[NUKED] Securely Erasing Your Hard Drive
I have written several times in recent years about the importance of completely erasing personal data from hard drives before disposing of them. Savvy users understand that deleting a file doesn't really make it go away. And even formatting a hard drive doesn't guarantee that your files are unreadable. So how can you make certain that ALL your data is gone before selling, donating or disposing of your hard drive? Here's some good news on that front… |
When You Really Need to Wipe a Hard Drive...
My earlier article “Erasing a Hard Drive? Not So Fast…” delved into the difficulties of doing the job right. But now securely wiping a hard drive, or even a stubbornly data-persistent Solid State Drive (SSD), is easier than ever.
You probably know that the “delete” command doesn’t really delete the target data; it only deletes the location of that data from the hard drive’s index of files. After a “deletion,” the drive will re-use that file’s space as if it was empty.
But until data has been overwritten many times, it can still be recovered by a determined person. Military-grade standards call for overwriting each disk sector at least nine times before data stored in it can be considered truly “unrecoverable.” That can take a long time, even on a 500 GB hard drive!
There is a solution, and you probably already have it. The firmware of nearly every hard drive built since 2001 contains a “Secure Erase” command so effective that NIST (the U.S. National Institute of Standards and Technology) rates it as good as degaussing a hard drive - that is, using a powerful magnet to completely scramble the bits stored on a drive. So why haven’t we been using “Secure Erase” for all these years?
Most BIOS developers disable the “Secure Erase” feature because they think consumers won’t use it wisely. Indeed, “SE,” as it’s called, is a “nuclear option.” It wipes data, and no amount of panicked, tearful phone calls to tech support or data recovery specialists will get it back. It even wipes data stored in bad disk blocks, something other disk-wiping utilities can’t do. When Secure Erase finishes its job, your hard drive will be squeaky clean, empty of all data, and ready to be used again. It Latin, that would be “tabula rasa.”
Unlock the Power
A freeware utility called HDDErase 4.0 unlocks the power of the Secure Erase feature in nearly every standard magnetic hard drive built since 2001. You can download it from the UC-San Diego’s Center for Memory and Recording Research, but note that no tech support is available and you use it at your own risk. Because it runs from a bootable disk, HDDErase can erase any operating system, using the drive's own built-in sanitizer. Tim Fisher’s review of HDDErase provides a little more insight into this powerful command-line utility.
The documentation for the program does not mention SSDs at all. But I've read in various places that HDDErase will work on SSDs (solid state drives) in addition to traditional spinning magnetic hard drives.
There is one important caveat, though, according to Kingston. HDDErase can only be run on hard drives that are directly attached to a SATA or IDE port, and not through a USB bridge or enclosure. Put more simply, HDDErase will ONLY work on internal drive, and WILL NOT work on external hard drives.
Other Disk Wipe Options
I’ve mentioned Darik's Boot and Nuke (DBAN) in the past as one way to erase a hard drive. DBAN does a good job of erasing all accessible data on a drive, but it cannot access data that is no longer accessible through software, such as bad blocks, and It cannot detect or erase SSDs.
Another method of rendering a drive forever unreadable is known as “Encrypt, Reformat, Encrypt Again.” Unlike other options, this WILL work on SSDs or an external drive. First, encrypt your entire hard drive; Users running Windows 7 Ultimate, Windows 8.1 Pro, or Windows 10 Pro can use the built-in Bitlocker utility, if their PCs include a Trusted Platform Module (TPM) chip. Another alternative for encryption is the free VeraCrypt software, which works on Windows, Mac OS X and Linux computers.
Encrypting a working drive that contains lots of data may take many hours, but you’ll be able to work on other things while encryption proceeds in background. Once your drive is encrypted, do a FULL reformat of it. A “quick” format only wipes the index of files mentioned above, leading the drive to treat the whole disk as empty space. A full format overwrites all data.
Next, encrypt the reformatted drive AGAIN before adding any data to it. This won’t take long, because there is very little data to be encrypted. Now what do we have?
The re-encrypted, re-formatted drive has a security key that is required to decrypt data stored on the drive; the key is stored on the drive itself for Bitlocker to access on the fly. The security key of the first encryption has been overwritten during reformatting and encrypted by the second encryption. Even if a hacker recovers the second encryption key, he can’t recover the first one that might give him access to your old data. Now your drive is truly wiped and unrecoverable!
The Total Annihilation Method
It's good clean fun to use a drill press or sledge hammer on an unwanted hard drive (with the appropriate safety equipment). But if you lack those tools, a commercial hard drive shredding service will do the job. Ameri-Shred is one company that offers the service, and you can see their machinery in action in the video above.
Your thoughts on this topic are welcome. Post your comment or question below…
This article was posted by Bob Rankin on 24 Aug 2020
For Fun: Buy Bob a Snickers. |
Prev Article: Keep Your Software Up To Date (or else…) |
The Top Twenty |
Next Article: Is Cloud Storage Private and Secure? |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- [NUKED] Securely Erasing Your Hard Drive (Posted: 24 Aug 2020)
Source: https://askbobrankin.com/nuked_securely_erasing_your_hard_drive.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "[NUKED] Securely Erasing Your Hard Drive"
Posted by:
Charley
24 Aug 2020
One of my banks had a free shredding event recently. You could bring your papers and they would shred them. Also, you could bring hard drives and they would shred them right in front of you. In goes a hard drive and out comes shredded metal. Unfortunately, not everywhere has those events. So what Bob suggests is the way to go most times.
Posted by:
hifi5000
24 Aug 2020
I think for most erasure jobs,Darik's DBan does a fine job wiping a hard drive.I guess if a person is real paranoid and they are unsure about a previous owner of the drive,they could go with the more thorough methods mentioned today.
Posted by:
Renaud Olgiati
24 Aug 2020
When I was asked to help the local Alliance Française with a number of redundant PCs left over by the closure of the local French Consulate, and found that one of those had not been "blanked" by the diplomatic security staff supervising the closure, I let them know I had blanked the HD myself (three times) with DBAN, and was told that this was perfectly acceptable for security purposes.
Posted by:
Therrito
24 Aug 2020
I have a program that will bleach then write zeros on the entire hard drive effectively erasing any trace of any data.
Posted by:
Nigel
24 Aug 2020
I've used the hammer option in the past! Now I purchase cases, full format at least twice then use them as external drives. However I think I will add Bitlocker into the process. Thanks for the info Bob.
Posted by:
Jim Shaneman
24 Aug 2020
An absolute and easy to use program Low Level Format will do the job, quickly and efficiently. Set it and forget it, the job is done. Just reformat the drive at the end of cleaning.
Posted by:
RandiO
25 Aug 2020
Uze 'awl are ruthless to your hardware!
I use the HDD magnet flange w/a large washer on the bottom of my outdoor house flags for wind dampening.
I use the actual HDD platters as mirrors in the garage and for shaving in the shower.
Those 4cm aluminum platter spacers have come in handy and I have even found uses for the older motor (ball) bearings, over the decades.
A $30 "RedKey USB" stick irrecoverably wipes all data from a computer: Starting in about a minute froma system reboot. I think it was a kickstarter effort which may make re-purposing (et al) old computers/drives a pleasure.
Posted by:
bb
25 Aug 2020
The free 'parted magic' boot cd has a Secure Erase option in the 'erase disk' menu item. It also does DBAN and several erase versions of 'dd'. It's easier to use than the CMRR version.
Posted by:
Jack
25 Aug 2020
I believe that placing the hard drive in an oven at 400 degrees for an hour will melt the coating on the disk platters, making the disk totally unrecoverable. No tools needed. But I haven't verified that.
Posted by:
Jack
25 Aug 2020
I have a program that will "bleach" the hard drive(s) clean, so that even the FBI cannot recover anything incriminating.
Sincerely,
Hillary
Posted by:
Joe
26 Aug 2020
Hey Bob, what about all the stuff on the cloud?
Posted by:
Kate
26 Aug 2020
A techie friend of mine suggested that I might like to take an old hard drive apart to see how it was made. I did so, but it wasn't as easy as I thought it would be. Still it was a fun project, and once I had all the disks out of the two drives, I got my frustrations out by scratching them very deeply with a machinist's scribe. It was interesting to see how hard drives are constructed.
Posted by:
Charlie
27 Aug 2020
Always wondered if the hard drive was really erased.
Sounds like this is probably as good as it gets. going to try it on an old drive I have.
Posted by:
Leo Beilin
28 Aug 2020
Will exposing a HD to a strong magnetic field work?
EDITOR'S NOTE: Define "strong" and I'll say maybe.
Posted by:
Donna
29 Aug 2020
Timely article, Bob. I'm running SDelete right now on a failing hard drive, before I hand it over to Dell in exchange for the replacement they sent me.
When I executed SDelete with the s, q, p, and directory parameters, I got this error message:
"Disks must not have any volumes in order to be cleaned."
I couldn't find any useful answers on the web, so I opted for the Zero Free Space option. It's plodding along at a snail's pace, but it is functioning.
Are you familiar with that "no volumes" message?
And speaking of magnets, here's a nifty article about using neodymium magnets to wipe a hard drive: https://www.kjmagnetics.com/blog.asp?p=hard-drive-destruction