Selling Laptop, how can I clean Windows first?

Sounds like it should be a pretty effective option....... but does R-wipe overwrite the "remapped blocks" / "reallocated disk sectors" that may be ignored by hard disk controllers?

I don't think it does, as far as I know.

So, what you suggest should wipe everything apart from a possible small number of "remapped blocks" / "reallocated disk sectors" . I imagine it could be 100% effective as long as there are no "remapped blocks" / "reallocated disk sectors" on the hard disk.

 

Came across this.

http://www.jetico.com/wiping-bcwipe-total-wipe-out/

Not sure if SecureErase can handle DCO and HPA.

 

Is this using hdparm?

 

I would use DBAN and then reinstall Windows if it were me.

 

Yes. hdparm is used to push the command to the ATA controller. You will also need to find the password for the drive (some companies lock this function and don't document the password sadly). I don't think there is a way to bypass said lock either - I have tried on my HDD. If it is locked it will say FROZEN. I never looked into enough to know if it can be unfrozen without the manufacturer doing it but what I read is that the BIOS plays a role in it too sometimes.

 

Found some interesting info about "FROZEN" drives and how to overcome here.

https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

 

Thanks for this, I never knew about the existance of Device Configuration Overlay (DCO) or of the Host Protected Area (HPA).

It's amazing how much I don't know about computers.

 

I'm glad to see more support for my favorite wiping tools, all others are limited in what they can accomplish.
Thanks tgell and Pryvate.

Windows can develop write errors which get marked as bad sectors and has nothing to do with physical damage to the drive. Data can remain in the bad sector and when chkdsk is run chkdsk will attempt to recover this data.

Absolutely. hdparm and --secure-erase.
I have found when playing with it more that it doesn't reset Native Max Size when wiping. NMS must be reset independently.

The main factor is time to accomplish your task, at least for me. If it takes you an hour or more to root out all of the data hiding locations and erase them then you might as well just HDDErase it, then reinstall. If from an image, another 1/2 hour additional, if reinstalling, 2 to 3 hours. The end product is much cleaner and there are no stragglers or worries.

Yes. The Secure Erase Function was the first to include this, when accessed with HDDErase it is optional, when using hdparm in Linux it is assumed you are erasing this area. For those without a restore CD or DVD of Windows and just data on the HPA, hdparm could create a problem. Jetico added this functionality after the CMRR Secure Erase Function had been included in HDD in 2001.

Frozen is a BIOS and a manufacture choice, usually on most or all laptops Frozen is default. It's supposed to be a security feature and only physical access can overcome this state by hot re-plugging the drive after Linux finishes booting up.
If the drive is password protected, the Secure Erase Function will still erase the drive, but if you don't recall the password then you won't be able to do anything else.
A password is something that is set on each use of the Secure Erase Function via hdparm and is only a one time use for that procedure. A password is not required to use HDDErase.

@TheMozart, you should just go with the methods you feel comfortable with, but for completeness you can't improve on the Secure Erase Function accessed with either hdparm or HDDErase.

 

I use Dban and KillDisk solely so I have never looked into hdparm once I found my HDD to be frozen. You said it needs to be hot re-plugged - I am not goin to do this LOL not important enough when overwriting is technically over kill in my case (Use FDE)

 

As mentioned or alluded to, 3 passes with DBAN will be fine.

Forget wiping free space via the OS itself. IMHO this isnt suitable for a machine that is to be sold or passed on.

~ Removed Link to Probable Copyrighted Image as per TOS ~

 

So those other options (i.e. PRNG Stream) somehow do an even better job than writing zeros? How can that be? I thought that when you wrote 0's to that sector it was flat out devoid of any data = clean. I didn't realize it could get any cleaner than that. I'd like to hear more about this.

Before I reformat my computer I use a program called "Data Lifeguard" to write zeros to the entire disk. It's designed specifically for Western Digital HD's, which is all I'll buy, so I use it. I've been told though that it's only really necessary to write zero's to the first & last million sectors of the drive (which is an option). But I guess it makes me sleep better at night to do it to the entire HD.

If I were selling it I'd do this before parting ways too, then re-install Windows and get all critical updates for them but nothing else. If it's XP maybe disable a few dangerous, useless services too (i.e. Remote Registry), and tick the "Don't allow exceptions" box in the WF, cuz I'm a nice guy like that

 

I would encrypt the whole thing, restart from CD, format and install a fresh windows. The artefacts would be encrypted and the new owner would not have the key...

 

Although technically overighting with a series of zeros is good enough. It may be possible in the (Distant) future to recover that data using Force Microscopy. The issues with this right now is in order to recover data you would have to recover each and every bit individually. This means if you are off by even one bit you will have a different character (I.E the original data may be 'A' but if off by one bit you may get 'Z') as each ASCII character is 2 bits.

Now over righting use a special method such as DOD, NSA or Guttman prevents this by using a series a of random and non-random wipes. This prevents Force Microscopy from detecting the previous bit as that bit is random and not a anything of value.

These methods are technically over kill on modern hard drives greater than 20 GB and even more overkill if FDE is used. However I prefer to use a NSA 7 pass or PRNG Wipe.

 

I re-cycled my old computer recently, and before doing so restored the WIN98 to the out of the box condition by clicking f8 on bootup and following the directions. I can't vouch for all previous data being erased, but I would think so. If you are selling your laptop to someone you know, you might consider whether that person has the desire or expertize to find hidden data in your computer before you bother wiping the HD.

 

Why take the chance? It doesn't take that long to do a few passes with an eraser and reinstall the OS. That way you know for sure nothing will be recovered.

 

Pardon my lack of understanding but does SecureErase render the drive unusable after the wiping or can one reformat & reuse it? It sounds a very vicious tool.

 

I remember seeing a video of a forensic guy.. and he was talking about ATA Secure Erase command that was built-in on every HDD from year 2001

He was saying that ATA Secure Erase takes less time to complete and does a better job than dban. I don't remember the specifics

 

You can reformat and reuse it. It is a simple data wiping tool.