Your making a test user account with a short name different than the eventual user to be migrated is sound.
In practice, you will in time over write more and more of the data, but if you have the time to first establish a file vault key and have the drive completely encrypted before copying any sensitive data, you have a more secure system and can know that the data can be sanitized cryptographically as opposed to being over-written or actually erased.
You'll want to look for these lines in the diskutil cs list
output to know it's ready for the start of data migration:
| Conversion Status: Complete
| High Level Queries: Fully Secure
| | Passphrase Required
Not so much that it's not necessary...
I'm a couple years late to the party, but it might be worth pointing out that Apple (who has now entirely remove "Secure Erase" options from the Disk Utility app) hasn't really removed the option because it "isn't necessary" — according to its El Capitan security release notes, they did it because they can't guarantee a secure erase:
Description: An issue existed in guaranteeing secure deletion of Trash files on some systems, such as those with flash storage. This issue was addressed by removing the “Secure Empty Trash” option.
Glenn Fleishman, gives a good overview of this in "How to replace El Capitan's missing Secure Empty Trash." The fact that, currently, the only DoD/NSA approved SSD sanitation procedure is smelting or shredding the drive into a fine powder somewhat echoes the challenge in being able to wipe a drive, for sure.
It is pretty difficult to recover data from an SSD...
As Trane Francks explained, recovering data from an SSD is, by default, pretty difficult. The data isn't necessarily encrypted, but it is distributed data over many locations in order to perform as few writes as possible to a single location (both for performance and for drive longevity). So once data is deleted, find the place a file used to reside in is like putting together a multi-million piece jigsaw puzzle (all before any garbage collecting the drive may decide to do). It is possible to recover files from an SSD, but this usually requires a lot of extra effort.
To make it hard for recovery tools...
Encrypting a SSD with any kind of suitably secure key, and then erasing that key, makes it virtually impossible to recover any data. This can be done, on a Mac, by enabling FileVault, booting into recovery mode, unlocking and then deleting the drive with Disk Utility.
If you're just looking to make sure stuff is securely erased without nuking existing data, you could try using the diskutil
terminal command — the command line version of DiskUtility, wherein secure erase options have not been removed:
sudo diskutil secureErase freespace 0 "/Volumes/[Disk Name]"
This should attempt to write and delete a couple tempfiles which will fill up the entire hard drive. In doing so, every available space should be filled and then cleared.
Good information on all these options can be found in "How to Securely Erase a Mac SSD".
Also, you can always try to run some data recovery tools to see if there is data that is still immediately available.
Best Answer
Yes, FileVault 2 encrypts the entire drive, including free space and trash.
To securely delete the entire drive, I find this info here:
While Apple removed secure-erase options from the Finder, Terminal commands still exist that can be used. The first is the classic “rm” file removal command, augmented with the “r” flags for recursive deletion of folders, and “P” to implement an overwrite of the removed files:
rm -rP /path/to/file-or-folder
For more thorough secure deletion, you can use the “srm” command (for secure rm) along with similar options to recurse (r), force confirmation (f), and then be verbose to show information about files being removed (v). The second flag (-s) is important for the type of secure erase to perform:
srm -rfv -s /path/to/file-or-folder
In this command, -s will perform a single-pass erase, but you can use -m for a seven-pass erase, or -z for overwriting with zeros. If you do not use this second flag, then the command will perform a 35-pass erase.
Erasing free space on a drive
In some cases, you might want to run an overwrite routine on the free space of a given drive, but unfortunately Apple has also removed options to erase free space in the new version of Disk Utility, which may leave you wondering how to do this. Granted on SSD devices, secure-erase can impact the life span of the drive, but it may still be useful for HDD devices.
To do this in El Capitan, you can again use Terminal commands:
diskutil secureErase freespace LEVEL /Volumes/DRIVENAME
In this command, change LEVEL to a number of 0 through 4, where 0 is a single-pass of zeros, 1 is a single-pass of random numbers, 2 is a 7-pass erase, 3 is a 35-pass erase, and 4 is a 3-pass erase (note all non single-pass options may take a while to complete). Change DRIVENAME to the name of the mounted drive (encase the name in quotes if it contains punctuation or spaces), and then press Enter to run the command.