El Capitan Disk Utility How to Format External Hard Drive with Secure Options?

Hey EE world, looking for a little help.  It looks like the new version of Disk Utility that installs with El Capitan no longer gives me the erase options for number of passes written to the drive during erase.  Any third party software that will serve the same function? Looking to do at least 3 passes on overwrite.  Thanks in advance for the suggestions!
LVL 2
bta-guyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sean JacksonInformation Security AnalystCommented:
DBAN (Darik's Boot And Nuke) is the tool I use. You can do one, three, or seven passes. It is compliant with DOD standards.

http://www.dban.org/
bta-guyAuthor Commented:
Thanks Sean,

I have used DBAN before, it works great, but I am looking for something that can run in my life OS X session rather than having to boot to a disk.  Any other thoughts? It was certainly easier when Disk Utility did this function.
Sean JacksonInformation Security AnalystCommented:
I see. I don't wipe drives directly from my mac. I have a box that I regularly switch hard drives out of, and just do it all there. I am want to take and move my mac more frequently than would support wiping of a 2TB drive with three passes.
SolarWinds® IP Control Bundle (IPCB)

Combines SolarWinds IP Address Manager and User Device Tracker to help detect IP conflicts, quickly identify affected systems, and help your team take near instantaneous action. Help improve visibility and enhance reliability with SolarWinds IP Control Bundle.

strungCommented:
Are you trying to erase an HD or an SSD? According to Apple, Secure Erase is not needed with an SSD:  https://support.apple.com/en-us/HT201949 (scroll to the bottom). Secure erase will also shorten the life of SSD's.
strungCommented:
If you are using an HD, you can in effect securely erase by turning on FileVault, then erasing the disk.
serialbandCommented:
They've removed it because GUI users aren't well versed with the whole erase process and it's best not to give it to them.  It's still there on the command line.

I've always just wiped the disk, even before FileVault, with simple unix commands.  You can just write zeros or random numbers to a file, then erase it.

Writing zeros is much faster and probably more than sufficient to prevent most recovery methods.
cat /dev/zero > zero_file; rm zero_file

The random number generator is much slower.
cat /dev/random > random_file; rm random_file

You can also use /dev/urandom for less entropy to speed up the process a bit.  It all depends how secure you want it.

DOD wipes require a pass of zero, the ones, then random.  You can get partway there on a Mac.
cat /dev/zero > zero_file; rm zero_file
cat /dev/random > random_file; rm random_file

The way to write ones is to translate /dev/zero, but that method doesn't actually work on a Mac.  An extra 0 character is injected in the division and it becomes 0x1370 or 0x7878 or some other sequence with zeros injected in it instead of 0xFFFF, but you could still use it.  You'd have to write some C code to write all ones.


Using Command Line Disk Utility

If you still want to use Disk Utility to do a secure DoE or DoD erase, you can still do it on the command line.  You'll need to know which disk to erase.

Assuming your root disk is on disk 1, the 3 pass erase of free disk space would be.
diskutil secureErase freespace 4 /dev/dsk1

Here's the section of the manual page that pertains to secure erase
man diskutil
secureErase [freespace] level device
                Erase, using a secure method, either a whole-disk (including any and all partitions), or,
                only the free space (not in use for files) on a currently-mounted volume.  Erasing a whole-
                disk will leave it useless until it is partitioned again.  Erasing freespace on a volume
                will leave it exactly as it was from an end-user perspective, with the exception that it
                will not be possible to recover deleted files or data using utility software.  If you need
                to erase all contents of a partition but not its hosting whole-disk, use the zeroDisk or
                randomDisk verbs.  Ownership of the affected disk is required.

                Level should be one of the following:

                      o   0 - Single-pass zero-fill erase.

                      o   1 - Single-pass random-fill erase.

                      o   2 - US DoD 7-pass secure erase.

                      o   3 - Gutmann algorithm 35-pass secure erase.

                      o   4 - US DoE algorithm 3-pass secure erase.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bta-guyAuthor Commented:
Awesome, just what I was looking for. Thanks much serialband.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Storage Hardware

From novice to tech pro — start learning today.