News How to Secure Erase an SSD or HDD Before Selling It or Your PC

[AtrociKitty]

Another useful native Windows function is cipher. Using the /W flag as per

cipher /W INSERT-PATH-HERE

will overwrite all unused (deallocated) disk space on the volume or directory. I often use it to clear data outside the OS when I want to retain drivers and other installs.

 

[OriginFree]

Ah, I remember DBAN from the 90s/00s.
Set it up for 21 passes on Friday night and come back Monday morning.
Even the NSA would have issues recovering stuff at that point.

We used to do a lot of OT on the weekends with this.

 

[artk2219]

We used to do bulk wipes of disks for computers that we were giving away to company employees with a PERC raid controller. We'd populate eight disks of matching size in the controller since thats the most it would take at once, change the topology to RAID 0, and do a full initialization pass so it wrote 0's to all of the disks at once. We wondered if it was actually doing a full wipe so we gave a few disks to our security guys and asked them to pull whatever data they could, they all came back clean so we kept doing it. We would chew through disks at a pretty decent rate with that setup.

 

[clsgis]

Or you could boot any live Linux image (e.g. Knoppix) and run:

sudo lsblk # find out the device name to be wiped
sudo dd if=/dev/zero of=/dev/sda status=progress

It won't protect your drive from state agents who can dismantle the drive and read faint magnetic traces with very expensive equipment. But your stuff is gone as far as the garden variety criminal is concerned.

If you think it makes a difference, do it again with if=/dev/urandom but that's a lot slower.

 

[allan_hm]

Another option to secure erase a disk drive without any third party software is to simply run this command on Windows prompt:

cipher /w:C

Where "C" is the drive letter or a folder path you want to wipe the free space.
It won't delete any file, so you have to format the drive before running it.

 

[lrroger]

On a Windows 10 machine, I followed the instructions in the section "How to Securely Erase Your SSD with Windows Diskpart"

It all worked and then I installed a fresh copy of Windows 10.

Looking in explorer there is a windows.old with all the old windows related files.

Any idea why after running diskpart the old files are still there, please?

Thanks

 

[USAFRet]

On a Windows 10 machine, I followed the instructions in the section "How to Securely Erase Your SSD with Windows Diskpart"

It all worked and then I installed a fresh copy of Windows 10.

Looking in explorer there is a windows.old with all the old windows related files.

Any idea why after running diskpart the old files are still there, please?

Thanks

If you did what you said you did, it can;t happen that way.
There would be no 'windows.old'

But...please start a NEW thread for your particular situation.

 

[cfbcfb]

If you hammer-erase a HDD or SSD, it becomes kind of difficult to sell or donate.

For normal people, a simple full erase is good enough.

If you are paranoid about security, you should be using full-drive encryption where secure-erasing is as simple as deleting encryption keys. This way, your data is also relatively secure from theft and seizure where you don't get the chance of applying hammer first.

If I'm no longer using a drive, you can trust that nobody else is going to have much of a use for it either.

I used to give away parts and even entire systems. And then I end up being tech support for every little problem they ever experience after that, because "It didn't happen until I used that".

You'd probably be very surprised at the sorts of things that "normal people" can do with a drive, and no, a simple erase is nowhere near good enough.

 

[ODuffer]

You still need to either secure-erase them first to make most individual chunks impossible to solve or grind them into a fine enough powder that there is very little chance any single piece carries intelligible data.

The MOD drive over them in tanks for this reason.

 

[InvalidError]

You'd probably be very surprised at the sorts of things that "normal people" can do with a drive, and no, a simple erase is nowhere near good enough.

A full-erase overwrites all data and there is no recovering from that through remotely conventional means. There used to be a trick on HDDs until ~15 years ago where old data could be recovered by reading leftover signal from the dead space between tracks, can't do that with newer HDDs where track are packed so tight that the in-between gets systematically re-written by both neighboring tracks, even more so on SMR drives where the overlap is so severe that the HDD has to re-read neighboring tracks to make sure they are still clearly readable after writes and refresh them when they aren't.

 

[macsquirrel_jedi]

Eraser – Secure Erase Files from Hard Drives

eraser.heidi.ie

 

[pbrainii]

No need to be paranoid.
The guy who will buy your old used HDD/PC won't have the skills, time, resources or energy to find the NASA secrets you don't have.
HDD's full overwrite with 0's is enough (lots of freeware sw can do it)
SSD's better be done with a BIOS utility or manufacturer utility, 0's overwrite last resort.

If the drive was fully encrypted (with Bitlocker) or similar, a simple format is also enough.

 

[Tanquen]

If you're selling your PC or storage drive, you need to wipe it so well that the next person can't recover your data.

How to Secure Erase an SSD or HDD Before Selling It or Your PC : Read more

I tried to do this with Western Digitals dashboard software but in Windows it first says that the secure raise function can't be run because of a driver. So you go through the USB boot flash drive utility and then you run the secure race from there and then it says it needs an ATA password which I've never heard of before. I even talked to Western digital support and they said that I needed to talk to the motherboard manufacturer about the ATA password. And of course gigabyte says that's nonsense.

 

[weberd]

Someone took the time to "update" this article, enough for me to get an email notification, but it still has the use-crystal-magic-to-cure-cancer equivalent of needing to overwrite a hard drive several times.

 

[Alvar "Miles" Udell]

TomsHardware, specificially the author of this article, needs to do a little experiment where they take a hard drive (not an SSD), put some "sensitive information" on it that people would likely have on their hard drive (fake tax returns, etc), run a Windows full format on it (0s the drive since Vista), and then try and recover it with increasingly more powerful software. Then show us the results and tell us how people need to use something stronger than a full format.

 

[InvalidError]

TomsHardware, specificially the author of this article, needs to do a little experiment where they take a hard drive (not an SSD), put some "sensitive information" on it that people would likely have on their hard drive (fake tax returns, etc), run a Windows full format on it (0s the drive since Vista), and then try and recover it with increasingly more powerful software. Then show us the results and tell us how people need to use something stronger than a full format.

Software that relies on stock drive electronics and firmware most likely won't be able to recover anything after a full-format.

In old drives, there was space between tracks that residual data could potentially be read from by simply offsetting head movement slightly but in modern drives where the write head is wider than the track, there likely isn't much of anything left there after consecutive tracks have been overwritten by full-format.

 

[Alvar "Miles" Udell]

Which was my point, using third party tools isn't a necessity for consumers any longer, hasn't been in ages, yet articles like this continue to exist.

 

[weberd]

In old drives, there was space between tracks that residual data could potentially be read from by simply offsetting head movement slightly

You should submit this to a journal. There is a standing challenge to anyone who can demonstrate the ability to read any data from an HDD that has been overwritten, just once, with zeroes.

The Great Zero Challenge of 2008 had a bunch of vendors called to ask to recover data that had been overwritten, just once!!, and they all said there was nothing to do.

There are lots of stories that people have overheard of something that might be possible. But each time someone has attempted to verify the story, it disappears. Like the bits on a drive.

 

[InvalidError]

You should submit this to a journal. There is a standing challenge to anyone who can demonstrate the ability to read any data from an HDD that has been overwritten, just once, with zeroes.

The Great Zero Challenge of 2008 had a bunch of vendors called to ask to recover data that had been overwritten, just once!!, and they all said there was nothing to do.

When I say "old drives", I mean at least pre-GMR. Anything after GMR (2007) is deep into "forget about it" territory.

The "Great Zero Challenge" does not allow you to open the drive or swap out electronics for more advanced analysis. Or at least it didn't originally. And you had only three days to do it. As they put it on Reddit: "They are asking you to do a marathon in less than 5h with neither hands or feet."

 

[weberd]

When I say "old drives", I mean at least pre-GMR. Anything after GMR (2007) is deep into "forget about it" territory.

The "Great Zero Challenge" does not allow you to open the drive or swap out electronics for more advanced analysis. Or at least it didn't originally. And you had only three days to do it. As they put it on Reddit: "They are asking you to do a marathon in less than 5h with neither hands or feet."

If you found the reddit thread to read up on this, you also saw people who were willing to offer large sums of money because they genuinely had zero'd drives with data they wanted, but the data recovery companies were unwilling to even talk about price because it was impossible.

 

[TerryLaze]

If you found the reddit thread to read up on this, you also saw people who were willing to offer large sums of money because they genuinely had zero'd drives with data they wanted, but the data recovery companies were unwilling to even talk about price because it was impossible.

What he said:
"In old drives, there was space between tracks that residual data could potentially be read from by simply offsetting head movement slightly"
Is something completely different. It's not file recovery it's maybe recovering a few bits of data here and there, and with bits I mean actual computer bits so a few ones and zeroes that could add up to a a word or number if you are very lucky not complete files.

 

[USAFRet]

What he said:
"In old drives, there was space between tracks that residual data could potentially be read from by simply offsetting head movement slightly"
Is something completely different. It's not file recovery it's maybe recovering a few bits of data here and there, and with bits I mean actual computer bits so a few ones and zeroes that could add up to a a word or number if you are very lucky not complete files.

Exactly.

Its like putting an entire novel through a crosscut shredder.
In the resulting confetti, you find a few pieces with a readable character.
One with an a, one with an o, and one with an M.

And then declaring "That shredder is useless!!"

 

[InvalidError]

If you found the reddit thread to read up on this, you also saw people who were willing to offer large sums of money because they genuinely had zero'd drives with data they wanted, but the data recovery companies were unwilling to even talk about price because it was impossible.

"Large sums" are relative. If you have to start your data recovery with AFM imagery of your platters at a sufficient resolution to potentially extract data from the in-between tracks on pre-GMR HDDs, you are looking at weeks worth of lab time at ~$100/h before the recovery attempt even starts.

Once you have your high-resolution scan, you need software to extract the most likely track signals out of it, decode them the same way the HDD controller would have and then try to solve blocks by flipping the weakest bits until you get a valid block candidate that makes sense for what it is supposed to contain. Having a block that looks valid FEC-wise doesn't mean its data is any good, FEC can "check out" from too many bits being compromised too.

Data recovery shops couldn't be bothered to do it because the costs are very high and the likelihood of recovering significant amounts of good data is low. Getting an SSN out of a recovered block without enough intact context to realize it is an SSN does you no more good than getting the same SSN or other piece of "sensitive information" out of /dev/random.

 

[USAFRet]

I'm in a test of this user level data recovery thing right now.

Win 11 Pro
3TB Seagate HDD
USB dock

1.97TB data on it.
Full Format.

Quick and then Full scan with Recuva
0 files recovered.
None.

Currently in a Full scan with Autopsy.
About 18 hours into the scan. nothing so far.

 

[InvalidError]

I'm in a test of this user level data recovery thing right now.

Win 11 Pro
3TB Seagate HDD
USB dock

There already was zero chance of data recovery using stock drive electronics and firmware even before the PMR days where vertical recording made bits drastically smaller. With GMR-and-beyond HDDs, time travel is the only data erasure recovery you can hope for if you didn't have backups.