107
44
I am about to sell my old desktop PC and I am cautious about some of my sensitive information being available to the purchaser, even after reformatting the hard-drive, using data recovery software.
How can I securely wipe the hard drive so that the data on it cannot be recovered?
Although I specifically want help with my Windows PC, it wouldn't hurt if there were suggestions for Macs as well.
Josh Hunt
Posted 2009-07-16T05:59:28.753
Reputation: 20 095
71
Look into Darik's Boot and Nuke. It's a bootable CD which lets you securely erase your hard drives.
Dan Walker
Posted 2009-07-16T05:59:28.753
Reputation: 8 869
7It says "DBAN will automatically and completely delete the contents of any hard disk that it can detect." Maybe the wording is just confusing: can I pick a single drive for it to erase? (I want to wipe an external drive, not trash my whole computer.) – Nathan Long – 2010-04-25T02:55:28.933
2I like the DOD options for the paranoid but prepare to just waste a day letting the computer do its work... – wag2639 – 2010-06-22T08:30:54.650
2@GorrillaSandwich: DBAN, as I remember it, is meant for you to erase internal hard drives and it runs from the CD as a boot option. You may need to ask your case as a separate question – wag2639 – 2010-06-22T08:32:18.530
2@GorrillaSandwich: DBAN lets you select which drive to wipe on startup. There is an option to just wipe everything, but AFAIR it's not on by default. – sleske – 2010-06-22T10:46:03.387
Can't recommend: it spent 4+ minutes on the booting to isolinux screen before I gave up on it. Tried two burns of the iso to be sure. – jcollum – 2010-12-14T07:05:26.507
I use DoD when I secure wipe my hard drives, to fully make sure my data is securely erased. – thecomputerguru – 2019-10-22T14:48:34.700
Can you ellaborate on how to use this? I recommend looking at this meta post on how to recommend software.
– James Mertz – 2012-09-10T07:40:47.0001
DBAN misses reallocated sectors and is pointless (not to mention, unnecessarily slow) if your drive supports ATA Secure Erase (available on most or all drives since 2001), and its algorithms are not appropriate for SSDs. See XXL's answer for more details. http://superuser.com/a/393086/6091
– rob – 2013-11-15T23:00:38.99032
Windows7 has a tool called cipher.exe, which can wipe the disk:
http://www.ghacks.net/2010/06/21/wipe-yopur-drives-securely-with-a-hidden-windows-7-tool/
The command is simply
cipher /w:x:\folderwhere you would substitute
x:\folderfor the location you want wiped, for instance yourD:\drive or yourC:\Users\Mike Halsey\Music folder.
akira
Posted 2009-07-16T05:59:28.753
Reputation: 52 754
I tried 2 other solutions and this one (so far) is the simplest and good-enough-est. – jcollum – 2010-12-14T07:10:34.817
1Does ciper clean MFT? If not, it's kinda useless. – user136036 – 2019-12-19T16:37:39.430
2As mentioned in a comment to the article, and in the documentation of cipher, the tool itself does not delete anything. You have to delete all data first, and then cipher will overwrite all available space with zeros and ones. – Björn Pollex – 2011-08-26T18:12:40.607
2if cipher overwrites stuff ... then deleting it first is the wrong approach. just point cipher to the folder / files, it overwrites the used space (which is known since the files are still connected to the directory) with random noise ... and after cipher is done you would just delete the (now filled with random noise) file. deleting them first is wrong imho. – akira – 2011-08-27T12:26:23.797
@akira: It overwrites blocks marked as free by the filesystem (but which might still contain traces of deleted files, swapfile content, etc.). Deleting the files first would be correct. – Ben Voigt – 2011-10-17T15:22:03.320
@BenVoigt: essentially it does not matter: if you overwrite a known file (by name) sdelete knows the blocks to overwrite. if you want to clear the "free space" then sdelete first tries to allocate a huge file, which occopies all available, remaining blocks, fills them with garbage ... and free the garbage file again. – akira – 2011-10-17T16:09:13.627
1@akira: I thought this answer was about cipher.exe, not sdelete. In any case, overwriting a file by name doesn't do anything, since it might have occupied different sectors in the past. – Ben Voigt – 2011-10-17T16:12:59.040
The command that worked for me is: cipher /w:driveletter:\foldername There is a ':' between the '/w' and the drive letter, no space. – Chris Dutrow – 2012-02-15T17:33:27.003
22
Well, using tools such as DBAN or the like is considered to be mostly pointless and also very time consuming.
Generally, you do not need to do anything, but fill the drive with 0x00 (zero bytes / NUL) only once these days, in order to securely prevent the recovery of former data.
Doing multiple passes is excessive and mostly useless, let alone filling the drive with random data. The only way you can try to restore anything, after such an operation took place, is with an atomic-force microscope - this is, obviously, an extreme procedure, that will take months for even the smallest JPG file and the error rate (false-positives) is going to be immense (in other words - you won't get anything meaningful out of it). This is even more true for higher capacity models (higher density platters).
However, one can only speculate what tech might be in the hands of, say, the NSA, so judge the provided information with that in mind.
So, one of the ultimate software ways (fast, reliable & secure), is a single run (zero-fill) of dd:
dd if=/dev/zero of=/dev/sdX bs=1M
or, if you want to measure progress:
pv < /dev/zero > /dev/sdX
However, there is something called secure erase. This is an established ATA standard. This functionality is integrated into the drive itself. Not only is it even faster than a run of dd (as it's already hardware based and hardware > software, speed wise), it is also more secure, due to the ability of purging original bad sectors that have been reallocated! There are 2 versions: the vanilla (2001 and onwards) and the enhanced one (post 2004). So, if your drive was manufactured roughly 10 years ago - it is already very likely to support this feature.
hdparm --security-set-pass NULL /dev/sdX
hdparm --security-erase NULL /dev/sdX
hdparm --security-erase-enhanced NULL /dev/sdX
Erase away!
XXL
Posted 2009-07-16T05:59:28.753
Reputation: 1 359
1
Just to complete the answer: To run the dd command just boot any Linux distribution from a cd or usb-stick. I can suggest Knoppix, Knoppix-based distributions and grml.
3Most people don't realise this. The old guttmann paper most modern wipe software reference assumed you did not know the drive type, and much bigger domains. – Journeyman Geek – 2012-02-23T10:05:52.070
Latter part of comment can be more fully understood by the posting at https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase#
– eichoa3I – 2012-09-27T04:36:28.5831Although the dd commentary is dubious without citing references, your remark on DBAN is spot-on, and ATA Secure Erase should be the top-voted answer. – rob – 2013-11-15T23:16:41.670
15
As a side note on scenarios when you cannot always format and wipe the disk and have to relinquish ownership of a computer with OS intact (like resigning a job and returning the laptop), Scott Hanselman has noted down a checklist on activities to carry out before giving it up forever.
http://www.hanselman.com/blog/TheDevelopersQuittingYourJobTechnologyChecklist.aspx
icelava
Posted 2009-07-16T05:59:28.753
Reputation: 1 589
1Although your answer may have some merit, it doesn't addresses the original question and would have been more appropriate as a comment. Someone could simply run a file recovery program to recover the files from your "cleared" browser cache, etc. If you want to go this route, you need to do a lot more: do everything in the checklist, image the drive (NOT at the block level, but instead compressing fee space), run ATA Secure Erase, then restore the image back onto the drive. – rob – 2013-11-15T23:11:30.830
13
Rather than worry about securely deleting data, an alternative might be to buy a new hard drive and do a clean install of the OS on that.
You can then keep the old hard drive for a while in case you forgot to back something up and eventually recycle it as a second (or third!) drive in your new machine.
ChrisF
Posted 2009-07-16T05:59:28.753
Reputation: 39 650
1This answer doesn't really address the "securely erase" part of the question. It would be more appropriate as a comment. – landroni – 2014-08-29T12:34:45.907
@landroni - indeed, but it's an alternative solution that keeps any potentially sensitive data in the hands of its owner rather than someone else. It was also added back in 2009 when things were a little different (and there may not have even been the ability to add comments back then). – ChrisF – 2014-08-29T12:36:25.030
8
The US National Institute of Standards and Technology has some Guidelines for Media Sanitization (PDF). There is a section about purging hard disks:
Purge using Secure Erase. The Secure Erase software can be download from the University of California, San Diego (UCSD) CMRR site.
splattne
Posted 2009-07-16T05:59:28.753
Reputation: 14 208
1-1: Bad advice based on old data standards and both links are dead. – JakeGould – 2018-08-19T04:59:31.300
4Tried it. Problematic. – jcollum – 2010-12-14T06:39:01.033
6
Another suggestion, for Macs, is to use Apple's Disk Utility program. It's included on the OS X install disc, so if you boot from that, you can open Disk Utility, select your drive, and erase it (there are some options for how many times to write over data and such).
jtbandes
Posted 2009-07-16T05:59:28.753
Reputation: 8 350
2
Overwriting once is plenty, as long as it is really overwritten. That's why the NIST paper says the overwrite should be verified. http://security.stackexchange.com/a/92402/79386
– Datarecovery.com MK – 2015-07-15T15:01:20.9804The "options for how many times to write over data" actually let you securely erase a drive. You can choose between "overwrite with zeros" (unsecure), "overwrite 7 times" (DoD 5220.22-M-Standard) and "overwrite 35 times" (DoD 5220.22-M-Standard * 5?). – lajuette – 2010-06-22T07:48:38.467
I think this falls under the "even after reformatting" part of the OP's question. That is, it's not secure enough. – Telemachus – 2009-07-16T10:35:09.607
4
diskpart can be used to zero out the whole disk
diskpartselect disk 0. You can get the disk number by running list diskRun clean all
DISKPART> help clean
Removes any and all partition or volume formatting from the disk with
focus.
Syntax: CLEAN [ALL]
ALL Specifies that each and every byte\sector on the disk is set to
zero, which completely deletes all data contained on the disk.
On master boot record (MBR) disks, only the MBR partitioning information
and hidden sector information are overwritten. On GUID partition table
(GPT) disks, the GPT partitioning information, including the Protective
MBR, is overwritten. If the ALL parameter is not used, the first 1MB
and the last 1MB of the disk are zeroed. This erases any disk formatting
that had been previously applied to the disk. The disk's state after
cleaning the disk is 'UNINITIALIZED'.
format can also be used to wipe individual drives with the /P option. For example to format the D: drive as NTFS and wipe the drive twice with zero you can use format D: /fs:ntfs /P:2
C:\> format /?
Formats a disk for use with Windows.
FORMAT volume [/FS:file-system] [/V:label] [/Q] [/L[:state]] [/A:size] [/C] [/I:state] [/X] [/P:passes] [/S:state]
FORMAT volume [/V:label] [/Q] [/F:size] [/P:passes]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors] [/P:passes]
FORMAT volume [/V:label] [/Q] [/P:passes]
FORMAT volume [/Q]
...
/P:count Zero every sector on the volume. After that, the volume
will be overwritten "count" times using a different
random number each time. If "count" is zero, no additional
overwrites are made after zeroing every sector. This switch
is ignored when /Q is specified.
phuclv
Posted 2009-07-16T05:59:28.753
Reputation: 14 930
2
If you have access to (or are willing to buy) the proper equipment, you may want to consider degaussing the drive. Some organizations require this before machines can be re-used, sold, or given away.
You should be aware that this is likely to render the drive unusable.
GreenMatt
Posted 2009-07-16T05:59:28.753
Reputation: 835
1
Also, if you happen to have lots of important data, the easiest and fastest way can be to physically destroy the medium. A sledgehammer blow is much simpler than overwriting 1TB disk 15 times with random binary patterns.
Tadeusz A. Kadłubowski
Posted 2009-07-16T05:59:28.753
Reputation: 2 005
1Then burn the insects. – Iraedei – 2014-07-13T00:41:03.447
Actually, a you can recover data from a hard drive that's been hit by a sledgehammer, or in a fire. The optimum physical destruction is dissolving the platter's coating in acid or perhaps bleach. Even shredding the platters is a reversible operation. It all depends on your resources. – brice – 2010-03-29T13:45:22.707
7@brice - if there are people who are able and willing to reconstruct your hard drive after you've physically shredded it in order to get your info, then you shouldn't be asking questions like this on a public site, or going outside where the satellites can see you, either. But yes, by all means, soak the platter in acid, then shred it, then burn the shreds, then grind the ashes into powder, then sugar-coat the powder and feed it to insects. – Nathan Long – 2010-04-25T02:51:59.113
1"hard drives slightly used". There. – Manu – 2009-07-29T23:34:01.327
2And so much more fun :p – Svish – 2009-07-16T07:49:22.580
5i don't think he'll be able to sell that as 2nd-hand goods if he takes your advice. – icelava – 2009-07-16T07:58:36.753
icelava: I don't talk about the whole computer, only the hard drive. – Tadeusz A. Kadłubowski – 2009-07-16T08:08:23.437
4"Complete PC for sale. Except hard disk gone." does not sound like a wholesome deal ;-) – icelava – 2009-07-16T10:31:09.727
0
This command will completely fill the hard-drive with binary 0s. The more times you run this command, the more securely your drive will be erased.
sudo dd if=/dev/zero of=/dev/rdisk3 bs=4096
# ^ ^ ^
# Binary data add the r optimal MacBook Pro block size
Check your disk with diskutil list. Prefix disk with an r.
Check your optimal block size with stat -f "%k" .
For me, this takes about 20 minutes to full a 250GB harddrive. You will see no progress until the command is finished. If you want to see progress, you can update dd brew install coreutils and use
sudo gdd if=/dev/zero of=/dev/rdisk3 bs=4096 status=progress
# ^ ^
# note the g
davidcondrey
Posted 2009-07-16T05:59:28.753
Reputation: 1 345
1
“The more times you run this command, the more securely your drive will be erased.” Fantasy. The reality is modern hard drive tracks are so tightly packed that old-school wisdom of wiping multiple times is a useless activity. The only reason you did this on old drives was there was enough space between tracks that if one shifted drive heads just slightly you could pick up residual magnetic areas. Utterly not useful advice past 2001. More details can be found here.
– JakeGould – 2018-08-19T04:57:33.0600
When Python is installed on the machine, I just do python filldisk.py with this file:
import numpy as np
size = 256*1024*1024 # starts with 256 MB files
i = 0
while True:
try:
with open(str(i), 'wb') as f:
f.write(np.random.bytes(size))
i += 1
except:
print('Too big, trying new size: %i' % size)
size /= 2
if size == 0:
print('Finished')
break
It starts filling the disk with as many 256 MB files as necessary. When there is no space left for a new 256 MB file, it tries to fill with 128 MB, 64 MB, ..., 32 bytes, 16 bytes, ... 1 byte file. At the end the disk is full with random data binary files.
Another solution in 3 lines to fill a disk with n copies of a 1 GB AVI movie:
import shutil
for i in range(10000):
shutil.copy('c:\\movie.avi', 'file%i' % i)
At the end, there is probably less than 1 Go free on the disk, and you can fill it by copy/pasting various files (smaller and smaller), and at a certain point you will see something like "0 bytes remaining on the disk / disk full".
These 2 methods are rather rustic, but:
I know exactly what it does: it writes the whole content of the disk
it allows me to do it without installing a third party tool which is sometimes a "black box" (don't know what it does)
it works on Windows as well (other solutions with dd don't work on Windows) and it doesn't require to reboot on a bootable USB flash drive (like dban software...)
Basj
Posted 2009-07-16T05:59:28.753
Reputation: 1 356
@Chandrasekar: Simpler and ineffective. Please read any of the answers in the IT Security post that Shadok linked to understand why. – Ben Voigt – 2016-01-22T16:17:49.057
1Sorry, I thought your wording might have implied you weren't sure. I mostly wanted to make it nice and clear for anyone else reading :) – Blorgbeard is out – 2009-08-02T11:14:35.907
3Note that a reformat is indeed absolutely trivial to recover data from. You should definitely run some kind of wipe utility (that I'm sure other answerers will suggest :) – Blorgbeard is out – 2009-07-16T06:07:11.980
4Hence why I asked the question – Josh Hunt – 2009-07-16T06:08:09.513
Here is a recipe for the Macintosh that doesn't involve destroying, or even formatting your hard drive: http://macmad.org/blog/2010/10/clean-private-data-before-selling-a-mac/
– Jamie Cox – 2011-01-20T14:49:45.1371
Here is a post on IT Security talking about that: http://security.stackexchange.com/questions/5749/how-can-i-reliably-erase-all-information-on-a-hard-drive
– Shadok – 2012-03-21T09:42:22.443Another simpler way will be to format the drive and copy some junk files and fill the HD completely. And may be format again and fill it with some other junk files. So that even if someone use recovery software, they can only recover the junk data you filled recently. – Chandrasekar – 2014-04-01T02:12:41.320