How to Securely Erase A Drive

~4 min read | Published on 2023-09-30, tagged GuidesOPSEC using 780 words.

You may for some reason decide to completely wipe your hard disk drive (HDD) or solid-state drive (SSD) to ensure your data does not fall into the wrong hands.

Formatting your drive will delete all the files, but the process leaves traces of the erased data. The data you deleted can as a result be easily recovered.

Securely Erase your HDD

In an HDD, the data is written on a magnetic disk, and the OS can tell precisely where the data is. Secure deletion on an HDD can therefore be easily done as the OS knows where to delete the data.

To easiest way to securely erase your data from an HDD is to overwrite it multiple times until no traces of your data are left. To do this, you can use tools such as Darik's Boot and Nuke (DBAN) or ShredOS.
Since DBAN is unmaintained, we are going to look into how you can use ShredOS.

Securely Erase your SSD

An SSD is divided into blocks that are further divided into pages. When a file is saved it is written on several pages in a block.

Erasing and re-writing wares out the Blocks. SSD's blocks can only be erased and rewritten a finite number of times before they wear out. To increase their longevity SSDs use a technique known as wear leveling. It ensures that every block is erased and rewritten the same number of times.
When you delete a file from an SSD the pages and the block it was stored in will be marked as invalid and the drive will write new data in a new block. This makes it hard to securely delete files in an SSD as there is no guarantee that the drive will overwrite the same block that the file you deleted was located.
All modern Operating Systems by default support a command known as Trim Operation. The Trim command tells the SSD's drive controller that there are pages within blocks containing data that is ready for deletion.
When you delete a file your OS issues a Trim command to the SSD controller letting it know that the pages where the file is stored are free for deletion. Trim also makes the data unreadable.
After being notified of the existence of data that is ready for deletion the SSD controller runs a process known as Garbage collection. Garbage collection goes through the drive and identifies the block with pages that Trim marked as ready for deletion. It copies the valid pages to different pages in a free block and then erases the whole of the source block.
Garbage collection erases data from your SSD drive permanently.
Deletion coupled with Trim would render the deleted files highly unrecoverable.
The following methods are used to wipe data from SSDs:

Secure Erase

- It only deletes the mapping table that keeps track of data on the storage blocks. It does not erase the blocks.


- It deletes the mapping table and erases all blocks that have been written.
You can sanitize your SSD in several ways:
Using Secure Erase or Sanitize will permanently destroy your data and make it unrecoverable.
To securely wipe your whole SSD with any of the above methods, you can use any of the following tools.

Use your BIOS/UEFI

Use Manufacturer Tools

Most reputable manufacturers offer software to securely erase their SSDs.
The tools include:Follow your manufacturer's instructions to wipe the drive securely.

Use Commercial tools

There are third-party tools that you can use to securely erase your SSD.
They include:The tools have an interface that will guide you through the entire process.

Use hdparm utilities

hdparm has Linux commands that you can use to securely wipe your SSD
Run the following command to check if your SATA drive supports Sanitize: hdparm --sanitize-status /dev/sdx
To perform sanitize crypto scramble on a self-encrypting SSD use: hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble /dev/sdX
To perform sanitize block erase on non-self-encrypting SATA SSD use: hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase /dev/sdX
For maximum security, depending on your threat model, you can destroy the drive after securely erasing your data and discard its parts at different places.

Comments (24)

Bad article2023-10-02

Destroy the hard drive. That’s the only way. This is false information


Thats right.


ex-nasa tech told me that, after essentialy putting, at thetime magnetic HDDs through a diamond shredder, they would then liquify it by keeping it in hydrofluoric or whatever it's called acid. breaking bad style.


What about just taking a magnet to the hard drive? That should work pretty quickly, no?


kinda not an awful idea...


It would require a VERY powerful magnet; Look up degaussing. Punching a whole I’m it would be a more effective way of rendering data unrecoverable.


Good advice for a last resort. Of course, if you need to wipe your drive to that degree, you've either done something really bad or you're living under a really oppressive regime. Wouldn't wish that on anyone.


or you got some edgy memes and you live in Ireland

FBI TECHLEAD2023-10-05

I tried this on my work computer at the FBI and the IT department is trying to recover the evidence you destroyed. I am the most skilled computer person in the FBI and you tricked me so I know you have tricked many people with your computer witchcraft.


HOLY SHIT CHECK DREAD m00nkeymarket EXPOSED /post/72db77b7d1dfc39d45e8


you heard anything about ares? placed 2 orders, zero responses from vendors and help desk tix go unanswered


what tf are these comments


people are supposed to make fund of FBI TECHLEAD but they are pussies.


I would think just taking it apart and scratching the disc up pretty good would be the safest option right?


or a blender lol


fuck you bro i am from india


I know someone with a Macbook M1 that firstly, erased all data and contents and then secondly had his whole HDD encrypted and repeated the encrypting again and again. They sold it to a cash convertors. He wasn't some hard-core druglord it was small purchases of drugs for his personal use.

Nick Kerr2023-10-14

Y'all such faggots


Why dont u just try to be good people ?


It's not always about being a good pepole is a good idea. Sometimes It's about some bad pepole makes you need to act that way or your choice between better life or death


As a Nigerian, I'm also shocked


My recommendation is just what the first comment says, just destroy that drive, cut it out and burn it

Paranoid KGB officer2023-11-06

This is true that TRIM marks pages for deletion but trim operation doesn't physically erase contents of these blocks. And it doesn't guarantee that those blocks will be rewritten after you do a new write operation on SSD. SSD may just put this new data into blocks which was never touched by any operation before. I never heard of garbage collection feature in SSDs. Maybe this is something new that was introduced 1-4 years ago. The OP suggests erasing data from SSDs by using proprietary closed-source software coming from SSD vendors. Note that self-encryption functionality in self-encrypted drives also belongs to such software. For me relying on unaditable software is a bad idea. So many bugs and vulnerabilities were found in SSD firmware parts that was supposed to properly encrypt the drive but it didn't. For SSD erasure I would first issue secure erase command to change the encryption key inside SSD, and then do at least two rewrites with /dev/urandom data.


Pop drive open. remove platters. place platters in muffle furnace until they melt. Stir melt. Cast into festive ornaments.