Home » Questions » Computers [ Ask a new question ]

Securely erasing all data from a hard drive

Securely erasing all data from a hard drive

I am about to sell my old desktop PC and I am cautious about some of my sensitive information being available to the purchaser, even after reformatting the hard-drive, using data recovery software.

Asked by: Guest | Views: 226
Total answers/comments: 2
Guest [Entry]

Look into Darik's Boot and Nuke. It's a bootable CD which lets you securely erase your hard drives.
Guest [Entry]

"Well, using tools such as DBAN or the like is considered to be mostly pointless and also very time consuming.

Generally, you do not need to do anything, but fill the drive with 0x00 (zero bytes / NUL) only once these days, in order to securely prevent the recovery of former data.

Doing multiple passes is excessive and mostly useless, let alone filling the drive with random data. The only way you can try to restore anything, after such an operation took place, is with an atomic-force microscope - this is, obviously, an extreme procedure, that will take months for even the smallest JPG file and the error rate (false-positives) is going to be immense (in other words - you won't get anything meaningful out of it). This is even more true for higher capacity models (higher density platters).

However, one can only speculate what tech might be in the hands of, say, the NSA, so judge the provided information with that in mind.

So, one of the ultimate software ways (fast, reliable & secure), is a single run (zero-fill) of dd:

dd if=/dev/zero of=/dev/sdX bs=1M

or, if you want to measure progress:

pv < /dev/zero > /dev/sdX

However, there is something called secure erase. This is an established ATA standard. This functionality is integrated into the drive itself. Not only is it even faster than a run of dd (as it's already hardware based and hardware > software, speed wise), it is also more secure, due to the ability of purging original bad sectors that have been reallocated! There are 2 versions: the vanilla (2001 and onwards) and the enhanced one (post 2004). So, if your drive was manufactured roughly 10 years ago - it is already very likely to support this feature.

hdparm --security-set-pass NULL /dev/sdX

hdparm --security-erase NULL /dev/sdX
hdparm --security-erase-enhanced NULL /dev/sdX

Erase away!"