The internal platters of a hard disk drive.

How to safely wipe your hard drive

Permanently and securely wiping your hard drive is an easy task, these are the four easiest and most useful tools using algorithms certified by the DoD.

The only sure way

The only sure way to completely make disappear the contents of a hard drive is to physically destroy it. That’s why so many companies make sure their sensible data will not fall into the wrong hands by having technicians drill holes into their discarded hard disks and then throwing them inside metal shredders.

However, that’s expensive and you also may want to resell that hard disk so destruction is not an option. If that’s the case we’re happy to inform you that there are several ways to completely and permanently erase your hard drives in a secure and permanent way. (Note: technically it’s not that expensive if you just open your hard disk and destroy the platters with a hammer)

In this article we will list many of these methods, including some of the leading tools used to forensically wipe your hard drives permanently.

A bit of theory

But before we talk about these tools we need to talk about how computers “erase” the information inside your hard drives.

It may come to the surprise of many, but when you delete a file inside your hard disk the file and its contents, ergo de 0s and 1s that represent the information contained in said file, will remain inside your hard disk until the sectors previously occupied by the file are rewritten with a new combination of 0s and 1s. This rewriting isn’t instantaneous or even quick, Windows, Linux, OS X, or any other operating system you may use, will rewrite these sectors only when it’s really needed; like for example filling your hard drive with new contents. This occurs mainly because when you hit delete your operating system assumes these sectors where the file is located are “not important anymore”, so it doesn’t need to preserve that information anymore and will overwrite it only when new files will require that space. All the operating system does is just deleting the records pointing to that file in the file system’s index leaving the actual information forgotten in the sectors.

Because of the behavior of the erasing mechanism we’ve previously mentioned the following problem arises: the content of erased files can be recovered pretty easily and quick using forensic tools that ignore what the file system’s index says and will scan all the sectors in the hard drive reconstructing the information as it sees it. With a bit of luck (or bad luck if you don’t want the information in these files to be recovered) the forensic tool will start recovering erased files in a matter of minutes, and within a few hours, depending on the size of the hard drive, a long list of deleted files and directories will be ready to be accessed again and read.

Permanently wiping your information using a hard disk wiper

Secure drive erasers are very useful, albeit a bit relatively slow. They work by constantly filling the offending hard drive with random information, again and again since multiple passes are required. Each pass or round changes the way the data is written into your hard drive. For example, the first pass may fill your hard drive’s binary information with a seemingly endless series of 1s, the second pass will do the same but with a seemingly endless series of 0s and further passes may start filling your had drive with random patterns of 0s and 1s.

Multiple passes are necessary because of an unforeseen problem: bad sectors. Your hard disk may have sectors gone bad where data writing was not possible during a pass due to the damage in that sector, further passes may be able to successfully rewrite it (this is why we said during the beginning of this article that the only sure way is the total physical destruction of the disk)

DBAN (Windows, Linux, Mac)

DBAN (Darik’s Boot and Nuke) is one of the oldest and most popular disk secure erasure tools, and one of its major advantages is that it’s an operating system agnostic tool since you have to directly boot your computer with it. DBAN is free and open source, and it was originally developed by Darik Horn but now it’s now owned by Blancco, a data tools company from Finland.

About the wiping algorithms used by DBAN

All the algorithms used by DBAN to erase disks are considered among some of the best in the industry, many certified by the Department of Defense itself.

  • Dodshort: DBAN’s authors recommend using DoD Short, or dodshort. DoD Short uses the Department of Defense 5220.22-M certified method.
  • Gutmann, an overkill since it’ll do 35 passes applying a vast array of random generation algorithms and all 0s and all 1s passes.
  • quick, it will do 1 pass and fill your disk with 0s.
  • PRNG Stream, an algorithm which writes data from a pseudo random number generator.
  • OPS2 or OPS-2, an algorithm with combines filling disks with random data and some of the mechanisms of the Gutmann method.

You can download DBAN from here.

Using DBAN

How to use DBAN to wipe ALL your hard drives

You can wipe all hard disk drives in your system using the quick commands mode.

  • Download the DBAN main file.
  • Burn the DBAN ISO file (that’s a system image file) into a USB stick using a tool such as Rufus.
  • Restart your computer and in the BIOS boot menu choose to boot from the USB where DBAN is installed.
  • Use DBAN’s quick commands by hitting F3.
    • Here you basically choose among the different erasing algorithms, from a quick erase method to different methods standardized by the Department of Defense.
    • We recommend typing autonuke which is the same as dodshort (the method recommended by DBAN’s authors)
  • Hit enter and voil√†.
DBAN's quick commands to wipe your hard drive.
DBAN’s quick commands.

How to use DBAN to wipe a specific hard drive

If you want to wipe a specific hard drive you’ll need to use the interactive mode.

  • Download the DBAN main file.
  • Burn the DBAN ISO file (that’s a system image file) into a USB stick using a tool such as Rufus.
  • Restart your computer and in the BIOS boot menu choose to boot from the USB where DBAN is installed.
  • Once you boot your machine with DBAN hit the enter key and that will take you to the Main Menu.
  • Inside the Main Menu you’ll be able to select the hard disk to erase (you can cycle through them with the J and K keys).
  • Once you’ve selected your hard drive to erase hit the M key to choose the wiping method (DoD Short is recommended).
  • Then hit R to choose the amount of passes (don’t be excessive 3 or 4 is more than enough).
  • Once you’re happy with the options you chose, position the arrow on the hard drive you want to erase and hit F10.
DBAN's interactive hard drive wipe selection screen.
DBAN’s interactive hard drive wipe selection screen.

Disknukem (Linux)

Linux users can use an enhanced version of DBAN’s dwipe suit called Disknukem. Disknukem adds a few new features. You can download it in its Github page.

Using CCleaner (Windows, Mac)

This is perhaps one of the easiest and simplest options, since it requires using CCLeaner, the popular junk file cleaner from Piriform. CCleaner comes with an integrated disk wiper. It can be found on its side menu under the Tools section. Once inside it go to the Drive Wiper tool, choose the Wie method, the Security level (the amount of passes) and lastly the drive to wipe and hti the “wipe” button.

You can download the CCleaner free version from here.

Using CCleaner's built in disk wiper tool.
Using CCleaner’s built in disk wiper tool.

Using DiskGenius (Windows)

DiskGenius is another disk wiping software that uses multiple data filling passes as its wiping method. It also includes a partition manager which will allow you to resize, format and clone disk partitions.

You can download DiskGenius from here.

Wiping a secondary or external hard disk with DiskGenius

  • To to the Tools menu
  • Choose the Erase Sectors option (or hit the E shortcut)
  • In the “Fill Sectors with” drop down menu choose Random Data.
  • Click on the “Erase” button.
  • Wait for the disk to be erased
DiskGenius hard drive wiping option.
DiskGenius hard drive wiping option.

Wiping you main/system disk with DiskGenius

DiskGenius can also wipe your main disk, as is the case with DBAN you’ll have to boot into a special ISO in order to do it.

  • Start Disk Genius
  • In the File menu choose the option “Reboo To DiskGenius WinPE version”.
  • DiskGenius will take a few minutes creating the booting information for Windows PE.
  • Once prompted hit OK to reboot your system.
  • Restart your computer and erase your main disk using the DiskGenius Windows PE options.
DiskGenius hard drive wiping option.
DiskGenius hard drive wiping option.

What about SSDs

SSDs have an option called secure erase which should be used to securely delete files. It’s extremely recommended that you DO NOT use any of the methods above mentioned on an SSD. This is due to the way multiple successive writes wear down SSDs (this doesn’t happen with Hard Disks).

Leave a Reply