You may for some reason decide to completely wipe your hard disk drive (HDD) or solid-state drive (SSD) to ensure your data does not fall into the wrong hands.bir.
Formatting your drive will delete all the files, but the process leaves traces of the erased data. The data you deleted can as a result be easily recovered.
Securely Erase your HDD
To easiest way to securely erase your data from an HDD is to overwrite it multiple times until no traces of your data are left. To do this, you can use tools such as Darik's Boot and Nuke (DBAN) or ShredOS.
Since DBAN is unmaintained, we are going to look into how you can use ShredOS.
- Go here to download the ShredOS image file.
- For Windows users use either Rufus or Etcher to write the ShredOS to your USB drive.
- Reboot your device and boot from the USB key.
- Follow the on-screen instructions to permanently wipe your drive.
Securely Erase your SSD
Erasing and re-writing wares out the Blocks. SSD's blocks can only be erased and rewritten a finite number of times before they wear out. To increase their longevity SSDs use a technique known as wear leveling. It ensures that every block is erased and rewritten the same number of times.
When you delete a file from an SSD the pages and the block it was stored in will be marked as invalid and the drive will write new data in a new block. This makes it hard to securely delete files in an SSD as there is no guarantee that the drive will overwrite the same block that the file you deleted was located.
All modern Operating Systems by default support a command known as Trim Operation. The Trim command tells the SSD's drive controller that there are pages within blocks containing data that is ready for deletion.
When you delete a file your OS issues a Trim command to the SSD controller letting it know that the pages where the file is stored are free for deletion. Trim also makes the data unreadable.
After being notified of the existence of data that is ready for deletion the SSD controller runs a process known as Garbage collection. Garbage collection goes through the drive and identifies the block with pages that Trim marked as ready for deletion. It copies the valid pages to different pages in a free block and then erases the whole of the source block.
Garbage collection erases data from your SSD drive permanently.
Deletion coupled with Trim would render the deleted files highly unrecoverable.
The following methods are used to wipe data from SSDs:
Secure Erase- It only deletes the mapping table that keeps track of data on the storage blocks. It does not erase the blocks.
Sanitize- It deletes the mapping table and erases all blocks that have been written.
- Crypto Scrabble: Performs the wiping by changing the encryption key of self-encrypting SSDs. This makes the data unreadable.
- Block Erase: Performs memory block erasure to destroy the data.
- Overwrite: Performs block erasure followed by an overite of the blocks.
To securely wipe your whole SSD with any of the above methods, you can use any of the following tools.
Use your BIOS/UEFI
- Go to your device's BIOS or UEFI settings and select your drive.
- If it has the tools select either Secure Erase or Sanitize.
- Follow the instructions to securely wipe your SSD.
Use Manufacturer ToolsMost reputable manufacturers offer software to securely erase their SSDs.
The tools include:
- Intel Solid-State Drive Toolbox
- Samsung Magician SSD Tool
- Crucial SSD Storage Executive
- Western Digital SSD Dashboard
- Seagate SeaTools bootable SSD utility
Use Commercial toolsThere are third-party tools that you can use to securely erase your SSD.
Use hdparm utilitie
hdparm has Linux commands that you can use to securely wipe your SSD
Run the following command to check if your SATA drive supports Sanitize:
hdparm --sanitize-status /dev/sdx
To perform sanitize crypto scramble on a self-encrypting SSD use:
hdparm --yes-i-know-what-i-am-doing --sanitize-crypto-scramble /dev/sdX
To perform sanitize block erase on non-self-encrypting SATA SSD use:
hdparm --yes-i-know-what-i-am-doing --sanitize-block-erase /dev/sdX
For maximum security, depending on your threat model, you can destroy the drive after securely erasing your data and discard its parts at different places.