Securely Wipe Hard Drives

TL;DR

The most secure way to retire a hard drive is physical destruction. If that’s not possible, use a software tool like DBAN (Darik’s Boot and Nuke) or the built-in tools in your operating system to overwrite the data multiple times. Always remove any labels and consider degaussing for extra security.

Securely Wiping Hard Drives: A Step-by-Step Guide

1. Understand the Risks
• Simply deleting files or formatting a drive isn’t enough. Data can be recovered.
• Quick format leaves data largely intact.
• Even secure erase tools aren’t foolproof, especially on SSDs (see section 6).
2. Physical Destruction (Most Secure)
• De-gaussing: Uses a powerful magnetic field to scramble the data. Requires specialist equipment and isn’t always effective on newer drives.
• Shredding: The most reliable method, but requires a dedicated hard drive shredder.
• Drilling/Hammering: Multiple holes through the platters will render the drive unusable. Wear safety glasses!

Important: Dispose of destroyed drives responsibly according to local regulations.

3. Software-Based Overwriting (Good Security)

This involves writing random data over every sector of the hard drive multiple times. The more passes, the better, but 3-7 passes are generally considered sufficient for most purposes.

4. Using DBAN (Darik’s Boot and Nuke)
• Download DBAN from https://www.dban.org/.
• Burn the ISO image to a CD, DVD or create a bootable USB drive using Rufus (or similar tool).
• Boot your computer from the DBAN media. You may need to change the boot order in your BIOS settings.
• Select the hard drive you want to wipe. Be absolutely sure you select the correct drive!
• Choose a wiping method (e.g., DoD 5220.22-M, Gutmann). More passes take longer but are more secure.
• Start the process. This can take several hours depending on the size of the drive and the chosen method.

# No command needed - DBAN is a GUI application you boot from.

5. Using Operating System Tools
• Windows: Use cipher /w: in an elevated Command Prompt (run as administrator). For example, to wipe drive D:

  cipher /w:D:

  This overwrites the free space on the drive. It doesn’t overwrite all data if there are files present.

• macOS: Use Disk Utility’s Secure Erase option (available in older versions of macOS). Newer versions use FileVault encryption which is a good alternative, but not a direct wipe.
• Linux: Use the shred command.

  shred -v -n 3 /dev/sdX

  Replace /dev/sdX with the correct device identifier for your hard drive (use lsblk to find it). Be very careful!

6. SSDs and TRIM Considerations

Traditional overwriting methods are less effective on SSDs due to wear levelling and TRIM. TRIM automatically erases unused blocks, making data recovery more difficult but also reducing the effectiveness of overwrite tools.

• Secure Erase: Many SSD manufacturers provide secure erase utilities that can reset the drive to its factory state. This is usually the best option for SSDs.
• Encryption: Encrypting the entire drive before disposal makes data recovery much harder, even if TRIM has been active. FileVault (macOS) or BitLocker (Windows) are good options.
7. Final Steps
• Remove any labels from the drive to prevent identification.
• If physical destruction isn’t possible, store securely until it can be destroyed.