We recently asked how to protect a hard drive we are getting ready for re-sale. One Brigada participant went way beyond the call of duty to create a definitive guide. Here are his first few lines, but make sure to click “read more” to see it all!
“There are a variety of ways of doing this, and I don’t believe that you have to resort to multi-pass erasure.
The simplest way is to simply encrypt the entire drive, using BitLocker in Pro versions of Windows, FileVault on a Mac or VeraCrypt in any version of Windows. As long as the password is suitably complex, that’s really enough to protect the drive.
If you really want the satisfaction of knowing that the encrypted data is truly unrecoverable, do a system reinstall, which includes repartitioning of the drive. You don’t have to complete the installation, just get past partitioning. For full-disk encryption, the encryption key is stored in partition data, and repartitioning is enough to obliterate the encryption key, where it is no longer to recover the encrypted data.
You can also use Darik’s Boot And Nuke (DBAN) to boot off external media, and then secure-erase everything, and for some, this may be faster and easier than encrypting (if the drive isn’t already encrypted). There are also a couple of cautions:
– Doing more than 2 erasure passes is overkill. Even Peter Gutmann, the guy who pioneered 35-pass erasure has noted that his work in 1996 was written for very specific, nuanced situations, and that with modern drives, one pass is generally adequate, and no more than 2 are needed.
– Overwrite/erasure applies only to traditional rotating hard drives. Solid State Drives (SSD) work differently. The technologies of TRIM and wear-leveling move data around on drives in a way that it’s nearly impossible to truly erase in the way that is possible with traditional rotating drives.
To me, that’s even stronger reason not to bother with explicit erasure, but to go with the encryption method on SSDs.
Two articles that explain all of this in further detail:
https://www.blancco.com/resources/blog-many-overwriting-rounds-required-erase-hard-disk/ is a little more techie (and historical detail), but they conclude that even US Department of Defense doesn’t recommend more than 3, and the article concludes that 1 pass is generally sufficient. It also does a good job of explaining the challenges with SSD. This web page belongs to Blancco, which sells commercial drive-erasure tools. I’m not affiliated with them, and not recommending their products, just referencing a page that does a good job of describing challenges.”
Thanks again to Zbigniew for the awesome response!