How to Securely Erase A Drive
Formatting your drive will delete all the files, but the process leaves traces of the erased data. The data you deleted can as a result be easily recovered.
Securely Erase your HDD
In an HDD, the data is written on a magnetic disk, and the OS can tell precisely where the data is. Secure deletion on an HDD can therefore be easily done as the OS knows where to delete the data.
To easiest way to securely erase your data from an HDD is to overwrite it multiple times until no traces of your data are left. To do this, you can use tools such as Darik's Boot and Nuke (DBAN) or ShredOS.
Since DBAN is unmaintained, we are going to look into how you can use ShredOS.
- Go here to download the ShredOS image file.
- For Windows users use either Rufus or Etcher to write the ShredOS to your USB drive.
- Reboot your device and boot from the USB key.
- Follow the on-screen instructions to permanently wipe your drive.
Securely Erase your SSD
An SSD is divided into blocks that are further divided into pages. When a file is saved it is written on several pages in a block.
Erasing and re-writing wares out the Blocks. SSD's blocks can only be erased and rewritten a finite number of times before they wear out. To increase their longevity SSDs use a technique known as wear leveling. It ensures that every block is erased and rewritten the same number of times.
When you delete a file from an SSD the pages and the block it was stored in will be marked as invalid and the drive will write new data in a new block. This makes it hard to securely delete files in an SSD as there is no guarantee that the drive will overwrite the same block that the file you deleted was located.
All modern Operating Systems by default support a command known as Trim Operation. The Trim command tells the SSD's drive controller that there are pages within blocks containing data that is ready for deletion.
When you delete a file your OS issues a Trim command to the SSD controller letting it know that the pages where the file is stored are free for deletion. Trim also makes the data unreadable.
After being notified of the existence of data that is ready for deletion the SSD controller runs a process known as Garbage collection. Garbage collection goes through the drive and identifies the block with pages that Trim marked as ready for deletion. It copies the valid pages to different pages in a free block and then erases the whole of the source block.
Garbage collection erases data from your SSD drive permanently.
Deletion coupled with Trim would render the deleted files highly unrecoverable.
The following methods are used to wipe data from SSDs:
Secure Erase
- It only deletes the mapping table that keeps track of data on the storage blocks. It does not erase the blocks.Sanitize
- It deletes the mapping table and erases all blocks that have been written.You can sanitize your SSD in several ways:
- Crypto Scrabble: Performs the wiping by changing the encryption key of self-encrypting SSDs. This makes the data unreadable.
- Block Erase: Performs memory block erasure to destroy the data.
- Overwrite: Performs block erasure followed by an overite of the blocks.
To securely wipe your whole SSD with any of the above methods, you can use any of the following tools.
Use your BIOS/UEFI
- Go to your device's BIOS or UEFI settings and select your drive.
- If it has the tools select either Secure Erase or Sanitize.
- Follow the instructions to securely wipe your SSD.
Use Manufacturer Tools
Most reputable manufacturers offer software to securely erase their SSDs.
The tools include:
- Intel Solid-State Drive Toolbox
- Samsung Magician SSD Tool
- Crucial SSD Storage Executive
- Western Digital SSD Dashboard
- Seagate SeaTools bootable SSD utility
Use Commercial tools
There are third-party tools that you can use to securely erase your SSD.
They include:
- PartedMagic. It will cost you $15.
- GParted.
Use hdparm utilities
hdparm has Linux commands that you can use to securely wipe your SSD
Run the following command to check if your SATA drive supports Sanitize: hdparm --sanitize-status /dev/sdx
To perform sanitize crypto scramble on a self-encrypting SSD use: hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble /dev/sdX
To perform sanitize block erase on non-self-encrypting SATA SSD use: hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase /dev/sdX
For maximum security, depending on your threat model, you can destroy the drive after securely erasing your data and discard its parts at different places.
Comments (24)
acid2023-10-116fa604d1
ex-nasa tech told me that, after essentialy putting, at thetime magnetic HDDs through a diamond shredder, they would then liquify it by keeping it in hydrofluoric or whatever it's called acid. breaking bad style.
MoonLady2023-10-04dc2cdd55
What about just taking a magnet to the hard drive? That should work pretty quickly, no?
JoeBob2023-11-0823f83c14
It would require a VERY powerful magnet; Look up degaussing. Punching a whole I’m it would be a more effective way of rendering data unrecoverable.
CyrusOfAether2023-10-05b1ed67b5
Good advice for a last resort. Of course, if you need to wipe your drive to that degree, you've either done something really bad or you're living under a really oppressive regime. Wouldn't wish that on anyone.
FBI TECHLEAD2023-10-05c5d219dc
I tried this on my work computer at the FBI and the IT department is trying to recover the evidence you destroyed. I am the most skilled computer person in the FBI and you tricked me so I know you have tricked many people with your computer witchcraft.
outtaspace2023-10-08e68979e9
you heard anything about ares? placed 2 orders, zero responses from vendors and help desk tix go unanswered
ChatNoir2023-10-09a4297440
I would think just taking it apart and scratching the disc up pretty good would be the safest option right?
Shopndrop2023-10-1118d681ef
I know someone with a Macbook M1 that firstly, erased all data and contents and then secondly had his whole HDD encrypted and repeated the encrypting again and again. They sold it to a cash convertors. He wasn't some hard-core druglord it was small purchases of drugs for his personal use.
Anon2023-10-2923a699b8
It's not always about being a good pepole is a good idea. Sometimes It's about some bad pepole makes you need to act that way or your choice between better life or death
nomercy2023-10-24e2b4f423
My recommendation is just what the first comment says, just destroy that drive, cut it out and burn it
Paranoid KGB officer2023-11-06354fe41e
This is true that TRIM marks pages for deletion but trim operation doesn't physically erase contents of these blocks. And it doesn't guarantee that those blocks will be rewritten after you do a new write operation on SSD. SSD may just put this new data into blocks which was never touched by any operation before. I never heard of garbage collection feature in SSDs. Maybe this is something new that was introduced 1-4 years ago. The OP suggests erasing data from SSDs by using proprietary closed-source software coming from SSD vendors. Note that self-encryption functionality in self-encrypted drives also belongs to such software. For me relying on unaditable software is a bad idea. So many bugs and vulnerabilities were found in SSD firmware parts that was supposed to properly encrypt the drive but it didn't. For SSD erasure I would first issue secure erase command to change the encryption key inside SSD, and then do at least two rewrites with /dev/urandom data.
MrMelty2023-11-0758a43e3a
Pop drive open. remove platters. place platters in muffle furnace until they melt. Stir melt. Cast into festive ornaments.
Bad article2023-10-02310dcc2b
Destroy the hard drive. That’s the only way. This is false information