Leave No Trace: How to Completely Erase Your Hard Drives, SSDs and Thumb Drives
Posted 03/10/10 at 08:09:50 AM by Mark Soper
Why Wipe Data Securely?
Whether you are preparing to reuse a hard disk for another operating system, clear off your junk shelves by passing along outdated drives to a friend or relative, donate an old PC to a charity or school, discard a too-small USB drive or flash memory card, or repurpose an SSD, you don’t want to leave any information on the storage device. With stories abounding of identity theft aided by information lifted from discarded storage devices, you want devices you no longer plan to use to have no usable information when they head out the door.
Why Erasing Files Is Not Enough
Sure, you could erase the contents of the drive, but keep this in mind: the act of erasing a file does not remove it from a storage device.
When you erase/delete a file from your computer, it’s not really gone until the areas of the disk it used are overwritten by new information. If you use the normal Windows delete function, the “deleted” file is sent to the Recycle Bin until the space it uses is required by other files. If you use Shift-Delete to bypass the Recycle Bin, the space occupied by the file is marked as available for other files. However, the file could be recovered days or even weeks later with third-party data recovery software. As long as the operating system does not reuse the space occupied by a file with another file, the “deleted” file can be recovered.
With SSDs, the erased file situation is even more complex. SSDs store data in blocks rather than in sectors as with magnetic storage. Overwriting a block was previously used involves copying the contents of the block to cache, wiping the block’s contents, delete the block to be overwritten from cache, writing the new data to cache, and rewriting the block with the new data. As an SSD is used with files that are deleted or changed frequently, the performance can drop unless the drive (and operating system) support a technology called TRIM that wipes out deleted data blocks as soon as the file using the blocks is deleted. TRIM is supported by Windows 7 and by some late model SSDs, but not by older Windows versions. So, disk wiping can be both a security feature and a performance improvement strategy.
Data Wiping Versus File Erasure
While erasing files simply marks file space as available for reuse, data wiping overwrites all data space on a storage device, replacing useful data with garbage data. Depending upon the method used, the overwrite data could be zeros (also known as “zero-fill”) or could be various random patterns.
Products that can be used for wiping hard disks might not be suitable for wiping other types of drives. In this article, we will look at methods for securely wiping hard disks, USB flash memory devices, flash memory cards, and SSDs.
Zero-Fill a Hard Disk
Time Needed: several hours (varies with size and speed of drive)
Software: Hard disk utility software from your drive vendor
Media: blank CD or floppy disk
Although writing zeroes across the entire hard disk surface (aka “zero-filling”) is not sufficient to meet government data sanitation (disk wiping) standards such as DoD 5220.22-M or the more comprehensive Standards and Technologies (NIST) Special Publication 800-88, overwriting the entire hard disk prevents most types of data recovery from being successful.
Here’s where to get zero-fill software from hard disk vendors:
Hitachi
Drive Fitness Test (see website for specific models supported)
http://www.hitachigst.com/hdd/support/download.htm#DFT
Select the Erase Drive feature to zero-fill your hard disk
Samsung
HUtil (see website for specific models supported)
http://www.samsung.com/global/business/hdd/support/utilities/Support_HUTIL.html
Use Tool, Erase HDD to zero-fill your hard disk
Seagate (including Maxtor)
SeaTools for DOS (see website for specific models supported)
http://www.seagate.com/www/en-us/support/downloads/seatools
Use Full Erase to zero-fill your hard disk
Western Digital
Data Lifeguard Diagnostics (select drive model for specific version recommended)
http://support.wdc.com/product/download.asp?lang=en
Use Write Zeros to drive to zero-fill your hard disk
1. Determine the brand and model of hard disk you want to overwrite.
2. Download a CD ISO image or a floppy disk image (depending upon your equipment) and use the image to create bootable media. The floppy disk image is self-contained: run it, insert a blank floppy disk when prompted, and the image is created on the disk. You will need to use a CD burning program that works with ISO images to convert the ISO image into a bootable CD.
3. Restart your computer with the bootable media you created in Step 2.
4. Select the hard disk to zero-fill when prompted.
5. Choose the option to zero-fill the hard disk.
6. When the program is finished, follow the on-screen instructions to shut down or restart your computer.
7. Remove the wiped hard disk; you can now reuse or recycle the hard disk.
thanks
Submitted by rapidshare on Sun, 06/27/2010 - 2:21pm
thats Not the same as what's being talked about here al your doing is
making sure that a sector is clean of previously deleted data it doesn't
stop it from ever being brought back find more at you might want to check some tutorials in this file search engine rapidshare
Submitted by jimhaymans on Sat, 06/19/2010 - 6:33am
From our experience we find Seagate the most reliable and easy to implement so far. The main issue is, that interface is well structured and will not require a lot of time to train your employees to use it on a daily basis (in case you use these solutions in the company). In the meantime, you might want to check some tutorials in this file search engine rapidok.com , they give a comprehensive overview of all the main procedures.Regards.
Submitted by Ruf on Mon, 04/12/2010 - 10:25pm
A much better solution to wiping and erasing is to encrypt the drive with TrueCrypt.
That way the data is still intact rather than completely destroyed. Once encrypted, there ain't nobody going to get data out except you.
I've used DBAN and it's slow as hell. 9 hours to wipe a 640GB drive and thats with only one pass!
I encrypted the same drive in 6 hours with TrueCrypt.
Submitted by vinay on Thu, 04/08/2010 - 5:04am
The process of making 3-D images was very complicated, as it was necessary to have two synchronized cameras to take the pictures, and quite a bit of skill to align and mount the finished prints or slides for viewing..Thanks for sharing this information.
Submitted by Kevin11 on Sat, 04/03/2010 - 4:10am
Thanks for sharing. To tell the truth I knew that when you delete info something remains on the disc but I didn't know what to use. It is great that you gave links here of some programms. I also found them at rapidshare SE http://rapidpedia.com
for free.
Submitted by To0nces on Fri, 04/02/2010 - 1:09pm
A hammer is a lot faster.
Assuming you're just throwing the drive out.
I prefer either the DOD
Submitted by Athlonite on Thu, 04/01/2010 - 10:47pm
I prefer either the DOD method or KGBs using upto 30 overwrites per sector all 0's then 1's then random 01's
Play till it breaks then learn how to fix it!
Submitted by Cityscape on Sat, 03/20/2010 - 6:51pm
Can a hard drive be used after a zero-fill or a secure wipe? Can I do a secure wipe and the sell my drive, will it be in working condition?
Also you never mentioned about zero-fills on other brands (such as Quantum).
Submitted by Athlonite on Thu, 04/01/2010 - 10:27pm
yes they will still work and Quantum are no more they were bought out by WD so just use their tool
Play till it breaks then learn how to fix it!
Submitted by eleavings on Thu, 03/11/2010 - 10:28am
Also there's the Gutman method. Very effective.
en.wikipedia.org/wiki/Gutmann_method
Submitted by PhoneyVirus on Wed, 03/10/2010 - 6:59pm
Darik's Boot and Nuke (DBAN) for secure hard disk wiping is the best, as its so easy to use Nice Work Mark Thanks
Submitted by I Jedi on Wed, 03/10/2010 - 11:04am
I still believe that the most secure way of erasing your H.D.D./S.D.D. is to use Darik's Boot and Nuke program, and to also nail the H.D.D./S.S.D. with a sludge-hammer. Personally, I had some pics of my gf one time, and needless to say, I did not want the world to see them. Ha. Ha. So, after I no longer wanted them, I used Darik's Boot and Nuke to erase the data on the H.D.D. Kind of wish I didn't now. :/
I would just like to further state that I think this is one of your better articles to come out in recent weeks. Really helps new beginners understand why erasing isn't enough, and how to properly dispose of data on their computers.
Submitted by Pyrophorics on Wed, 03/10/2010 - 9:37am
When I am done with my old hard drives I just physically open them and destroy the platter, quicker than a zero write. :/
Submitted by Scootiep on Tue, 03/09/2010 - 7:44pm
"As long as the operating system does not reuse the space occupied by a
file with another file, the “deleted” file can be recovered." I have to add that I have used Stellar Phoenix Windows Data Recovery Software to recovery data from a laptop drive that had a corrupted boot sector. It was able to retrieve data that I had deleted multiple years ago and had been overwritten many, MANY times. I think what you are saying here is very misleading. Not to mention the fact that the Stellar recovery software is fairly cheap at $99 making it available to anyone wanting to use it for proper or improper means. Personally, when I want to wipe a drive, I DBam it for a good 7 passes or more. on the other hand, if you know a friendly Raidologist (like my uncle) you can always have him stick it in his MRI. Those suckers will destroy any form of electronic data permenantly.To start press any key...ohh, where's the "Any" key. - Homer Simpson
Submitted by NSain on Wed, 03/10/2010 - 11:35am
No where in the article, that I could find, did it state that you should have mutiple passes made with writing zero's. There are programs out there can can and have recovered files even after have been overwritten. I wish I could remember the name of the program I used years ago that could be set to automatically perform a set number of passes on a drive. Took bloody long enough but at least you knew someone would have to be very, very persistent to recover anything off it.
Submitted by I Jedi on Wed, 03/10/2010 - 1:14pm
I do find it rather interesting that someone can get a H.D.D., that has been written over with 1/0's, and manage to still recover data. I would imagine you would have to have some pretty good software to make such a thing happen.
Submitted by unitymind on Tue, 03/09/2010 - 7:16pm
I use CCleaner to wipe the free space and clean up the drives. I set a long wipe and leave the computer to run all day...Works great!
http://www.filehippo.com/download_ccleaner
Submitted by Athlonite on Thu, 04/01/2010 - 10:30pm
thats Not the same as what's being talked about here al your doing is making sure that a sector is clean of previously deleted data it doesn't stop it from ever being brought back
Play till it breaks then learn how to fix it!
Submitted by DBsantos77 on Tue, 03/09/2010 - 7:07pm
Any advice on drives that don't boot?
-Santos
Gigabyte 785GX Micro Atx
AMD Phenom II 720 (Quad @ 3.6 Ghz 1.47v.)
6 GB DDR3 1333
Corsair 500w
Arctic Cooling Freezer Pro Rev.2
HIS HD 5850 @ 940/1175/1175v
500 GB
Submitted by jgrimoldy on Tue, 03/09/2010 - 8:31pm
For drives that don't boot, you have several options:
You could use a USB adapter to go to either SATA or IDE (depending on what you need) then connect to a working system and use any of the windows-based wiping solutions.
Let's not rule out the effectiveness of physically making the drive inoperable:
- Removing the cover and banging the platters with a hammer should be sufficient
- Putting the whole drive in the microwave for about 10-15 seconds should sufficiently cook the embedded controller board. If you've ever nuked a CD or DVD, the same thing happens when you put anything with ICs in the nuker. Sure, data will likley remain on the platters, but without a working embedded controller board, the data is inaccessible for all practical purposes. It's HIGHLY UNLIKELY that some hacker will have an extensive collection of drive controller boards and have one to replace your nuked board.
-j
Submitted by DBsantos77 on Tue, 03/09/2010 - 9:57pm
Awesome, thanks a bunch for the suggestions! :]
-Santos
Gigabyte 785GX Micro Atx
AMD Phenom II 720 (Quad @ 3.6 Ghz 1.47v.)
6 GB DDR3 1333
Corsair 500w
Arctic Cooling Freezer Pro Rev.2
HIS HD 5850 @ 940/1175/1175v
500 GB
Connect with Maximum PC
|
|
|
|
|
|
|
|
|
Must Read Articles
-
Feature -
Feature -
Review -
Feature -
Feature
This Month's Issue
FEATUREDream Machine 2010FEATUREMatch Wits with the Geek QuizHOW TO Merge Multiple Music LibrariesFEATUREBe an Android Power User!WHITE PAPERAll You Need to Know about HDMI 1.4
Maximum PC on Facebook
© 2010 Future US, Inc. All rights reserved.