How to wipe file slack on OS X

A tutorial explaining how to wipe free space, including file slack on Mac OS X

Still the best wipe utility for Mac OS X

with 3 comments

The new user interface

BCWipe, which has long been the most advanced option for secure wiping of data on Mac OS X, just got even better by implementing a graphical user interface to make it easier to use. The new interface is uncluttered and simple, and BCWipe still has far more options than the built-in wipe options in Apple’s Disk Utility (including wiping file slack, which Disk Utility does not do). Also, it does not prevent you from wiping certain types of drives. Download the new version here.

As SSDs are becoming more prevalent, there are a few things people need to know. Ars Technica has a good article on the subject. So does LifeHacker. SSDs store data differently from hard drives, thus wiping individual files makes little sense. Also, using full drive encryption from the day you buy your new computer is a good idea. One to three passes of zeroes when wiping free space or a whole drive is the best way to go, although these measures do not give full security. The only secure way to wipe SSDs would be using special manufacturer software to issue a wipe command. This is not supported on all drives or in all scenarios. BCWipe still offers the best option available with conventional software, namely wiping free space or an entire drive with zeroes, and it does it fast and well. If you want to regularly wipe cache and logs, I recommend using the command-line version of BCWipe and making a script, as described here.


Written by wipetutorial

August 30, 2012 at 8:32 am

Posted in Uncategorized

BCWipe lets you wipe slack

with 10 comments

Photo by walknboston on FlickR (CC-By 2.0)

Update: a new and easier to use version of BCWipe for Mac OS X with a graphical user interface is now available. Read more about it here.

Apple’s Disk Utility can wipe whole disks and free space. One thing it apparently does not do, however, is wipe file slack.

File systems are divided into finite block sizes. File slack is the space after the data in a file ends and until the file systems block finishes. On an average hard drive, file slack frequently constitutes more than a gigabyte of information – information that is not wiped when wiping free space.

Unlike the Windows utility Eraser, for example, Disk Utility does not include file slack when wiping, so in fact it is not a complete wipe of free space. Forensic investigators frequently find interesting information in slack space, so a wipe of free space that does not include slack is in fact incomplete.

There is, however, a way to wipe free space on Mac OS X 10.4, 10.5 and 10.6, including slack space. Jetico’s BCWipe – one of the most versatile and advanced cross-platform wipe utilities out there. The program has to be run from the command line, and the process is somewhat complicated if you haven’t done that sort of thing before.

That’s why this tutorial was made.

Be warned that playing with these commands unless you understand what you’re doing and typing precisely, could accidentally wipe important data. Consider backing up your data first.

First, you have to download, compile and install BCWipe.

1. Download the software from
You want the BCWipe-1.9-13.tar.gz file, under the heading “BCWipe for UNIX” (“Download tar.gz”)

2. Unpack it by double clicking on it in the download directory.

3. It has to be compiled and installed. You need to download and install the Developer Tools from Apple to be able to compile software. To do that, go here and register an account, log in, download the Xcode Tools disk image, and install it. Or you could get it from the Mac App store. It should be sufficient to just install the command line tools. Then compile and install BCWipe by opening Terminal in Applications/Utilities, and run the following commands.

$ cd ~/Downloads/bcwipe-1.9-13/
$ sudo ./configure
$ sudo make install

5. Congratulations, you just installed BCWipe. It can now be run from the command-line by typing bcwipe. To read the instructions for using it, type “man bcwipe” (very useful)

Our recommended command to wipe file slack is
$ sudo bcwipe -ISrvwm1 /

Two useful scripts for Mac OS X
To save you some time, we have made two useful scripts, one to clear logs and cache, and one to wipe free space, including file slack

To make the scripts

$ sudo nano

(or the name of your choice followed by .sh to designate it as a shell script)
(paste or type the contents of your choice below into the editor, remember, the commands are case sensitive)

CTRL-X, Y <enter> (to save the file)

Then, add execute permissions to the script to be able to run it

$ sudo chmod a+x

Script contents

To delete logs and cache on Mac OS X 10.4, 10.5 and 10.6
bcwipe -Irvwm1 /private/var/log/*
bcwipe -Irvwm1 /Library/Logs/*
bcwipe -Irvwm1 /Library/Caches/*
bcwipe -Irvwm1 /System/Library/Caches/*
bcwipe -Irvwm1 ~/Library/Logs/*
bcwipe -Irvwm1 ~/Library/Caches/*

If you also want to delete the Spotlight database
bcwipe -Irvwm1 /.Spotlight-V100

To delete file slack and free space
bcwipe -ISrvwmz /
bcwipe -IFrvwm1 /

To run a script
$ sudo ./ <enter>
(type your password) <enter>

The process usually can take everything from a few minutes to three hours depending on the size and type of your disk and what you wipe, whereas wiping cache and logs is done in a minute.

These scripts have been tested on Mac OS X 10.10 and many of the previous versions, journaled and non-journaled file systems, SSDs and hard drives, and they caused no problems. All the commands here can safely be run on a live system without problems. If you are using Boot Camp, using bcwipe on / might cause it to treat the Windows partition as well. One way to handle this is simply unmounting the Windows partition in Disk Utility before using bcwipe, and using Eraser, which is Windows native and free, on the Windows partition. It’s also a good idea to unmount any external drives and network volumes before starting.

However, this is not a guarantee that they will not cause problems for you. If you play with fire, you might get burnt. Remember that one typing mistake might wipe something essential to the operation of your system, or your important files. So unless, you know what you’re doing, consider not doing it, or having a computer literate friend help you. It might be wise to make a backup and play with these commands before using them in everyday computing.

DISCLAIMER: the author of this tutorial takes no responsibility for damaged data.

It should be sufficient to wipe data once, as no company has yet been able to recover overwritten data. Especially on modern hard drives, one scrub is enough, as there are less traces of previous data on these drives. However, some argue it could be possible to recover overwritten data (in theory) using magnetic force microscopy and image analysis, and that noone knows what technology the military might secretly possess. If you want to be sure it will be very hard to recover data, a 7-pass scrub is recommended. The instructions here are for a one-time scrub of random data without verification, which is a fast and effective method. To change the settings, refer to the BCWipe manual.

Be aware that SSD drives and memory flash drives (such as USB drives) do not behave like hard drives, and that using full disk encryption with a wipeable key file+password combo seems to be the best strategy for wiping such drives as of yet. Wiping on SSDs still works, but some data might be left in inaccesible areas on the drive.

BCWipe is free to use for 30 days, then you can purchase a license from Jetico.

This tutorial was last updated August 28, 2015.

Written by wipetutorial

June 3, 2009 at 12:29 pm