Suppose you’re selling or junking your old laptop. You have sensitive data throughout your hard drive. You’ve already copied and/or backed up. But… wow… you need to wipe that hard drive clean. What’s the best way? A Brigada participant named Richard asked us this question this past week. If you’re using Windows, all you have to do is…
- Select Settings (the gear icon on the Start menu)
- Select Update & security, then Recovery
- Choose Remove everything, then Remove files and clean the drive
- Then click Next, Reset, and Continue
Apple users, what would YOU recommend? Please just click comment. Also, if you have a favorite utility program (like Bleachbit — https://www.bleachbit.org/ ), please share it as well. Thanks in advance for your expertise!
Or you could get a RedKey that does the deed to military specs simply by inserting the USB aredKey. See redkey at https://redkeyusb.com/
Apple computers come with an application called “Disk Utility” in the Utilities folder of the Applications folder. It not only allows you to erase a disk, but it allows you to “secure” erase with up to 10 garbage writing passes. Presumably you could slave the old computer to the new computer and use Disk Utility to secure erase the hard drive on the old computer.
There are a variety of ways of doing this, and I don’t believe that you have to resort to multi-pass erasure.
The simplest way is to simply encrypt the entire drive, using BitLocker in Pro versions of Windows, FileVault on a Mac or VeraCrypt in any version of Windows. As long as the password is suitably complex, that’s really enough to protect the drive.
If you really want the satisfaction of knowing that the encrypted data is truly unrecoverable, do a system reinstall, which includes repartitioning of the drive. You don’t have to complete the installation, just get past partitioning. For full-disk encryption, the encryption key is stored in partition data, and repartitioning is enough to obliterate the encryption key, where it is no longer to recover the encrypted data.
You can also use Darik’s Boot And Nuke (DBAN) to boot off external media, and then secure-erase everything, and for some, this may be faster and easier than encrypting (if the drive isn’t already encrypted). There are also a couple of cautions:
– Doing more than 2 erasure passes is overkill. Even Peter Gutmann, the guy who pioneered 35-pass erasure has noted that his work in 1996 was written for very specific, nuanced situations, and that with modern drives, one pass is generally adequate, and no more than 2 are needed.
– Overwrite/erasure applies only to traditional rotating hard drives. Solid State Drives (SSD) work differently. The technologies of TRIM and wear-leveling move data around on drives in a way that it’s nearly impossible to truly erase in the way that is possible with traditional rotating drives.
To me, that’s even stronger reason not to bother with explicit erasure, but to go with the encryption method on SSDs.
Two articles that explain all of this in further detail:
https://www.howtogeek.com/115573/htg-explains-why-you-only-have-to-wipe-a-disk-once-to-erase-it/
https://www.blancco.com/resources/blog-many-overwriting-rounds-required-erase-hard-disk/ is a little more techie (and historical detail), but they conclude that even US Department of Defense doesn’t recommend more than 3, and the article concludes that 1 pass is generally sufficient. It also does a good job of explaining the challenges with SSD. This web page belongs to Blancco, which sells commercial drive-erasure tools. I’m not affiliated with them, and not recommending their products, just referencing a page that does a good job of describing challenges.
Wow — zbigniew — that’s an amazing response. Thank you sooooooo much!