PDA

View Full Version : If I use FileVault and DON'T use Secure Erase, is it recoverable?




macpokerstars
Mar 2, 2013, 03:45 PM
Hi,

The title says it all.
If I am using FileVault, and if I don't use Secure Erase, where are those deleted files located, physically on my hard drive?

Are they recoverable?

Do I need to use secure erase to be sure nothing can be recovered?

Since I have an SSD, I am a bit concerned that secure erase is quite bad for the SSD.

Thanks in advance



Bear
Mar 2, 2013, 04:22 PM
TO answer your main question, the files could be recovered by someone who knows your password. But in that case they would have access to all your files anyway.

I don't think you need to use secure erase if you are using FileVault.

benthewraith
Mar 2, 2013, 05:21 PM
Hi,

The title says it all.
If I am using FileVault, and if I don't use Secure Erase, where are those deleted files located, physically on my hard drive?

Are they recoverable?

Do I need to use secure erase to be sure nothing can be recovered?

Since I have an SSD, I am a bit concerned that secure erase is quite bad for the SSD.

Thanks in advance

Since you have an SSD, I would not recommend using secure erase, as it writes zeroes over the file it's deleting. I would recommend you enable trim if it's not already turned on and your drive is compatible. If it has an aggressive garbage collection, I wouldn't worry.

Also, deleted files would remain encrypted regardless because of full drive encryption.

Mr. Retrofire
Mar 3, 2013, 02:45 AM
If I am using FileVault, and if I don't use Secure Erase, where are those deleted files located, physically on my hard drive? Are they recoverable? Do I need to use secure erase to be sure nothing can be recovered?
AFAIK, in FileVault 2, Apple encrypts your already encrypted encryption keys (encrypted with your hashed password) with a long random key. Because no one knows this random key, not even Apple, it is nearly impossible to recover the unencrypted data. This works like a OTP (http://en.wikipedia.org/wiki/One-time_pad).