Question about Deleted Data Security of Different Drives

cthulhuiscool

2[H]4U
Joined
Mar 15, 2006
Messages
3,002
Digging around on google is turning up conflicting results, so I wanted to pick your guys minds. Basically, I'm curious of reasonable ways to securely erase drives so that if I were to say sell or give away such drive, I don't have to worry about some clever fella digging up financial details or evidence of my shameful camgirl days (I was young and needed the disappointment of my parents 🤣)

I know platter drives are notoriously bad about retaining traces of past data, but see there are various wiping programs like DBAN or the options built into CCleaner. How secure are these methods, and is there a "good enough" number of passes or type of wiping? Also if I've had it password encrypted with bitlocker, is it really a concern (assuming they don't know my password)? The most secure one I see looks like it takes a million years to complete and is probably overkill unless you're on the run from the ABC Glowies, which isn't a concern for me... yet...

Then regarding SSD's, seeing mixed things. A lot of sources say that running a "trim" function on a compatible drive should scrub its past beyond recovery, but I've also heard from others they're fairly insecure. Who's telling the truth?

Appreciate any input.
 
I don't give or sell any drive that had sensitive data on it.
I usually take them apart to see what the parts look like.
IMG_3921.JPG
 
If you always used software full-disk encryption like BitLocker, a simple wipe is safe. If you haven't used full-disk encryption, or had sensitive data on the disk before encryption, a secure wipe is required as data might be present in unused space.

On an SSD, no software method can truly erase all the NAND blocks, but it requires high skill to extract any remaining data. SSDs typically encrypt all data with a default key whether you've enabled encryption or not, so they usually have a factory reset command that destroys the default encryption key rendering all the blocks unreadable.
 
Send the drives to me, I'll securely wipe them for you. 😇👹

But in all seriousness, encrypting the drive and then doing a simple format will be good enough to stop most people from seeing what was on that drive.
 
If you always used software full-disk encryption like BitLocker, a simple wipe is safe. If you haven't used full-disk encryption, or had sensitive data on the disk before encryption, a secure wipe is required as data might be present in unused space.

On an SSD, no software method can truly erase all the NAND blocks, but it requires high skill to extract any remaining data. SSDs typically encrypt all data with a default key whether you've enabled encryption or not, so they usually have a factory reset command that destroys the default encryption key rendering all the blocks unreadable.
Thanks for the info. Regarding "secure wipe", what would qualify? So attached are the examples of options CCleaner offers, not sure if those would count. DBAN (also attached) has a handful of methods too.
I'm not too worried, but building a computer for an older lady using a platter I had lying around. Don't *think* I ever used it for anything other than games and things, but better safe than sorry. Obviously she isn't a concern (unless she's playing a damn good act), but who knows if it ends up donated to charity or something down the line. What would you personally recommend as far as methods?
 

Attachments

  • Capture.JPG
    Capture.JPG
    22.7 KB · Views: 0
  • Capture2.JPG
    Capture2.JPG
    19.3 KB · Views: 0
Each pass of 0 or 1, while erasing the data, will leave varying levels of 0 or 1. Each bit that was flipped recently will have a shallower value, and can be recovered. Each additional pass will bring the bits closer. I think the standard was 10 passes and the data cannot be recovered.

You can do this with the regular format command on windows. Print out the options, one of them allows additional passes for overwriting all data. The screen shot with 7 passes should be fine.
 
Even a 1-pass wipe would prevent someone from simply plugging in the drive and recovering data as it requires low level access below the drive controller. Only a forensic lab would be able to do it. To prevent forensic recovery, multiple passes are required. There's no certain amount, but I would be comfortable with 3+ passes with a complex pattern.
 
really overthinking it (there are easier ways to get to your data and that's compromising your actual working PC) i have had used HDD/SSDs that i have come across and some of them actually booted on my test dell PC that i use to test disks before use(person selling them has not even bothered formatting them at all)

a full format is good enough (vista onwards writes 00s to the disk) or if you can work out how to do it trigger the secure erase command that works as well,, if the HDD Drive is a SED drive only the encryption keys needs erasing so they only take like 1-2 minutes to return secure erase command as completed as it does not need to erase the whole disk because the keys are wiped and regenerated so it's impossible to access the old data (does not require the disk to have password set the disk is already encrypted)

Do not use Dban or ""secure multi pass erase"" tools on a SSD very pointless, they don't work the same as a HDD

SSDs are easy use Secure erase if you can or if not diskpart clean command it and make a partition quick format it and then defrag "optimize" and that will Trim the whole SSD all data is zeroed out (if it was not already zeroed out in the first place because of windows Trim)

samsung adds TRIM to background Garbage Collection task (GC) so it normally reports finished almost immediately (and for secure erase command encryption keys and page table are erased and a full NAND trim command is Qued), but it's actually trimming in the background (you can see it doing it on enterprise samsung ssds because the write performance drops write speed down Rated QOS speed for about 1-2 minutes witch is around 200-250MB/s)

Note if your secure erase takes longer than 2 minutes on a SSD (like 10-20 minutes depending on the size of the SSD) it's likely a fake secure erase command software and is just simply running DBAN across all LBA blocks
 
Last edited:
really overthinking it (there are easier ways to get to your data and that's compromising your actual working PC) i have had used HDD/SSDs that i have come across and some of them actually booted on my test dell PC that i use to test disks before use(person selling them has not even bothered formatting them at all)

a full format is good enough (vista onwards writes 00s to the disk) or if you can work out how to do it trigger the secure erase command that works as well,, if the HDD Drive is a SED drive only the encryption keys needs erasing so they only take like 1-2 minutes to return secure erase command as completed as it does not need to erase the whole disk because the keys are wiped and regenerated so it's impossible to access the old data (does not require the disk to have password set the disk is already encrypted)

Do not use Dban or ""secure multi pass erase"" tools on a SSD very pointless, they don't work the same as a HDD

SSDs are easy use Secure erase if you can or if not diskpart clean command it and make a partition quick format it and then defrag "optimize" and that will Trim the whole SSD all data is zeroed out (if it was not already zeroed out in the first place because of windows Trim)

samsung adds TRIM to background Garbage Collection task (GC) so it normally reports finished almost immediately (and for secure erase command encryption keys and page table are erased and a full NAND trim command is Qued), but it's actually trimming in the background (you can see it doing it on enterprise samsung ssds because the write performance drops write speed down Rated QOS speed for about 1-2 minutes witch is around 200-250MB/s)

Note if your secure erase takes longer than 2 minutes on a SSD (like 10-20 minutes depending on the size of the SSD) it's likely a fake secure erase command software and is just simply running DBAN across all LBA blocks
What do you mean by a full format? As in just formatting the drive without it being encrypted? That data is easy to recover (I've had to do it when I've accidentally formatted a drive before) with GetDataBack.

I agree with everything else. I just wanted to make that clarification.
 
What do you mean by a full format? As in just formatting the drive without it being encrypted? That data is easy to recover (I've had to do it when I've accidentally formatted a drive before) with GetDataBack.

I agree with everything else. I just wanted to make that clarification.
It wasn't a full format if you could recover it. The drive controller will report zeros to any software recovery tool after a full format. You need low level access below the drive controller to recover from that.
 
It wasn't a full format if you could recover it. The drive controller will report zeros to any software recovery tool after a full format. You need low level access below the drive controller to recover from that.
https://www.computerhope.com/issues/ch001407.htm

A Full Format runs an additional step that checks the hard drive for any bad sectors. This check is what makes the full format take so much longer than a quick format. Unfortunately, like the quick format, the files still exist and the volume could be re-built to gain access.
 
https://www.computerhope.com/issues/ch001407.htm

A Full Format runs an additional step that checks the hard drive for any bad sectors. This check is what makes the full format take so much longer than a quick format. Unfortunately, like the quick format, the files still exist and the volume could be re-built to gain access.
Newer versions of Windows will zero all the sectors.
 
Newer versions of Windows will zero all the sectors.
Do you have a link I can read up on? I was unaware of this. I knew if you encrypted the drive first and then formatted it, that data would be unrecoverable, but if the drive is not encrypted and just formatted, then that data is still recoverable.
 
Do you have a link I can read up on? I was unaware of this. I knew if you encrypted the drive first and then formatted it, that data would be unrecoverable, but if the drive is not encrypted and just formatted, then that data is still recoverable.
from vista onwards it writes to every sector (windows 7 and higher that does 00s, Vista might have been 0E Patten, 00 is better as that is zero bytes and means it can be Trimmed or for Virtual disks) below vista it was purely a read verify check

that website is incorrect (the date published for that article should change to 1994 lol) they are going off XP days of a full format witch Only does a read verify on full format

dban - https://dban.org

Use it at work for Top Security cleaning...
really not needed unless its government use that mandates it's use (but system will have bit locker or alike encryption so full wipe is usually not needed but normally required per policy) and defiantly don't use it on a SSD (format and run defrag/optimize it zeros out the whole ssd, or use provided secure erase tool witch wipes page table, resets public/privet encryption keys and then sends a mass TRIM to all NAND chips)
 
Back
Top