I had my hard drive protected by FileVault before I started having major software issues. I have plenty of Time Machine backups so I wiped the hard drive using the disk utility in recovery mode. However, I never overwrote the whole hard drive or used any kind of "secure" wipe program. When I set up my new accounts over the wiped drive, I did not use FileVault either. I gave Apple the password to my new account which barely had any new data on it (and changed my password to "hello" before doing so). I'm just wondering if the information that is technically still "there" when the drive was wiped insecurely can be accessed despite having been protected with FileVault prior to being wiped?
MacOS – Can FileVault protected data be accessed if the hard drive has been NON securely wiped
filevaulthard drivemacosSecurity
Related Question
- FileVault security hole when used on SSDs
- How secure are files on an unencrypted hard disc
- MacOS – way to see System Information before first user is added
- IMac – a Secure Token and how to get an admin users that has one
- MacOS – back up one external hard drive to a smaller external hard drive via Time Machine
Best Answer
The information is there in a cryptographically erased format until you over write the data with a new file or re-encrypt the space with a new key. In some narrow way, the data is there, but no one can reconstitute it.
Specifically, each individual block on the storage was uniquely encrypted so you would need mathematically impossible amounts of processing to crack each block and then start the normal data recovery process.
The moment the large cryptographic key that was derived from your pass phrase was erased, you lost all practical and most impractical methods to recover any data from the still encrypted storage.