How to permanently erase data from a drive

In case there is a need to permanently erase data from a drive, or another storage device in a computer, there are a few things to consider. A simple delete in the Windows File Explorer will not delete the data from the drive. It will only delete the references to the file or folders from the index.

Warning: It can never be said enough, always make a backup before performing any kind of file or disk cleaning operation!

Why erase all data from a drive?

If you are like me, you probably have a lot of hard drives or older PCs stored at home. I tend to either keep a PC if it is still functional, for testing, or other functions. And even if I disregard a PC to be recycled or destroyed, I still often first remove the hard drive. What if someone else accesses my data?

But often computers are given a second life by reselling the computer or giving it to someone else. With or without a small upgrade, older computers can still be very useful to others.

If someone has used a computer for some time, the problem with giving it to someone else, or destroying it, is privacy. Personal data, private pictures, a scan of sensitive documents, finance details, are all things you would not want someone else to have access to.

The best thing to do then before handing an old computer to someone else is to delete all data from the drive(s). This of course also applies to external hard disks!

Why not Windows delete?

Most end users would either not think of this (I hope not!), or they would use the delete option in the operating system to remove files and folders.

The first issue is that most modern operating systems use a Recycle Bin to enable users to restore or undelete the deleted files or folders. Emptying the Recycle Bin will solve this issue. In Windows, you can also press and hold the Shift key while pressing the Delete key to skip the Recycle Bin when deleting files.

You can even disable the Windows Recycle Bin easily. Right-click the Recycle Bin icon on the desktop, and click Properties. Next, select the option to not move files to the recycle bin.

Note: we would not recommend this for normal use!

The more important issue with a file system delete for most operating systems is that delete only means removing the reference to the file or folder from an index. This is much faster than actually deleting the data from the disk. But the actual data remains on the disk.

There are plenty of commercial software solutions, or data recovery software, that can be used to restore the deleted data easily. These programs scan the disk and rebuild the files by copying the data to a new storage location.

Disk Format

Formatting a disk is the process of initializing the disk for use. The formatting varies depending on the type of file system (e.g. FAT, NTFS, ext2/3/4, etc). Formatting has three stages, low-level formatting, partitioning, and high-level formatting.

When you format a drive, most operating systems offer options to do a quick format, which does not erase all the data. A quick format merely removed the file indexing, similar to delete, so that the storage space seems empty, but the data is not gone.

A low-level format is a better option since it does erase the data, this option is not available in modern computers. Some operating systems do still have built-in options to write zeros to the full disk medium.

Partitioning is the process of dividing the disk into logical volumes and has no significant impact on the option to restore data. Deleting a partition does not delete any data, other than information about the logical volumes (or drives) on the disk.

In short, when a hard disk is formatted on a modern computer, you cannot rely on the data being irretrievable upon completion.

Permanently erase data from a drive using software

Before considering a physical approach to destroying the drive and data, it is quite possible to use drive sanitization software to completely and permanently delete data from a drive.

These types of programs erase the data from a hard drive or any type of rewritable drive. The way this works is that they write random data to the drive multiple times. As a result, the original data can no longer be restored. The programs are also referred to as disk wipe programs, or data destruction programs.

Data destruction programs use different methods to erase data from a drive. In doing so, they specify which data wiping standard they meet, or which algorithms they support. Things to look for are DoD 5220.22-M, Peter Gutmann algorithm, RCMP TSSIT OPS-II (replaced by CSEC ITSG-06), Bruce Schneier’s algorithm, AFSSI-5020, AR 380-10 (PDF), HMG Infosec Standard 5, GOST R 50739-95, and others.

Essentially the algorithm specifies which patterns are used and how many iterations are used. Almost all programs implement the simplest forms of data wiping, referred to as “Write Zero”, and “Random Data”. These algorithms do exactly what they say, write zeros to the disk, or write random data to the disk.

Data wipe programs

So, as an end-user what software do you need to use to erase all data from your hard disk?

• Darik’s Boot and Nuke (DBAN)  is a free, open-source program that is available as an ISO download (about 16MB). The free version has some limitations, but for a standard HDD in your PC, it will work well. A commercial solution is available or advanced options, including SSD support.
  
  For people familiar with Linux, an alternative to DBAN is ShredOS. This bootable small Linux distribution uses nwipe to erase data from disks. We would not recommend this to non-technical users.
• Eraser is a data removal program for Windows. An older version is available to support older versions of Windows. The program is free under the GNU Generic Public License. Eraser runs within Windows, and as a result, it cannot be used to wipe the system drive. SSDs are supported.
  
  The program supports quite a few data wipe algorithms, but usage is a bit different. Tasks need to be created to execute disk (or file) erasing operations.
• KillDisk has versions for Windows, Mac, Linux, and Android. It is commercial software, but it has a Freeware version. The Freeware version is very limited though.
  

There are many more, but we did not include the many programs that can be run from within the operating system (mostly Windows solutions), or programs where disk erasing is merely an additional feature of a file shredder.

Keep in mind that some of these programs need to create a bootable medium, or at least as an external device (CD, DVD, or USB device). By using a bootable device you can erase the system disk in a PC, which would not be possible by running the program inside the booted operating system.

One important aspect to consider when choosing a solution is to look at the supported standards. Most government agencies are using standards that require the algorithm to do a verification of the data wipe after completion. If a program is using such an algorithm, you can safely assume the data is not retrievable.

The free versions of the software mostly have limitations, like which algorithm, no verification, and a limited number of iterations. But for general use that is very often quite sufficient!

The last thing to consider is if the program supports data erasing from SSDs. Not all programs do, since data destruction from SSDs is not as easy as from an HDD. Read more about that later in this article.

Physical disk destruction to erase data from a drive

Magnets

If we do not want to rely on a software solution, the option to physically destroy the driver medium needs to be considered.

The first option for physical destruction to erase the data from the drive is by wiping the storage medium with a magnet. Older types of magnetic storage media could be erased using magnets. The stripe on a credit card, a cassette tape, a VHS tape, all could be erased using magnets.

Erasing a magnetic medium using magnets merely depends on the usage of magnets that are stronger than the ones used to put the data on the storage medium in the first place. That,  and the magnetic strength of the storage medium, determine how powerful a magnet needs to be.

With modern hard drivers, the platters are made of materials with a high coercivity value. That means that they can withstand a high external magnetic influence. So using commercially available (neodymium) magnets to erase your hard drive data is not likely to succeed.  Maybe some data corruption will take place, but erasing all data will be nearly impossible.

To use the magnetic option for hard drive data wiping, professional companies use very strong electromagnetic fields and with an electromagnet wipe the data. This is called degaussing, which was originally designed for shipping!

Holes

Drilling holes in the hard drive medium makes it impossible to easily retrieve any data from the medium. Hard drives are round and spin to read and write data. Holes cause the data patterns to be interrupted, so reliably reading the data back from the drive is difficult and would require a very special setup. If you want to use this method, the more holes the better!

Fire

Fire is a powerfully destructive force. So, of course, it can also be sued to destroy the data on a hard drive. For this to happen, you need to make sure that the fire burns hot enough and long enough to have an effect on the actual platters.

The electrical circuits will burn relatively fast, but the casing and the platters (glass, aluminum, ceramic, cobalt) will take more energy to be destroyed. And that needs to happen before you can rely on the fire to destroy the data on a hard drive.

If you cannot ensure that the fire is hot enough, the best option is to have the disk exposed to fire for a long duration to destroy it.

Hammer

Actual physical destruction is another good option. Using tools like a hammer, plyers, and a saw, it is possible to destroy the hard drive to an extent that data retrieval becomes impossible. If you choose to dispose of the remains in separate events or different locations, you can safely assume nobody will ever be able to retrieve the data.

Solid State Drives (SSD)

In many modern computers, and especially laptops, we find at least one SSD. SSDs are much faster and more durable than traditional hard disks (HDD) since they use flash memory modules instead of spinning disks to store data.

With all the benefits of SSDs comes one drawback, wiping all the data of an SSD is more difficult. The degaussing method for example does not work on SSDs, because SSDs do not use magnetism to store data.

SSDs often have something called wear leveling. Essentially it helps distribute the disk writes evenly across the disk, giving it an optimized usage. Flash memory in an SSD can only be read and written a limited number of times, so this process helps extend the lifetime of the disk.

This limitation of the number of read-and-write cycles also affects the selection of the best method for data destruction on SSDs. Do we really want to have a high number of iterations of writing and deleting data on the SSD to effectively erase data, when it potentially reduces the lifespan of the SSD?

SSD destruction

Physical destruction? Well theoretically destroying the SDD can work, but the level of destruction needs to be severe. Electrical components, like SSD chips, have a high level of storage density, so even a small chip remaining intact can result in data that can be retrieved.

Cryptographic Erase

For SSDs (and HDDs for that matter) that use encryption, the data can be made irretrievable by removing the encryption keys and logic. The result is that the data might remain, but since it is encrypted, nobody can access it. The main problem with this is that this solution largely depends on the level of encryption and the strength of the keys used for the encryption. And given enough time and computing power, even encryption can potentially be reversed.

On Windows systems, you can use the built-in BitLocker software to encrypt your data. It is not supported on all systems. On older Windows versions (Vista, Windows 7) an Ultimate or Enterprise edition is needed and from Windows 8 onwards, a Pro or higher edition is needed. Windows server also supports BitLocker. Apart from the Windows edition, the computer needs to be equipped with a Trusted Platform Module (TPM).

If BitLocker is not available, a third-party solution can be used. Examples are VeraCrypt (successor of TrueCrypt), which is free, and AxCrypt (which only has a free version for Windows PCs).

SSD Trim

Since SSDs themselves manage the distribution of data across the memory for efficiency and maximum life span, the method of deleting data on an SSD differs from an HDD. The operating system still executes a delete command, but the SSD gets notified that certain data can be removed using the TRIM command.

TRIM does not actually delete the data, but simply marks data as no longer in use. The Active Garbage Collection mechanism of the SSD will in time delete the data (during idle time). The benefit is that the operation is faster since there is no need to immediately delete the actual data.

The disadvantage of TRIM is that you don’t know if and when the data is actually removed from the SSD.

TRIM is supported by Windows 7 onwards and for macOS, TRIM is supported for Apple SSDs and some third-party SSDs.

Best SSD erase solution

Whether you use the encryption option or not, in the end, a disk erase is required to make all data on an SSD inaccessible and irretrievable.

The command that clears an SSD is called ATA Secure Erase. All storage cells on the SSD are reset to empty, effectively deleting all data. Executing this command requires third-party software.

In most cases, the best software solution to erase an SSD is to use the software provided by the SSD manufacturer. It is certainly the first place to look for a disk wipe solution. These tools cause minimal wear on the SSD, while that is not true for generic disk wipe programs.

Here is a list of the manufacturer software solutions for SSD management and data erasure.

Intel® Memory and Storage Tool (replaces “Intel Solid-Stat Drive Toolbox”) – Windows 8 onwards (32/64 bit), Linux, ESXi host.

Samsung Magician – Windows 7 onwards (32/64 bit).

Crucial Storage Executive – Only for Windows 7 onwards (64 bit only).

Corsair SSD Toolbox (direct download) – Windows.

SanDisk Dashboard – Windows.

Western Digital Dashboard  – Windows 7 onwards (32/64 bit).

Seagate SeaTools – Windows and Linux.

KIOXA SSD Utility – Windows 10 (64 bit).

Toshiba Legacy SSD Utility Management Software – Windows 7 onwards (32/64 bit depending on SSD models) and Linux.

Kingston SSD Manager – Windows 8 onwards (32/64 bit).

Addlink SSD ToolBox – Windows 10 (32/64 bit).

SK Hynix DriverManager EasyKit – Windows (32/64 bit).

If the SSD is not supported by the vendor’s SSD software, or the vendor does not offer software themselves, there is an option to use other third-party SSD software.

Free solutions exist, like GParted, as well as commercial options like Parted Magic and EaseUS Partition Master.

What about a CD, DVD or Blu-ray?

With optical drives, like a CD, DVD, or Blu-ray, the option to erase the data is not always possible. Only rewritable media will allow for data destruction by deleting or overwriting old data.

Physical destruction is the better option to destroy the discs and prevent data retrieval. It is possible to break the disc to prevent data access. This can be done by hand or using scissors. The more pieces the better!

A decent paper shredder will be able to handle CDs and DVDs. This results in many very small pieces, which is one of the best solutions for CDs and DVDs.

Some people use a sharp object to scratch the surface of the disc, but this is not as good as physical destruction of the disc.

And as with all other storage types, the fire option is also very feasible to destroy data on a CD or DVD. From an environmental viewpoint, this might not be your preferred solution though…

What about USB storage devices?

USB drives or USB memory sticks use the same technology as an SSD. A USB drive is essentially a data storage device using flash memory with a USB interface. Storage sizes vary, data transfer speeds vary depending on the USB version, but they use electricity to store data in memory.

That also means that erasing data from a USB drive is very similar to wiping an SSD.

On the software side, it is important that the solution chosen supports USB storage options. When a bootable software solution is used, you can only wipe the USB drive if the booted system recognizes the USB drive.

Conclusion

As with so many things in life, the best solution will depend on the importance of the data versus the cost and effort to delete it. For common consumer data, a software program to wipe the data from the drive will be quite sufficient and be a cost-effective solution.

If the data is very sensitive, more effort (or money) can be spent on destroying the data. Physical destruction or a professional service would be best.

One can also consider a combination of course. Wipe the data using a software method, and then apply a physical destruction option.