disk. Then, the rm gives you back your disk space. You should run these commands as root (use sudo) because the OS reserves some space which only root can fill.

Such a method does not completely guarantee that the deleted files have been utterly destroyed, but at least they will not be recoverable at the logical level (it will thwart attackers as well as a "full format", so that's not bad).

Of course, since laptops can be stolen or simply dropped on the floor at inopportune times, I sincerely hope that you do have backups and could "restore everything" in such a situation.

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
3

I know you say it would be complex to restore the laptop, but the most reliable and secure method is to back up the files you want to keep, securely erase the entire hard drive (using ATA Secure Erase or DBAN), re-install the OS, and restore from backup the files you want to keep.

D.W.
  • 98,420
  • 30
  • 267
  • 572
  • 1
    While you're doing this, it may also be a good idea to set up full-disk encryption. There are many attacks that FDE doesn't protect against at all, but it makes getting at data-at-rest considerably more difficult. – user Nov 27 '15 at 18:46