Securely Erasing Your Hard Drive

Category: Hard-Drives

I have written several articles over the years about the importance of completely erasing personal data from hard drives before disposing of them. Savvy users understand that deleting a file doesn't really make it go away. And even formatting a hard drive doesn't guarantee that your files are unreadable. But here's some good news on that front...

When You Really Need to Wipe a Hard Drive...

My earlier article “Erasing a Hard Drive? Not So Fast…” delved into the difficulties of doing the job right. But now securely wiping a hard drive, or even a stubbornly data-persistent Solid State Drive (SSD), is easier than ever.

You probably know that the “delete” command doesn’t really delete the target data; it only deletes the location of that data from the hard drive’s index of files. After a “deletion,” the drive will re-use that file’s space as if it was empty.

But until data has been overwritten many times, it can still be recovered by a determined person. Military-grade standards call for overwriting each disk sector at least nine times before data stored in it can be considered truly “unrecoverable.” That takes a very long time, even on a 500 GB hard drive! Running a “secure erase” utility can tie up a computer for a day or even longer.

Securely erase your hard drive

There is a solution, and you probably already have it. The firmware of nearly every hard drive built since 2001 contains a “Secure Erase” command so effective that NIST (the U.S. National Institute of Standards and Technology) rates it as good as degaussing a hard drive - that is, using a powerful magnet to completely scramble the bits stored on a drive. So why haven’t we been using “Secure Erase” for all these years?

Most BIOS developers disable the “Secure Erase” feature because they think consumers won’t use it wisely. Indeed, “SE,” as it’s called, is a “nuclear option.” It wipes data, and no amount of panicked, tearful phone calls to tech support or data recovery specialists will get it back. It even wipes data stored in bad disk blocks, something other disk-wiping utilities can’t do. When Secure Erase finishes its job, your hard drive will be squeaky clean, empty of all data, and ready to be used again. It Latin, that would be “tabula rasa.”

Unlock the Power

A freeware utility called HDDErase 4.0 unlocks the power of the Secure Erase feature in nearly every standard magnetic hard drive built since 2001. You can download it from the UC-San Diego’s Center for Memory and Recording Research, but note that no tech support is available and you use it at your own risk. Because it runs from a bootable disk, HDDErase can erase any operating system, using the drive's own built-in sanitizer. Tim Fisher’s review of HDDErase provides a little more insight into this powerful command-line utility.

I've read in various places that HDDErase will work on SSDs (solid state drives) in addition to traditional spinning magnetic hard drives. But the documentation for the program does not mention SSDs at all. However, this article on the Kingston Technology website seems authoritative, and does specifically mention using HDDErase with SSDs.

There is one important caveat, though, according to Kingston. HDDErase can only be run on hard drives that are directly attached to a SATA or IDE port, and not through a USB bridge or enclosure. Put more simply, HDDErase will ONLY work on internal drive, and WILL NOT work on external hard drives.

Another Secure Disk Wipe Option

If you have an external drive that you want to securely erase, or for some reason you'd rather not use the HDDErase utility, there's another way to get the job done.

Another method of rendering a drive forever unreadable is known as “Encrypt, Reformat, Encrypt Again.” First, encrypt your entire hard drive; Users running Windows 7 Ultimate, Windows 8.1 Pro, or Windows 10 Pro can use the built-in Bitlocker utility, if their PCs include a Trusted Platform Module (TPM) chip. Another alternative for encryption is the free VeraCrypt software, which works on Windows, Mac OS X and Linux computers.

Encrypting a working drive that contains lots of data may take many hours, but you’ll be able to work on other things while encryption proceeds in background. Once your drive is encrypted, do a FULL reformat of it. A “quick” format only wipes the index of files mentioned above, leading the drive to treat the whole disk as empty space. A full format overwrites all data.

Next, encrypt the reformatted drive AGAIN before adding any data to it. This won’t take long, because there is very little data to be encrypted. Now what do we have?

The re-encrypted, re-formatted drive has a security key that is required to decrypt data stored on the drive; the key is stored on the drive itself for Bitlocker to access on the fly. The security key of the first encryption has been overwritten during reformatting and encrypted by the second encryption. Even if a hacker recovers the second encryption key, he can’t recover the first one that might give him access to your old data. Now your drive is truly wiped and unrecoverable!

The Total Annihilation Method

It's good clean fun to use a drill press or sledge hammer on an unwanted hard drive (with the appropriate safety equipment). But if you lack those tools, a commercial hard drive shredding service will do the job. Ameri-Shred is one company that offers the service, and you can see their machinery in action in the video above.

Your thoughts on this topic are welcome. Post your comment or question below...

 
Ask Your Computer or Internet Question

  (Enter your question in the box above.)

It's Guaranteed to Make You Smarter...

AskBob Updates: Boost your Internet IQ & solve computer problems.
Get your FREE Subscription!


Email:

Check out other articles in this category:



Link to this article from your site or blog. Just copy and paste from this box:

This article was posted by on 9 Mar 2018


For Fun: Buy Bob a Snickers.

Prev Article:
Geekly Update - 08 March 2018

The Top Twenty
Next Article:
The Big Lie Most Hardware Makers Tell You

Most recent comments on "Securely Erasing Your Hard Drive"

(See all 28 comments for this article.)

Posted by:

Mark H.
09 Mar 2018

Just a quick comment about Bitlocker in Windows. If your computer doesn't have a TPM (most personal computers don't), you can still use Bitlocker by changing policy settings using gpedit. You must make sure to not lose the recovery key (print it out and store it in safe place and you can save it to your Microsoft account as well.) You can use a USB key or a password to start the computer. Again, you need Windows 7 Ultimate or the Pro versions of 8, 8.1, or 10 to use it.


Posted by:

Jim
09 Mar 2018

The solution to all this paranoia concerning discarded computers seems fairly simple. Just remove the hard drive before discarding it. It's a simple task to perform and you can sleep at night.


Posted by:

Robert A.
09 Mar 2018

Just where would one expect to find one of these Ameri-Shred machines. I don't think you'd find one at the local Best Buy or Office Depot. And if you could find a business that has one, I'm sure it would charge an arm and a leg to destroy the HDD to justify using a machine that big and complicated.

It seems that it would be easier to just open up an old hard drive, remove the disks, and rub sandpaper, emery cloth or a ScotchBrite pad over the surfaces, to ruin them, for 30 seconds, or so, then maybe flex the disk back and forth, until it snaps in half, or use a pair of tin snips to cut it into fragments Job done, and zero dollars used.


Posted by:

Lady Fitzgerald
09 Mar 2018

You're behind the times, Bob. Today's HDDs have such tight cylinders, a single pass of writing 1s and/or 0s is sufficient to wipe data sufficiently to protect you from all but three letter government agencies (and if you need to worry about them, they will probably confiscate your drives before you have a chance to destroy them).

The utilities that come with SSDs, such as Samsung magician, will include secure erase.


Posted by:

Jim Horn
09 Mar 2018

I have a hand-held grinder that I use to chop my old hard drives up into pieces. Then I dump the pieces into different trash containers.


Posted by:

Ralph Balch
09 Mar 2018

I dismantle the hard drive, melt the disk and salvage the powerful magnets. They are very useful in the shop.


Posted by:

bb
10 Mar 2018

I agree with lady Fitzgerald on hard disks - one pass of even just zeros are sufficient. Scott Moulton, owner of the popular data recovery service MyHardDriveDied.com, addresses exactly this question in the 'My Hard Drive Died #27' podcast. (Jump to the 36:15 point for the question. And now you know what my handle stands for. :-))

For those that don't want to futz with DOS to run the secure erase program, download the last free version of the 'Parted Magic' ISO. That disk, among lots of other good utilities, includes a the secure erase program in a windows-like GUI. Much easier to use that the DOS version. All the standard free download sites have Parted Magic.


Posted by:

Doc
10 Mar 2018

I use MAFIA DISK DOCTOR like JohnMTO. Though I prefer a .270 cal. at 50 yards (46m) to take the disk down and crack the case in the process. Then hang the disk from a tree limb, and a handy 9mm, .40 S&W, .45 (LC/ACP) or a .357 Sig from about 10 feet (3m) will finish the job. (Eye protection mandatory!)

Unfortunately a .22LR while the 'caliber of choice' for most Mafia hits, won't break the case and only dents some disks, and you have the problem of 'blow-back' or 'back-splatter' if you are too close.

As a final step, if you have a large microwave, you can nuke them for a couple of minutes to destroy what's left of the surface. (shut off the nuker is you see ANY spark at all -keep your finger near the 'off' button. Those sparks will destroy the magnitron in the micro, and kill it too. Co-lateral damage is not acceptable).

Comes in handy if you are a hunter, or a target shooter to keep your skill set up. A FMJ .308 cal. (7.62 NATO) works well too, and that's my target rifle's caliber of use.

I've found that often enough 00 buck from 'close enough' doesn't always blow the HD casing apart or reach the disks inside. JohnMTO may use a longer shell than my 1897 Win 12ga.

MAFIA DISK DOCTOR: WHEN IT ABSOLUTELY, POSITIVELY, MUST BE DONE TODAY! (Dead Disks tell no stories).


Posted by:

Oliver J Fleming
10 Mar 2018

I find dismantling the drive is good. The platters are highly polished and are good mirrors, also there are powerful magnets in there that can also be useful.


Posted by:

Bear
10 Mar 2018

I use diskpart:-
This will show you how to use the clean or clean all command on a selected disk to delete all of it's MBR or GPT partitions, volumes, and any hidden sector information on MBR disks is overwritten.


The data on the HDD is not written over using the clean command like it does with the clean all command below. With the clean command, the data on the HDD is only marked as being deleted instead and is only written over when new data is written/saved to the same location on the HDD next.

OR

You could use the clean all command (secure erase) to do the above and also have each and every disk sector on the HDD written over and zeroed out completely to securely delete all data on the disk to help prevent the data from being able to be recovered. "Clean All" takes about an hour per 320 GB to finish running.

Warning
You do not want to use clean all on a SSD disk often. Having every sector written over to 0 on a SSD can help reduce it's life span.


1. In Windows 7, open an elevated command prompt, or a command prompt at boot.

2. Click on Disk Management in the left pane, and make note of the disk # in the middle pane of the disk that you want to clean or clean all. (see screenshot below)
NOTE: For example, I would use Disk 1 if I wanted to use clean or clean all on my USB key drive.

3. In the elevated command prompt, type diskpart and press Enter.

4. In the elevated command prompt, type list disk and press Enter. (see screenshot below)
NOTE: This will give you a list of disk numbers to select from.

5. In the elevated command prompt, type select disk # and press Enter. (see screenshot below)
NOTE: You would substitute # for the disk number listed that you want to use clean or clean all on. For example, I want to use one of them on Disk 1 (from step 1) for my USB key drive, so I would type select disk 1 and press Enter.

6. Do either step 7 or 8 below for which command you would like to use.

7. To Use the Clean Diskpart Command
NOTE: See the green INFO box at the top of the tutorial for more information about this command. This command will wipe the HDD quickly.

8. A) In the elevated command prompt, type clean and press Enter. (see screenshot below)
NOTE: This will not take long to finish. Think of it as being like a quick format.

9. To Use the Clean All Diskpart Command
NOTE: See the green INFO box at the top of the tutorial for more information about this command. This command will wipe the HDD, and perform a secure erase. "Clean All" takes about an hour per 320 GB to finish running. It's best to only use this command if you wanted to help make sure that the data on the HDD cannot be recovered say when giving or selling the HDD to another person.

10. A) In the elevated command prompt, type clean all and press Enter. You will see the command prompt below as is until the "clean all" command is finished. (see screenshot below)
NOTE: This will take quite some time (several hours or more) to finish depending on how large the disk is since it is writing over each and every sector on it to zero. Think of it as being like a full or low level format.

11. When finished, in the elevated command prompt, type exit and press Enter. Close the elevated command prompt.


Posted by:

LouDamelin
10 Mar 2018

No one has mentioned my procedure. I delete all partitions on the hard drive. Then I create a new partition using all the space on the hard drive. Then I do a full format; and install an operating system.

I thought this made any data recovery impossible for us ordinary folk with ordinary tools. I doubt if the CIA could get any more than a few random bits if they wanted to spend all the time and expense involved; but why would they?

I just hate to see good hard drives destroyed when they can be reused.


Posted by:

Roger
10 Mar 2018

I always remove & keep my old hard drives. You never know when you might want to spin them up & retrieve some old file or image. I have done on several occasions.


Posted by:

Chuck
10 Mar 2018

Love the video. Especially the keyboard with the key caps flying around!


Posted by:

FRANCIS REILLY
10 Mar 2018

Great one Jim,I couldn't stop laughing for 5 mins.Until I remembered how much I hate her and her ilk.


Posted by:

FRANCIS REILLY
10 Mar 2018

Great one Jim,I couldn't stop laughing for 5 mins.Until I remembered how much I hate her and her ilk.


Posted by:

Herb
12 Mar 2018

Someday I hope someone parts the curtain for me so I can see what I'm missing. Why does it take multiple 'writes' of data over previously used HDD space, to wipe it clean? Ignoring the randomness of disk utilization, consider this: You have a 1MB picture of Mt. Rushmore on your HDD. You delete it and then overwrite the residual bits with a 1MB picture of migrating animals on an African plain. Is it really reasonable to expect some 'expert' could get access to the drive and find the picture of Mt. Rushmore? (I realize there is no guarantee the new picture would be assigned the same physical space on the drive, but for the purposes of my question let's assume it did.) So, then, if you deleted stuff you didn't want, defragged what remained, then copied multiple gigabytes of pictures onto the drive (total GBs equaling at least what you deleted), wouldn't that make life extremely difficult for someone trying to recover deleted data? If everything was overwritten with new pictures, how could anything old be recovered? If the old data was still there, wouldn't the new pictures be corrupted? What am I missing?


Posted by:

HA
13 Mar 2018

I sneak into the nearest nuclear power plant and drop my old hard drives into the fission reactor.


Posted by:

RD
13 Mar 2018

That's nothing!
I slingshot my old hard drives covered with crazy glue at a SpaceX rocket launch, and they end up in earth orbit.


Posted by:

Herb
13 Mar 2018

Hey - RD - how did the hard drive get out of the slingshot?? LOL


Posted by:

ni
13 Mar 2018

I always secure erase my hard drive. If i use it to install windows I let windows do the format. It seem to help with speed.


There's more reader feedback... See all 28 comments for this article.

Post your Comments, Questions or Suggestions

*     *     (* = Required field)

    (Your email address will not be published)
(you may use HTML tags for style)

YES... spelling, punctuation, grammar and proper use of UPPER/lower case are important! Comments of a political nature are discouraged. Please limit your remarks to 3-4 paragraphs. If you want to see your comment posted, pay attention to these items.

All comments are reviewed, and may be edited or removed at the discretion of the moderator.

NOTE: Please, post comments on this article ONLY.
If you want to ask a question click here.

Free Tech Support -- Ask Bob Rankin
RSS   Add to My Yahoo!   Feedburner Feed
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Privacy Policy -- See my profile on Google.


Article information: AskBobRankin -- Securely Erasing Your Hard Drive (Posted: 9 Mar 2018)
Source: https://askbobrankin.com/securely_erasing_your_hard_drive.html
Copyright © 2005 - Bob Rankin - All Rights Reserved