Securely Erasing Data Just Got Easier

Category: Hard-Drives

I have written several articles over the years about the importance of completely erasing personal data from hard drives before disposing of them. Savvy users understand that deleting a file doesn't really make it go away. And even formatting a hard drive doesn't guarantee that your files are unreadable. But here's some good news on that front...

When You Really Need to Wipe a Hard Drive...

My earlier article “Erasing a Hard Drive? Not So Fast…” delved into the difficulties of doing the job right. But now securely wiping a hard drive, or even a stubbornly data-persistent Solid State Drive (SSD), is easier than ever.

You probably know that the “delete” command doesn’t really delete the target data; it only deletes the location of that data from the hard drive’s index of files. After a “deletion,” the drive will re-use that file’s space as if it was empty.

But until data has been overwritten many times, it can still be recovered by a determined person. Military-grade standards call for overwriting each disk sector at least nine times before data stored in it can be considered truly “unrecoverable.” That takes a very, very long time on a typical 500 GB hard drive! Running a “secure erase” utility can tie up a computer for a day or even longer.

Securely erase your hard drive

There is a solution, and you probably already have it. The firmware of nearly every hard drive built since 2001 contains a “Secure Erase” command so effective that NIST (the U.S. National Institute of Standards and Technology) rates it as good as degaussing a hard drive - that is, using a powerful magnet to complete scramble the bits stored on a drive. So why haven’t we been using “Secure Erase” for all these years?

Most BIOS developers disable the “Secure Erase” feature because they think consumers won’t use it wisely. Indeed, “SE,” as it’s called, is a “nuclear option;” it wipes data, no amount of panicked, tearful phone calls to tech support or data recovery specialists will get it back. It even wipes data stored in bad disk blocks, something other disk-wiping utilities can’t do. When Secure Erase finishes its job, your hard drive will be squeaky clean, empty of all data, and ready to be used again.

Unlock the Power

A freeware utility called HDDErase 4.0 unlocks the power of the Secure Erase feature in nearly every standard magnetic hard drive built since 2001. You can download it from the UC-San Diego’s Center for Memory and Recording Research, but note that no tech support is available and you use it at your own risk. Because it runs from a bootable disk, HDDErase can erase any operating system, using the drive's own built-in sanitizer. Tim Fisher’s review of HDDErase provides a little more insight into this powerful command-line utility.

I've read in various places that HDDErase will work on SSDs (solid state drives) in addition to traditional spinning magnetic hard drives. But the documentation for the program does not mention SSDs at all. However, this article on the Kingston Technology website seems authoritative, and does specifically mention using HDDErase with SSDs.

There is one important caveat, though, according to Kingston. HDDErase can only be run on hard drives that are directly attached to a SATA or IDE port, and not through a USB bridge or enclosure. Put more simply, HDDErase will ONLY work on internal drive, and WILL NOT work on external hard drives.

Another Secure Disk Wipe Option

If you have an external drive that you want to securely erase, or for some reason you'd rather not use the HDDErase utility, there's another way to get the job done.

Another method of rendering a drive forever unreadable is known as “Encrypt, Reformat, Encrypt Again.” First, encrypt your entire hard drive; Users running Windows 7 Ultimate, Windows 8.1 Pro, or Windows 10 Pro can use the built-in Bitlocker utility, if their PCs include a Trusted Platform Module (TPM) chip. Encrypting a working drive that contains lots of data may take many hours, but you’ll be able to work on other things while encryption proceeds in background.

Once your drive is encrypted, do a FULL reformat of it. A “quick” format only wipes the index of files mentioned above, leading the drive to treat the whole disk as empty space. A full format overwrites all data.

Next, encrypt the reformatted drive AGAIN before adding any data to it. This won’t take long, because there is very little data to be encrypted. Now what do we have?

The re-encrypted, re-formatted drive has a security key that is required to decrypt data stored on the drive; the key is stored on the drive itself for Bitlocker to access on the fly. The security key of the first encryption has been overwritten during reformatting and encrypted by the second encryption. Even if a hacker recovers the second encryption key, he can’t recover the first one that might give him access to your old data. Now your drive is truly wiped and unrecoverable!

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 3 Aug 2016


For Fun: Buy Bob a Snickers.

Prev Article:
Tools To Trace an Email

The Top Twenty
Next Article:
The “No More Ransomware” Project

Most recent comments on "Securely Erasing Data Just Got Easier"

(See all 33 comments for this article.)

Posted by:

Frank MacKenzie-Lamb
03 Aug 2016

I'd say a hammer is easier if you aren't going to be using the HD anymore......smash it up good


Posted by:

Darcetha
03 Aug 2016

Glad to hear that there is an easier way to securely erase data.


Posted by:

Therrito
03 Aug 2016

I like the "Encrypt/Reformat/Encrypt Again" concept. I'll have to try that the next time I wipe a drive.
Great article, Bob!


Posted by:

Flav.
04 Aug 2016

Hey Didi, the sledgehammer works beautifully!
End of worries!


Posted by:

noseitall
04 Aug 2016

A sledge hammer works well, and quickly. But if you have several drives to erase at once, how about a 450-degree oven for a couple hours?


Posted by:

pscowboy
04 Aug 2016

The bootable cd will not work with SATA opticals.
All the drivers included on the cd are for IDE cd-dvd drives.
Spent hours working on a fix to no avail, including the gcdrom.sys driver.
An external USB optical will work in this case.


Posted by:

sidehillman
04 Aug 2016

Just leave in the "burn barrel" for a while.


Posted by:

David
04 Aug 2016

The magnets are fun to play with.


Posted by:

Paul
04 Aug 2016

Adding to what @bb said above - Scott Moulton mentioned that even a full format under Windows 7 and later renders the hard drive unreadable. He's a fully fledged expert on hard drives and hard drive data recovery so that's good enough for me.


Posted by:

DiDi
05 Aug 2016

That sledgehammer sounds like fun, but like the drill -- I don't own one, just a regular old hammer. I do however have an oven and know how to bake or cook at 450 degrees. However, is that really viable and am I liable to melt something permanently into the oven? How much muscle do I need with a regular hammer? Do I need to call the boyfriend over to help? I hear he's handy with a hammer. :)


Posted by:

Butch
05 Aug 2016

PrivaZer gives one a choice of how many passes to make to wipe a drive. CCleaner also seems to be capable of wiping a hard drive completely so that it becomes unreadable. Whadda I know? I'm not a techie/tekkie.....

Thanks for bringing the topic up.


Posted by:

Steven B Sidman
06 Aug 2016

What about DBAN, Derek's Boot and Nuke? It's a CD with bootable Linux and one immediately executed program that does the DoD approved erase.


Posted by:

aresilva
06 Aug 2016

I used to work at a radio station. We used a Bulk Tape Eraser to reuse tapes. It was available at that time from Radio Shack. Any comments?


Posted by:

Old Man
07 Aug 2016

I'm with Walt vdH. I'm not a high-profile person. A simple full reformatting, loading an old OS (like Win 95 or Win 98) - or one of the versions of Linux - is good enough. No need for hammers, drills, ovens, etc. Anyone with the time and equipment to find out what may be hidden on my drives have bigger fish to catch (like H. Clinton).


Posted by:

Bill Bennett
08 Aug 2016

I was wondering what to do with that old Radio Shack degausser (so old the word is not even in the dictionary) or bulk tape eraser I've had sitting around for years. Now I know!


Posted by:

Carl
08 Aug 2016

Is there anyway I could strip hard drive of data and remain with the OS?


Posted by:

David Holt
08 Aug 2016

I tried to use the suggestion in your article but found that, for whatever reason, it simply didn't work for me. I went back to my old standby, DBAN. I downloaded the latest version and made the boot CD.Left the CD in the drawer, powered down, swapped hard drives, installing the one I wanted to nuke. Rebooted the computer and DBAN (that's Darik's Boot & Nuke)did the job. Simple. DBAN is free, but it has a purchasable cousin the provides full documentation and verification, if you need such.


Posted by:

Mark Matis
08 Aug 2016

Linux also provides easy ways to securely wipe hard drives. And if you do it from a live CD/DVD you can hit any writable drive on the system.


Posted by:

Michael Anthony
09 Aug 2016

Will this work on a laptop that has a virus? The Laptop only boots up for a bit then it powers back down. I haven't found a way to resolve it. Thanks


Posted by:

cybercipher50
09 Aug 2016

May I add Parted Magic (the free version) to the list? Download the ISO, burn to disk, boot into its RAM-drive and you have both Secure Erase and Enhanced Secure Erase internal command support, plus wiping MBR, entire disk or free space wipe using either dd or shred methods, plus partition management (NTFS support, obviously).


There's more reader feedback... See all 33 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! And please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are previewed, and may be edited before posting.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Securely Erasing Data Just Got Easier (Posted: 3 Aug 2016)
Source: http://askbobrankin.com/securely_erasing_data_just_got_easier.html
Copyright © 2005 - Bob Rankin - All Rights Reserved