How to Securely Erase Hard Drives

 Security  Comments Off on How to Securely Erase Hard Drives
Nov 242019
 

Recently I found a few old 2.5” laptop hard drives in storage and figured I would try sell them for a few bucks on Ebay but first I wanted to make sure my personal data on them was erased. As an experienced sys admin I am already in the habit of formatting an old PC hard drive before replacing it with a newer one.  However, just deleting the data off a hard drive is not enough to prevent someone else from potentially recovering your data and putting you at risk of identity theft. In fact in 2010 a UK study of 200 hard drives obtained online found 48% still had readable information on them.

Disclosure: This post may contain affiliate links, meaning I get a commission if you decide to make a purchase through my links, at no cost to you. Please read my disclosure for more info.

Without getting too detailed when deleting files on your computer the operating system will simply mark the space storing them as “free” space to be overwritten later by new files -not physically deleting the old ones.  You may no longer see that file on your computer but it’s technically still there until the OS physically writes new data (i.e new files) in that same space. This mechanism is in fact how data recovery programs are able to get your files back so easily when you accidentally delete something.

While researching how best to go about erasing data I learned there are few things to take into consideration to get the best results. For example Solid State Drives (SSD) require more attention to securely erase data than traditional Hard Disk Drives (HDD) because SSDs use flash memory to store data -there is no physical disk being used. Time is another important consideration is because erasing your data may take several hours depending on the method that you choose. And contrary to popular belief drilling holes or shooting your old disk drive with a gun while entertaining will not completely destroy the data on it. Yes it damages parts of the drive but data contained on the other parts could still be recovered. The average home user will not have the hardware or willingness to recover said data but it still needs to be mentioned.

In this walkthrough I show how to securely erase a hard drive using the free tool DBAN – Darik’s Boot and Nuke.

image

 

Secure Erase or Securely Erasing?

There’s quite a bit of confusing terminology with regards to data erasure.  For example Secure Erase refers to the ATA Secure Erase commands which are run using the firmware of a hard drive. You can’t access these commands from within a Windows command line. You have to leverage a software tool to execute the commands against the drive’s firmware. Securely erasing refers in general the techniques or methodology used to eliminate or better yet sanitize your personal data from a hard drive. One of those methods is Secure Erase and another method is overwriting the the old data multiple times with new data.

 

Setting Things Up

Since the hard drives I wanted to erase were not physically installed in a computer I needed a convenient way to attach them to my PC without having to reinstall anything. To accomplish this I used the Sabrent 2.5” SATA HDD/SDD to USB 3.0 Adapter. It worked flawlessly and did not require any effort to configure beyond connecting cable to drive and the other end to my PC.

image

 

On my PC, a Dell 2720 I have VMware Workstation 15 Player installed with Windows 10 x64. In the properties of that VM I have a virtual CD-ROM configured which loads the boot .iso file of the tool I am using to erase hard drives. One challenge I experienced with this setup was that the free edition of VMware Player would not recognize the boot image. Initially the VM would just go straight to the Windows desktop ignoring the boot .iso file.  To remedy this I discovered that you have to edit the VM’s .vmx conf file (using Notepad) and delete the entry for firmware = “efi”. After deleting this line, simply save the file, restart the VM, and then the boot .iso file will work as expected.  To locate this file just go to the path where the VM is stored. The .vmx file is in the root folder. If you have the Pro version of WMware Workstation Player you can edit this setting in the VM’s Advanced Settings. Once you’re done using the .iso image you may need to replace the firmware=”efi” statement to get Windows to load properly. Otherwise if you create a blank VM without an OS installed you can leave the firmware statement out of the config file permanently.

image

 

DBAN – Darik’s Boot and Nuke

Darik’s Boot and Nuke created by Darik Horn is probably the most well known free data destruction tool.  In 2012 it was acquired by a 3rd party that sells their own data wiping tool but DBAN is still free and available to download from SourceForge.net. DBAN “erases” your data by overwriting the entire disk drive multiple times with new, irrelevant data in accordance with complex algorithms. You could think of this process as digital file shredding.

image

 

The home screen has a friendly warning just in case you weren’t sure what the purpose of the software is.  Pressing Enter will start interactive mode which allows you to select which hard drive to erase.

image

 

On the next screen use the J / K keys to move up and down the list of available drives and press Enter to select the drive to erase. Upon pressing enter you’ll see the word wipe next to your selection. Next just press the F10 key to start. In this example I am using the DoD Short method which features 1 Round with 3 passes to erase the data.

 

image

 

In the picture above you can see the progress, with 50% complete, there are still 4 hours to go. So this 320 GB 5400 RPM drive will require approximately 9 hours to complete erasing using the DoD Short method.

 

image

As a comparison I also used DBAN on a 250 GB SSD and as expected the performance was considerably better with 57% complete in only 2 hours.

 

image

 

Samsung Magician Secure Erase

Samsung EVO drives are among the fastest SSDs you can get. If you are using them you should download the free tool Samsung Magician. In additional to offering several health and performance tools it also features Secure Erase.  I won’t go into detail of this tool here but just wanted to call it out in case you weren’t aware of it.

image

 

image

In Summary

Erasing data off your disk drive or Solid State drive is an easy but important step you can take to minimize any chance of your personal data from being discovered when you sell or recycle your old drives.  Secure Erase or Darik’s Boot and Nuke are two tools that make it easy to erase your data permanently. Thanks for reading!

Avatar

Peter Viola

Creative, customer focused, results oriented, Senior Web Systems Engineer who enjoys providing the highest level of customer service supporting complex Windows hosting solutions. MCITP, MCSA, MCTS

More Posts - Website