Print
Time Needed: Varies; from a few minutes to several hours, depending upon size and speed of drive and computer
Software: Roadkil's DiskWipe, available from http://www.roadkil.net/
Media: Can be run from Windows desktop
1. Download Roadkil's DiskWipe.
2. Extract the contents of the compressed file.
3. Open DiskWipe. If you are running Windows Vista or Windows 7, right-click the program icon and select Run as Administrator.
4. Select the drive to wipe.
5. Select the type of wipe to perform; DiskWipe can zero-fill the disk or write random data.
6. Enter the number of passes.
7. Click Erase to start the process.
8. At the end of the process, close the program. You can reuse the wiped disk.
To solve write performance problems on drives that don't support TRIM (check with your drive vendor for firmware upgrades) is to use wiper.exe (included with some SSDs) or to run the Secure Erase feature supported in most recent ATA/IDE and SATA drives. The Secure Erase feature can be activated on many systems by running Secure Erase 4.0 (HDDerase.exe), available from http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml. Version 4.0 works with most recent ATA/IDE and SATA hard disks and SSDs, but if you use an Intel X-25M, X-25E, or X-18M SSD, follow this link to download Secure Erase 3.3 http://www.iishacks.com/index.php/2009/06/30/how-to-secure-erase-reset-an-intel-solid-state-drive-ssd/. Note that it is no longer being developed, and we were unable to use it on a system running an AMD 690 chipset.
SDelete is a free program from Microsoft’s TechNet Sysinternals collection. It runs from the command line, and can be used to wipe drives, wipe files, or wipe free space.
Time Needed: Varies; from a few minutes to several hours, depending upon size and speed of drive and computer
Software: TechNet Sysinternal's SDelete, available from http://technet.microsoft.com
Media: Can be run from Windows desktop
1. Download SDelete.
2. Extract the contents of the compressed file.
3. Copy sdelete.exe to c:\windows\system32\ (this will enable you to run it from any location)
4. Open a command prompt session with Administrator rights.
5. To wipe all files on drive X: and its subdirectories and to wipe free space, enter Sdelete -p 2 –s -z X:\*.* (to see all command-line switches, enter Sdelete with no options)
6. Wait; the program displays status messages as it runs. When the program is finished, you can reuse or dispose of the drive.
We used demo versions of two popular data recovery programs to evaluate some of the disk wiping programs discussed in this article. To determine whether a typical data recovery program could recover files on a SD card wipe with Roadkil’s DiskWipe, we first of all formatted the card using a card reader. Ontrack's EasyRecovery Data Recovery (available from http://www.ontrack.com) had no difficulty finding folders and files to retrieve.
However, when we used DiskWipe to wipe the drive using a one-pass blank disk (zero fill) operation, EasyRecovery DataRecovery was unable to find the file system, let alone any files or folders.
After reformatting the card, taking a few photos, and deleting the photos, EasyRecovery Data Recovery was able to find the new photos, but the contents of the card before running WipeDisk were unrecoverable.
To evaluate SDelete, we used SDelete to wipe all of the files on a hard disk, but omitted the –z switch; when –z is not used, SDelete deletes files and renames them, but does not clear free space. To determine what might be visible, we used a demo version of Disk Doctors NTFS Data Recovery software, available from http://www.diskdoctors.net.
Disk Doctors were able to locate the deleted folder and Outlook Express message folders, but SDelete had renamed them from their original names and DBX extensions (Outlook Express message folders). If you use SDelete, it’s very important that you take time to use the –z switch to clear free space on the disk (once a file is deleted, the space it occupies is free space).
We also used Disk Doctors to evaluate the effectiveness of a freeware program called Eraser, which can delete and overwrite files and folders from the right-click menu. We created a documents folder with a subfolder called Figures and used Eraser to overwrite the folder and subfolder using its default settings.
Disk Doctors was able to locate the folders, but the contents are files with garbage names and are zero bytes in size – except for leftover word processing temporary files (files that begin with $). These filenames were not changed, which could enable a snooper to figure out the names of the files in the folder – although the files themselves were destroyed. By using more overwrites or different methods available with Eraser, a more thorough wiping may be possible
We’ve highlighted a variety of free ways to protect data on castoff drives from being retrieved. As you can see, your best bet is to overwrite data directly, but you also might want to consider using a program such as SDelete to scramble filenames first and then use a disk wiper such as Eraser or WipeDisk to finish the job.
Use demo versions of data recovery programs such as Ontrack Easy Recovery Data Recovery, Disk Doctors Data Recovery (various editions for NTFS, FAT, and flash media), and others to evaluate the effectiveness of your data wiping procedures. Remember, the full versions of these and other data recovery programs can save your data if you accidentally format or partition a disk because, until the data is overwritten, it’s still there.
Comments are closed on this article
ronnie2
October 10, 2011 at 5:22am
I had no idea about this, I always thought that by simply deleting my data I get rid of it for good... This is not good, I have already sold two hard disks and I didn't know about this, hopefully those who bought them don't know how to recover the deleted files. Usually I am more careful about this stuff, I even use regcure to keep my system clean and well functioning, I should have known about it...
Ruf
April 12, 2010 at 10:25pm
A much better solution to wiping and erasing is to encrypt the drive with TrueCrypt.
That way the data is still intact rather than completely destroyed. Once encrypted, there ain't nobody going to get data out except you.
I've used DBAN and it's slow as hell. 9 hours to wipe a 640GB drive and thats with only one pass!
I encrypted the same drive in 6 hours with TrueCrypt.
To0nces
April 02, 2010 at 1:09pm
A hammer is a lot faster.
Assuming you're just throwing the drive out.
Athlonite
April 01, 2010 at 10:47pm
I prefer either the DOD method or KGBs using upto 30 overwrites per sector all 0's then 1's then random 01's
Play till it breaks then learn how to fix it!
Cityscape
March 20, 2010 at 6:51pm
Can a hard drive be used after a zero-fill or a secure wipe? Can I do a secure wipe and the sell my drive, will it be in working condition?
Also you never mentioned about zero-fills on other brands (such as Quantum).
Athlonite
April 01, 2010 at 10:27pm
yes they will still work and Quantum are no more they were bought out by WD so just use their tool
Play till it breaks then learn how to fix it!
eleavings
March 11, 2010 at 10:28am
Also there's the Gutman method. Very effective.
en.wikipedia.org/wiki/Gutmann_method
PhoneyVirus
March 10, 2010 at 6:59pm
Darik's Boot and Nuke (DBAN) for secure hard disk wiping is the best, as its so easy to use Nice Work Mark Thanks
satish
July 24, 2010 at 12:15am
thanx for sharing... it is very use ful in formating the hard disk...............
I Jedi
March 10, 2010 at 11:04am
I still believe that the most secure way of erasing your H.D.D./S.D.D. is to use Darik's Boot and Nuke program, and to also nail the H.D.D./S.S.D. with a sludge-hammer. Personally, I had some pics of my gf one time, and needless to say, I did not want the world to see them. Ha. Ha. So, after I no longer wanted them, I used Darik's Boot and Nuke to erase the data on the H.D.D. Kind of wish I didn't now. :/
I would just like to further state that I think this is one of your better articles to come out in recent weeks. Really helps new beginners understand why erasing isn't enough, and how to properly dispose of data on their computers.
Pyrophorics
March 10, 2010 at 9:37am
When I am done with my old hard drives I just physically open them and destroy the platter, quicker than a zero write. :/
Scootiep
March 09, 2010 at 7:44pm
"As long as the operating system does not reuse the space occupied by a
file with another file, the “deleted” file can be recovered." I have to add that I have used Stellar Phoenix Windows Data Recovery Software to recovery data from a laptop drive that had a corrupted boot sector. It was able to retrieve data that I had deleted multiple years ago and had been overwritten many, MANY times. I think what you are saying here is very misleading. Not to mention the fact that the Stellar recovery software is fairly cheap at $99 making it available to anyone wanting to use it for proper or improper means. Personally, when I want to wipe a drive, I DBam it for a good 7 passes or more. on the other hand, if you know a friendly Raidologist (like my uncle) you can always have him stick it in his MRI. Those suckers will destroy any form of electronic data permenantly.To start press any key...ohh, where's the "Any" key. - Homer Simpson
NSain
March 10, 2010 at 11:35am
No where in the article, that I could find, did it state that you should have mutiple passes made with writing zero's. There are programs out there can can and have recovered files even after have been overwritten. I wish I could remember the name of the program I used years ago that could be set to automatically perform a set number of passes on a drive. Took bloody long enough but at least you knew someone would have to be very, very persistent to recover anything off it.
I Jedi
March 10, 2010 at 1:14pm
I do find it rather interesting that someone can get a H.D.D., that has been written over with 1/0's, and manage to still recover data. I would imagine you would have to have some pretty good software to make such a thing happen.
unitymind
March 09, 2010 at 7:16pm
I use CCleaner to wipe the free space and clean up the drives. I set a long wipe and leave the computer to run all day...Works great!
http://www.filehippo.com/download_ccleaner
Athlonite
April 01, 2010 at 10:30pm
thats Not the same as what's being talked about here al your doing is making sure that a sector is clean of previously deleted data it doesn't stop it from ever being brought back
Play till it breaks then learn how to fix it!
DBsantos77
March 09, 2010 at 7:07pm
Any advice on drives that don't boot?
-Santos
Gigabyte 785GX Micro Atx
AMD Phenom II 720 (Quad @ 3.6 Ghz 1.47v.)
6 GB DDR3 1333
Corsair 500w
Arctic Cooling Freezer Pro Rev.2
HIS HD 5850 @ 940/1175/1175v
500 GB
jgrimoldy
March 09, 2010 at 8:31pm
For drives that don't boot, you have several options:
You could use a USB adapter to go to either SATA or IDE (depending on what you need) then connect to a working system and use any of the windows-based wiping solutions.
Let's not rule out the effectiveness of physically making the drive inoperable:
- Removing the cover and banging the platters with a hammer should be sufficient
- Putting the whole drive in the microwave for about 10-15 seconds should sufficiently cook the embedded controller board. If you've ever nuked a CD or DVD, the same thing happens when you put anything with ICs in the nuker. Sure, data will likley remain on the platters, but without a working embedded controller board, the data is inaccessible for all practical purposes. It's HIGHLY UNLIKELY that some hacker will have an extensive collection of drive controller boards and have one to replace your nuked board.
-j
DBsantos77
March 09, 2010 at 9:57pm
Awesome, thanks a bunch for the suggestions! :]
-Santos
Gigabyte 785GX Micro Atx
AMD Phenom II 720 (Quad @ 3.6 Ghz 1.47v.)
6 GB DDR3 1333
Corsair 500w
Arctic Cooling Freezer Pro Rev.2
HIS HD 5850 @ 940/1175/1175v
500 GB
