Erase disk before selling
I have an old Windows 7 computer that I want to format and prepare for selling to somebody. I am using Parted Magic for disk operations and I'm wondering if "erasing the disk safely" is really necessary or if I could just delete the existing partitions using partitions manager, then reinstall Windows on it? Also for information purposes the disk is a 500GB standard drive, and I'm worried about how much time erasing the disk safely could take.
Solution 1:
If the disk at any point contained sensitive information, or if you ever used the computer that the disk was installed in for sensitive purposes, then yes, a proper wipe is necessary.
Due to the nature of how hard drives work, any data that you delete from within an operating system is never quite deleted, at least not immediately. Instead, the filesystem on the drive (NTFS, in the case of most Windows-formatted drives) removes all references to the data's location on the hard drive, making it inaccessible from within the operating system. The data itself stays on the hard drive until it is naturally overwritten by a newer piece of data that needs to take its place. Depending on how much free space is left on your drive, this could be anything from hours to never at all.
Likewise, cleaning partitions also does nothing to the existence of the data on the drive, and this doesn't change when you're installing Windows to the drive, unless the installation happens to take up the space of the entire drive in question (which is unlikely).
Freely-available data recovery tools like Recuva and GetDataBack are designed for this exact purpose - to recover files, folders and even entire partitions from a hard drive that hasn't been properly wiped. This means that any remaining data in the structures of your hard drive is easily recoverable to anyone technologically adept enough to know of and operate these programs, which is a very low bar.
That said, it's not necessary to use third-party utilities like Parted Magic to securely wipe a (mechanical) disk. In fact, you can do so from Windows itself provided that the disk you want to wipe is not the one you're booting from. Simply select the disk in question in My Computer and run a long format by right-clicking on the drive, selecting Format
and unchecking the Quick format checkbox. Windows' long format wipes drives just as most other third-party "secure wipe tools" out there do (for those who doubt this claim, see the addendum).
If you are booting from the drive that you want to securely wipe, then your only option is to create a bootable disk containing a tool like DBAN or Parted Magic, and then boot into that to wipe the drive in question.
As for the time that the format will take, I expect for a standard HDD it will take a few hours. The question you need to ask yourself is whether that's too high a time cost to make sure that any data you once stored on the drive doesn't end up in anyone else's hands.
ADDENDUM
There are apparently a number of people who doubt the claim that Windows' long format provides any less secure a wipe than third-party secure wipe tools, or who believe that Secure Erase provides an inherently more secure wipe for HDDs. They'd be patently wrong.
Windows' long format tool works by writing binary zeroes to the raw sectors of the drive, and has done so since Windows Vista was released more than a decade ago. This is also how third-party secure wipe tools work, including the Linux go-to
dd if=/dev/zero
.
Secure Erase does the same, with the difference that it's a firmware-level tool built into the drive itself, and as such depends on the hard drive manufacturer's implementation of the ATA specification to zero-write the drive successfully. Considering that many hard drive manufacturers have in the past shown a failure or unwillingness to implement these standards correctly, with some drives reporting a successful wipe even while all the data on the drive was still intact, this makes Secure Erase inherently insecure unless you're willing to test your particular drive's implementation of SE and confirm it works as intended... in which event it would be exactly as secure as a Windows long format or zero-write; no more and no less.
The exception to this is if your drive is an SSD (which the OP's is not) in which case you have no option but to resort to a Secure Erase, as software zero-writes are ineffective on an SSD. Even in this scenario, however, a Secure Erase is the least secure disk sanitisation option available to you; you should use an Enhanced Secure Erase, which writes a vendor-defined pattern to the drive, or a Block Erase, a newer (and therefore less-supported, but even more secure) option which also wipes an SSD's non-user-accessible areas such as the HPA (traditionally, these are the areas of an SSD that are the hardest to wipe and therefore most likely to contain remnant data).
Solution 2:
If you have any Linux in hand, this is very simple and easy:
sudo dd if=/dev/zero of=/dev/sdX
where sdX
should be replaced by the actual device of the disk you want to wipe.
Quick estimation about timing. I used this way to wipe a 3.5" hard drive (1 TB). The write speed started off at 220 MB/s and near the end it's 100 MB, so I assume 150 MB on average. Then it'd take less than 2 hours for a complete wipe, if everything does well.
You can also try the built-in functionality, DiskPart.exe
to wipe. You can open up a Command Prompt window with Administrator privileges (use Task Manager to achieve this), then run in Command Prompt:
DiskPart
SELECT DISK 2 (where you should replace 2 with your actual disk number)
CLEAN ALL
Then DiskPart will clean the whole disk, identical to the Linux dd
method.
Optionally in Linux, you can dd if=/dev/urandom
so the disk is overwritten with random data, but it is considerably slow depending on your computer configuration.
Solution 3:
Do it more securely with pseudo random numbers from /dev/urandom instead of zeros from /dev/zero. As root or as normal user with sudo:
sudo dd if=/dev/urandom of=/dev/sdX bs=1M
With
bs= blocksize, how many bytes to write at once,
urandom = pseudo random numbers, pretty secure.
sdX = the hard drive you want to overwrite (be careful to choose the right one)
Urandom uses data from /dev/random/ to start its random number generator seed and uses as much real random number as possible. But if runs out of random numbers, it won't stop but generate pseudo random numbers with real random numbers as seeds.
Dont use /dev/random it uses "real" random numbers from packet counters or mouse movement etc. When there are no random numbers left, it will just stop and wait for new ones. This takes ages to complete.
urandom means unblocking random, because it continues with pseudo random numbers and does not block the system by waiting for new real random numbers.
This is a bit slower but more secure.