selling a HDD, need to delete data the ability to restore

[telimar]

the HDD that I want to sell has sensitive data.
the plan is (was) to do a "quick format". and delete partitions if any.
but I read formatting a drive doesn't REALLY erase data, only erases file allocation information and data can still be restored with certain applications.

so what DOES erase data in such a way I can be rest assure the sensitive data is lost forever and can't be restored ? is it called "drive wiping/scrubbing" (like I have in my "CCleaner" application) ? if so how many overwrites (passes) is recommended in my case?

bear in mind, I need to sell this HDD so I don't it to be damaged in any way.

 

[Red Squirrel]

There's lot of tools, one I personaly like to use is one called "shred" on Linux. It's usually prepackaged and very easy to use. It will randomize writes and then optionally finish it off with a write of zeroes.

There's some argument as to whether you only need to do it once, or multiple times. You should technically only need to do it once, but I always do a bunch of passes just to be on the extra safe side.

 

[telimar]

There's lot of tools, one I personaly like to use is one called "shred" on Linux. It's usually prepackaged and very easy to use. It will randomize writes and then optionally finish it off with a write of zeroes.

There's some argument as to whether you only need to do it once, or multiple times. You should technically only need to do it once, but I always do a bunch of passes just to be on the extra safe side.

so drive wiping IS the best method?

 

[evilsofa]

Quick formatting and partition deleting will not do it. You can recover from that trivially using TestDisk on the UBCD.

Drive wiping is the best method. DBAN is a good free tool for this.

 

[sleeprae]

For drives I'm about to release to someone else, I use DBAN in PRNG Stream mode with 8 rounds. As others have said, one pass is probably enough, but I still err on the side of caution if it's going to leave my hands to somebody I don't know.

 

[mwroobel]

+1 on DBAN for general use.

As to the sensitivity of the data, HOW sensitive is it? Will its contents ruin your life or business? Will they land you in jail? Is the money you will receive in return fair compensation for what the revelation of the data will cause?

 

[zandor]

so drive wiping IS the best method?

Yes, but the method of drive wiping varies by device. For standard HDs multiple overwrites is probably the best method, but for SSDs secure erase is preferable.

For most hard drives the best is usually multiple overwrites with random garbage with the drive hooked up as something other than the boot drive. It's more convenient than methods that involve booting off CD, etc. Writing random crap to a drive doesn't take a lot of CPU resources, so you can still do other things with the computer.

On SSDs the best method is secure erase since it tells the drive to erase all memory. SSDs have to erase before writing, so erasing everything restores the drive to like-new performance. If you overwrite an SSD, just do one pass with all 0s.

Secure erase works on HDs too, though it probably isn't as good as a nice wiping program and it's less convenient. Unless you run Linux you'll have to boot up Linux and use hdparm or boot DOS. I forget the name of the DOS program, but it's on the Ultimate Boot CD. SSDs can wipe themselves very quickly so the the only real hassle is the reboot. My Intel old X25M that I'm slowly prepping for sale (along with the laptop it's in) wiped itself in just a couple of minutes. HDs take a lot longer.

Secure erase also works well on those encrypted hard drives that come with some higher end laptops. They can "erase" themselves faster than an SSD. Instead of actually erasing anything they just forget the old encryption key and generate a new one. Once the key is gone it would take a massive amount of computing power to decrypt the drive. Of course if you're really paranoid you can always overwrite it a couple times, secure erase it, then overwrite it some more.

 

[Daggah]

You can also get sdelete if you're comfortable with a command line.

 

[-Dragon-]

Would the loss due to potentially not completely wiping the data be more than the money you'd gain reselling the drive? If so hit it with a hammer repeatedly.

 

[mwroobel]

Yes, but the method of drive wiping varies by device. For standard HDs multiple overwrites is probably the best method, but for SSDs secure erase is preferable.

For most hard drives the best is usually multiple overwrites with random garbage with the drive hooked up as something other than the boot drive. It's more convenient than methods that involve booting off CD, etc. Writing random crap to a drive doesn't take a lot of CPU resources, so you can still do other things with the computer.

On SSDs the best method is secure erase since it tells the drive to erase all memory. SSDs have to erase before writing, so erasing everything restores the drive to like-new performance. If you overwrite an SSD, just do one pass with all 0s.

Secure erase works on HDs too, though it probably isn't as good as a nice wiping program and it's less convenient. Unless you run Linux you'll have to boot up Linux and use hdparm or boot DOS. I forget the name of the DOS program, but it's on the Ultimate Boot CD. SSDs can wipe themselves very quickly so the the only real hassle is the reboot. My Intel old X25M that I'm slowly prepping for sale (along with the laptop it's in) wiped itself in just a couple of minutes. HDs take a lot longer.

Secure erase also works well on those encrypted hard drives that come with some higher end laptops. They can "erase" themselves faster than an SSD. Instead of actually erasing anything they just forget the old encryption key and generate a new one. Once the key is gone it would take a massive amount of computing power to decrypt the drive. Of course if you're really paranoid you can always overwrite it a couple times, secure erase it, then overwrite it some more.

Secure erase is not perfect, and depending on the drive model may not wipe NAND in the spare area which may have been used for garbage collection. Some fragments (or more) with potentially damning results may still be recoverable on the drive. While there are standards for Secure Erase (ATA) they are somtimes not enabled properly. For more information you can check here.

 

[westrock2000]

Writing all 1's or 0's (or random for that matter) once is suffecient enough.

Feel free to look it up, other then rumors of super secret NSA/CIA tools, no one has been able to prove that they could recover a useable file from a harddrive that has been wiped once. There was even a website that had a prize of several thousand dollars if you could recover the contents of a harddrive that had been wiped just once. Went unclaimed for several years.

This is for a traditional harddrive of course. Any drive that creates duplicates or moves data around (such as SSD's) of course has other complications.

 

[telimar]

is the drive wiper "CCleaner" any good? DBAN scares me

and yes, the data in this disk might get me to jail if it gets to the police but why should it?
isn't that why I use a drive wiper?

 

[mwroobel]

and yes, the data in this disk might get me to jail

Then you are absolutely nuts for trying to sell this drive. Hit it with a hammer repeatedly and bury the pieces in separate shallow graves while saying a prayer (wait.... Are the locations of several shallow graves what are on the drive? ) Especially with an SSD which could have incriminating data left in the wear leveling or spare area.

 

[telimar]

Then you are absolutely nuts for trying to sell this drive. Hit it with a hammer repeatedly and bury the pieces in separate shallow graves while saying a prayer (wait.... Are the locations of several shallow graves what are on the drive? ) Especially with an SSD which could have incriminating data left in the wear leveling or spare area.

I may have execrated about getting me to jail, it's torrents and things like that.
the regular joe won't do anything with it if he gets his hands on it.

but back on topic: is the drive wiper in "CCleaner" good enough for task? I'm thinking about 3 passes

 

[CubanBlood]

DBAN is the way to go.

 

[mwroobel]

I may have execrated about getting me to jail, it's torrents and things like that.
the regular joe won't do anything with it if he gets his hands on it.

but back on topic: is the drive wiper in "CCleaner" good enough for task? I'm thinking about 3 passes

DBAN it for as many passes as makes you feel comfortable then sell it.

 

[DlStreamnet]

DBAN

4 pass is the US military standard

 

[E4g1e]

DBAN it for as many passes as makes you feel comfortable then sell it.

There is one problem with DBAN: You have to run it on a very old PC. Newer PCs, especially those with UEFI BIOSes, cannot properly run DBAN: I tried it, and it failed to detect any drives whatsoever on such newer systems. Ans when it failed to detect drives, the program locked up my PCs.

 

[mwroobel]

There is one problem with DBAN: You have to run it on a very old PC. Newer PCs, especially those with UEFI BIOSes, cannot properly run DBAN: I tried it, and it failed to detect any drives whatsoever on such newer systems. Ans when it failed to detect drives, the program locked up my PCs.

Well, I have used it on 2 different UEFI machines (AsRock Fatal1ty Z68 and Asus Sabertooth X79) and DBAN worked fine. Hell, I even used it on a Macbook Pro and it worked fine. While I am sure there are compatibility problems with some new machines, it isn't that widespread from what I have seen (definitely not an old-machine only kind of thing) and you can always submit a ticket to them for any compatibility issues.

 

[telimar]

can I use DBAN to destroy an external HDD in a disk closure that is connected via USB ?

 

[trond]

Windows 7's DISKPART has an option to clean hard drives, partially (0's 1st and last MB of a drive) as well as fully (overwrites the complete drive with 0's). Latter option is CLEAN ALL if I recall correctly. Be sure to select the correct drive first. Both options will set the drive back to uninitialized in disk management.

 

[telimar]

can I use DBAN to destroy an external HDD in a disk closure that is connected via USB ?

can I ?

 

[GeorgeHR]

the HDD that I want to sell has sensitive data.
the plan is (was) to do a "quick format". and delete partitions if any.
but I read formatting a drive doesn't REALLY erase data, only erases file allocation information and data can still be restored with certain applications.

so what DOES erase data in such a way I can be rest assure the sensitive data is lost forever and can't be restored ? is it called "drive wiping/scrubbing" (like I have in my "CCleaner" application) ? if so how many overwrites (passes) is recommended in my case?

bear in mind, I need to sell this HDD so I don't it to be damaged in any way.

On one hand there is no way that it is worth the time and effort to destroy just the data. Just destroy the whole drive.

On the other hand there is no way the data is worth the effort of recovering the data after a format.

You worry way too much.

 

[haileris]

These would be my options for what it is worth:

1. If the hard drive has general data use DBAN
2. If the hard drive contained sensitive data, I would use Blancco. If CESG has approved this for sanitisation of TOP SECRET (UK) HMG data then I would think it would do for my business. (http://www.cesg.gov.uk/finda/Pages/CCITSECProduct.aspx?PID=173&backpage=CCITSECResults.aspx) There are similar US Govt approved s/w
3. If the hard drive has such sensitive data that I worry about it that much, as someone said do the above, hit it with a hammer and then incinerate it (or some combinations thereof)

 

[marshac]

I find the shotgun approach is best for drives with sensitive data. Seriously- drives are so cheap compared to the value of your data- don't sell them. Ever. Just destroy them and be done with it because once that HDD is out of your physical control who knows what will happen.

 

[asyork]

I have a stack of old HDDs in my room. I would never sell them. Some day I should get around to destroy them and throwing them away, but that's a pain.

If you need the money, you should use dban. CCleaner should do the job in theory, but I've never seen it suggested for that purpose, and I've never read about it in that much detail.

All it takes is a recovered cookie from a session you didn't close, and someone could get into your email. From there they can reset your passwords for just about everything, and then change them to whatever they want. It is too easy to get royally screwed over a single file being recovered. Not to mention if you kept tax documents, school records, saved passwords, etc. on the computer.

 

[tazeat]

The only thing I really worry about is bad sectors that still have sensitive information on them. Do a 9 pass random write and for the most part your data is dead, but what about those sectors set off to the side you never got a chance to rewrite over? aranoidpenguin:

Hard drive encryption I wish took over at more a firmware level and was implemented as standard per device in all raid controllers and such... That said truecrypt and dm-crypt are handy.

 

[drescherjm]

The only thing I really worry about is bad sectors

Did you check to see if there were any using SMART? CrystalDiskInfo (or any program that displays SMART raw data) will tell you how many sectors that have been reallocated.

 

[westrock2000]

http://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf

Conclusion

The purpose of this paper was a categorical settlement to the controversy surrounding
the misconceptions involving the belief that data can be recovered following a wipe
procedure. This study has demonstrated that correctly wiped data cannot reasonably
be retrieved even if it is of a small size or found only over small parts of the hard
drive. Not even with the use of a MFM or other known methods. The belief that a tool
can be developed to retrieve gigabytes or terabytes of information from a wiped drive
is in error.

Although there is a good chance of recovery for any individual bit from a drive, the
chances of recovery of any amount of data from a drive using an electron microscope
are negligible. Even speculating on the possible recovery of an old drive, there is no
likelihood that any data would be recoverable from the drive. The forensic recovery
of data using electron microscopy is infeasible. This was true both on old drives and
has become more difficult over time. Further, there is a need for the data to have been
written and then wiped on a raw unused drive for there to be any hope of any level of
recovery even at the bit level, which does not reflect real situations. It is unlikely that
a recovered drive will have not been used for a period of time and the interaction of
defragmentation, file copies and general use that overwrites data areas negates any
chance of data recovery. The fallacy that data can be forensically recovered using an
electron microscope or related means needs to be put to rest.