Securely erasing all data from a hard drive

I am about to sell my old desktop PC and I am cautious about some of my sensitive information being available to the purchaser, even after reformatting the hard-drive, using data recovery software.

How can I securely wipe the hard drive so that the data on it cannot be recovered?

Although I specifically want help with my Windows PC, it wouldn't hurt if there were suggestions for Macs as well.


Solution 1:

Look into Darik's Boot and Nuke. It's a bootable CD which lets you securely erase your hard drives.

Solution 2:

Windows7 has a tool called cipher.exe, which can wipe the disk:

http://www.ghacks.net/2010/06/21/wipe-yopur-drives-securely-with-a-hidden-windows-7-tool/

The command is simply

  cipher /w:x:\folder 

where you would substitute x:\folder for the location you want wiped, for instance your D:\ drive or your C:\Users\Mike Halsey\Music folder.

Solution 3:

Well, using tools such as DBAN or the like is considered to be mostly pointless and also very time consuming.

Generally, you do not need to do anything, but fill the drive with 0x00 (zero bytes / NUL) only once these days, in order to securely prevent the recovery of former data.

Doing multiple passes is excessive and mostly useless, let alone filling the drive with random data. The only way you can try to restore anything, after such an operation took place, is with an atomic-force microscope - this is, obviously, an extreme procedure, that will take months for even the smallest JPG file and the error rate (false-positives) is going to be immense (in other words - you won't get anything meaningful out of it). This is even more true for higher capacity models (higher density platters).

However, one can only speculate what tech might be in the hands of, say, the NSA, so judge the provided information with that in mind.

So, one of the ultimate software ways (fast, reliable & secure), is a single run (zero-fill) of dd:

dd if=/dev/zero of=/dev/sdX bs=1M

or, if you want to measure progress:

pv < /dev/zero > /dev/sdX

However, there is something called secure erase. This is an established ATA standard. This functionality is integrated into the drive itself. Not only is it even faster than a run of dd (as it's already hardware based and hardware > software, speed wise), it is also more secure, due to the ability of purging original bad sectors that have been reallocated! There are 2 versions: the vanilla (2001 and onwards) and the enhanced one (post 2004). So, if your drive was manufactured roughly 10 years ago - it is already very likely to support this feature.

hdparm --security-set-pass NULL /dev/sdX

hdparm --security-erase NULL /dev/sdX  
hdparm --security-erase-enhanced NULL /dev/sdX

Erase away!

Solution 4:

As a side note on scenarios when you cannot always format and wipe the disk and have to relinquish ownership of a computer with OS intact (like resigning a job and returning the laptop), Scott Hanselman has noted down a checklist on activities to carry out before giving it up forever.

http://www.hanselman.com/blog/TheDevelopersQuittingYourJobTechnologyChecklist.aspx

Solution 5:

Rather than worry about securely deleting data, an alternative might be to buy a new hard drive and do a clean install of the OS on that.

You can then keep the old hard drive for a while in case you forgot to back something up and eventually recycle it as a second (or third!) drive in your new machine.