HDD old deleted data still visible in recovery software [duplicate]

Look into Darik's Boot and Nuke. It's a bootable CD which lets you securely erase your hard drives.


Windows7 has a tool called cipher.exe, which can wipe the disk:

http://www.ghacks.net/2010/06/21/wipe-yopur-drives-securely-with-a-hidden-windows-7-tool/

The command is simply

  cipher /w:x:\folder 

where you would substitute x:\folder for the location you want wiped, for instance your D:\ drive or your C:\Users\Mike Halsey\Music folder.


Well, using tools such as DBAN or the like is considered to be mostly pointless and also very time consuming.

Generally, you do not need to do anything, but fill the drive with 0x00 (zero bytes / NUL) only once these days, in order to securely prevent the recovery of former data.

Doing multiple passes is excessive and mostly useless, let alone filling the drive with random data. The only way you can try to restore anything, after such an operation took place, is with an atomic-force microscope - this is, obviously, an extreme procedure, that will take months for even the smallest JPG file and the error rate (false-positives) is going to be immense (in other words - you won't get anything meaningful out of it). This is even more true for higher capacity models (higher density platters).

However, one can only speculate what tech might be in the hands of, say, the NSA, so judge the provided information with that in mind.

So, one of the ultimate software ways (fast, reliable & secure), is a single run (zero-fill) of dd:

dd if=/dev/zero of=/dev/sdX bs=1M

or, if you want to measure progress:

pv < /dev/zero > /dev/sdX

However, there is something called secure erase. This is an established ATA standard. This functionality is integrated into the drive itself. Not only is it even faster than a run of dd (as it's already hardware based and hardware > software, speed wise), it is also more secure, due to the ability of purging original bad sectors that have been reallocated! There are 2 versions: the vanilla (2001 and onwards) and the enhanced one (post 2004). So, if your drive was manufactured roughly 10 years ago - it is already very likely to support this feature.

hdparm --security-set-pass NULL /dev/sdX

hdparm --security-erase NULL /dev/sdX  
hdparm --security-erase-enhanced NULL /dev/sdX

Erase away!


As a side note on scenarios when you cannot always format and wipe the disk and have to relinquish ownership of a computer with OS intact (like resigning a job and returning the laptop), Scott Hanselman has noted down a checklist on activities to carry out before giving it up forever.

http://www.hanselman.com/blog/TheDevelopersQuittingYourJobTechnologyChecklist.aspx