How to properly erase/scrub/wipe a hard drive?

Discussion in 'privacy technology' started by KrazyKong, Aug 18, 2010.

Thread Status:
Not open for further replies.
  1. KrazyKong

    KrazyKong Registered Member

    Joined:
    Aug 18, 2010
    Posts:
    9
    Hello, I'm trying to find a program that will securely erase a hard drive. I have tried many programs and have discovered some do not do a very good job of removing ALL the data, FAT entries and other bits of information. Thus I came across these forums and am hoping I might find some information and maybe be steered in the right direction.

    What I want is a program/utility that will remove all traces of data from a hard drive, whether it be data that's already deleted, stuff that still needs to be deleted, and also if the drive had been formatted, but hidden data still remained on it.

    The problem I've found is that alot of "erasing" programs can't do anything on the drive unless there is an active partition on it. The only one I found that worked regardless of whether the drive was partitioned or not was O&O SecureErase. Not all data gets deleted from the drive in the same ways, thus being able to wipe a hard drive even without a partition present is something I'd like to find.

    Now the confusing thing, is even after wiping my hard drive(s), using Ontrack EasyRecovery Pro (unless there is a better data recovery program out there??), it was still able to find deleted directories and files.

    So my criteria for a erasing/wiping program/utility is this:

    1) To see and erase/wipe a hard drive regardless of partitions present.

    2) Remove all MFT and FAT entries. Some hard drive erasing tools only overwrite the data, but then leave all the filenames present. Now I understand you won't be able to recover the data, but still being able to see the filenames isn't a good thing if you are wanting to truly wipe a drive.

    3) Be able to wipe a drive regardless of whether files have been deleted, the drive formatted, re-partitioned etc.


    Now hopefully someone will know of such a tool from their personal experience. If you know of a program, but have not used it personally, and have not run some sort of recovery/inspection program to see how well it scrubbed the drive, then please state this. I'm already a bit overloaded from trying several different tools, what to speak of the time invovled waiting for the drive to be erased.

    Right now I'm using Directory Snoop to inspect a drive after scrubbing it. It's able to delete FAT and MFT entries but it's a manual process.

    Hoping there is something out there that fits the bill and does what I'm seeking.

    Finally, if anyone also has a nice method to check a drive has in fact been scrubbed and 100% properly erased, I'd love to know what programs or tools you use. As I mentioned I"m using EasyRecovery Pro and Directory Snoop, but am sure there are better ways to do this.
     
  2. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'm not sure if you're wanting to use the drive again yourself or are scrubbing the drive to sell or otherwise dispose of.

    If you're wanting to use the drive again, a good thorough scrubbing with Darik's Boot and Nuke should wipe the drive. Your drive also probably has capabilities of using the Secure Erase HDDErase function. Either one of these will give you a securely wiped drive.

    Another method that has gained favor of late is the use of encryption. Basically, you use TrueCrypt to totally encrypt the drive you want "erased." The whole thing. Using 256-bit AES you create one big encrypted partition or drive. Make a ridiculously long key and forget it. Don't write it down as the purpose is simply to encrypt the whole thing with zero chance of recovery. What then? You then delete the partition or go through the whole wipe routine again. Except this time, you have nothing but an encrypted drive "underneath," so there's no file names, no directory names, nothing but encrypted random gibberish.

    If it were me, I would use the encryption method for added safety and then wipe the drive (or even just delete the partition), format and you're good to go. Nobody will ever see what was there before. This is also a good method if you're ridding yourself of the drive.

    Good luck!
     
  3. KrazyKong

    KrazyKong Registered Member

    Joined:
    Aug 18, 2010
    Posts:
    9
    Heya. I have alot of hard drives that served as backups for various personal files. None are that sensitive, but the thought of selling a hard drive made me think more about the data on the drives etc.

    I'll give the HDDErase utility a go. I've heard of Darik's Boot and Nuke so will try that as well. If I'm still not happy, then I'll move onto looking at the encryption method.

    How can I check that the hard drive has been totally 100% securely erased? What program should I use to check this?
     
  4. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    When you use DBAN, be sure to just use the option that writes one pass of zeroes. It has been proven that this multiple pass business is superfluous and a fraud. You only need one pass to completely destroy all data. Anything else is a huge waste of time (it takes long enough to write one pass).
     
  5. KrazyKong

    KrazyKong Registered Member

    Joined:
    Aug 18, 2010
    Posts:
    9
    For testing purposes I've been trying to get my hands on a really small hard drive. Found an ancient Microsribe 42MB one in some old storage boxes I had, but it had too many bad sectors lol. Came across a pair of Seagate 260MB drives and they formatted just fine. I don't think they've been used in over 14 years but apart from the noisy motors they seem to be fine. But alas they are so damn slow in the end it didn't seem to be saving anytime. I've been erasing, wiping and scrubbing some of my drives which can take up to 6hours, so you can see I want to get it right this time.

    Tried DBAN on the 260mb drive with a 3 pass (default setting) and it seemed happy. Will try the 1 pass from now on. Am now running Ontrack DataRecovery on it to see if I can see any remnants of data. Will report back soon.
     
  6. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ KrazyKong

    Should be interesting :thumb:
     
  7. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    If you want something to erase, while the windows is still running (wipe frees pace or files), you can use eraser 5.8, it wipes files, names, cluster tip, ads, free disk space, master file table, directory entries. Go with one pass and it is done. I tested it and it does a great job. Tried to recover anything with Recuva, Recovemyfiles, filescavanger etc. all zeros.

    If you want to wipe the entire drive, use dban boot cd and just nuke it :)
    or like it was written before, use full disk encryption with aes256, very strong password, and just format the drive. I would suggest dban.
     
  8. hierophant

    hierophant Registered Member

    Joined:
    Dec 18, 2009
    Posts:
    854
    I have almost 30 dead drives. I also have many boxes of legal documents that would need shredding before disposal. Doesn't heat demagnetize stuff? How hot and for how long?

    Edit: They're either dead/nonfunctional, SCSI (no use for them) or just very old/slow.
     
    Last edited: Aug 18, 2010
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,052
    Location:
    USA
    If they are dead just stick some magnets on them and be done with it. No need for fire. ;)

    Don't do it if they are not dead or they may end up that way. Unless that is what you want.
     
  10. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    What specific wipe utility did you use in this circumstance -- i.e., what wipe utility failed to prevent the Ontrack application from detecting directories/files?

    Thank you.
     
  11. KrazyKong

    KrazyKong Registered Member

    Joined:
    Aug 18, 2010
    Posts:
    9
    Keep in mind over the past several weeks I've spent countless hours, days and time trying all sorts of wiping/scrubbing programs etc.

    The ones I first tried were Disk Redactor and Hard Disk Scrubber.

    Disk Redactor is a small simple utility that does a one pass wipe of a disk. It seems to work I guess, but it does leave behind it's own temp files. I don't think it does anything with the FAT or MFT tables, rather it just writes one big file until it fills the drive. So I then moved onto Hard Disk Scrubber. It has quite a few options for how to wipe data, but again I don't think apart from an option to rename files, that it actually erases their names alltogether.

    Maybe Ontrack DataRecovery Pro isn't the best program to use to check if a disk has been properly wiped. Will use Directory Snoop, Disk Investigator and Winhex more and hopefully they will give a better picture of what's left on the drive.

    It seems even the most simplest of programs can delete the data via simply overwriting and filling up the drive, but the better ones also erase the file names and clears the FAT/MFT tables which is what I'm after.

    Hopefully I'll have the time to write a little review for each program, but before I do that, I'd like to get a routine down so that I know it's actually working.

    Thus with Directory Snoop, Disk Investigator and Winhex, what else can I use to see the results of a "wipe" ?
     
  12. moonriver

    moonriver Registered Member

    Joined:
    Dec 31, 2008
    Posts:
    26
    I'll sell my old PC soon, what is the easiest way of getting rid of my data.
    Will it suffice to just reinstall the OS?
    Thanks
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere

    Rinse, wash and repeat. This thread alone includes ideas and there are countless threads in the archives.

    Good luck!
     
  14. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    It makes sense that Ontrack DataRecovery Pro might detect files after using either of these two utilities, because both appear to run from within Windows. To wipe all data on a hard disk drive, you need to run a wipe utility from within an alternative operating system (e.g., DOS, Linux, or Windows PE) so that all disk clusters of a volume are accessible for writing at a raw (not file system) level.
     
  15. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Another suggestion, is to remove the drive and connect it to another comp as a Slave. Then do what you will to it from the Master ;)

    I can confirm that Directory Snoop is a serious eye opener :eek: and Very useful app to have :thumb:
     
  16. Pleonasm

    Pleonasm Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    1,201
    Also consider WinHex.
     
  17. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    All of my computers are HP and I love it that I can reinstally just by restarting and tapping F11. I guess Dariks Boot and Nuke as well asthe other method you mentioned would completely destroy that option.

    I normally just run R-Wipe every so often, but since I use Returnil and I am sure that this is even necessary. What do you think?

    But what I am wondering is that since my computers have these setup files pre-installed, can I still encrypt my computer?
     
  18. KrazyKong

    KrazyKong Registered Member

    Joined:
    Aug 18, 2010
    Posts:
    9
    I have a spare computer I've been using for the wipes. The drive that get's wiped is always the secondary drive, so there won't be any swap files or residue once completed. But I do understand the importance of DOS, Linux etc. when needing to have an OS that doesn't interfere so much with the file systems and locking files from deletion etc.


    See above, whatever drive I"m working on is never the master.

    Directory Snoop is a great little program. I've found a few more than are similar too and will post some findings once I check them out more.

    But for drive inspections pre and post wiping we have...
    1) Directory Snoop
    2) Winhex
    3) Disk Investigator
     
  19. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Thanks :thumb: almost forgotten about it, and i do have a previous version, somewhere.


    @ KrazyKong

    OK good :thumb: Yes i've used Disk Investigator before, very underrated and not well known. He has other goodies on his www too :)
     
  20. raspb3rry

    raspb3rry Registered Member

    Joined:
    Jun 8, 2010
    Posts:
    37
    Well, heat could be an option, as you mention. In that case, you would need to heat the inner parts of the hard drive above 1130 degrees celcius, according to Wikipedia.
    I'll recommend to melt the entire thing (iron melts at ca 1500 degrees celcius). That assures that you've reached the required temperature.

    Some smaller hard drives are made of metal-covered glass plates - These could be destroyed by simply disassembling the harddrive and destroy the platters into pieces.

    Take care of yourself, if this is what you'll be doing!
     
  21. KrazyKong

    KrazyKong Registered Member

    Joined:
    Aug 18, 2010
    Posts:
    9
    CloneRanger, yeah I'm checking out some of the other utilities as well. Looks like some good stuff.

    hierophant, you could just drill right through the hard disks in various places to pierce the platters. I don't think anyone would then be attempting any microscopic FBI/NSA style data retrievals.

    Though I must admit it would be fun to throw a box of hard drives into an iron smelter aka T2 when Arnie melts himself lol.
     
  22. microbial

    microbial Registered Member

    Joined:
    Aug 26, 2009
    Posts:
    156
    Location:
    UK
    Another vore for Darik's Boot and Nuke or SysInternals SDelete which you can run on Vista/Win 7 from the command line.
     
  23. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Hi Caspian, Yes, you can encrypt your computer with the setup files in place. No problem.
     
  24. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    So if I encrypt my computer and then just delete the encryption, that will have overwritten everything?? That sounds like a really cool idea, thanks.
     
  25. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Encrypting the disk and forgetting the key wont work because the cipher only encrypts data that's about the be written to disk. This is why it's recommended that before one encrypts a disk that they fill it with random data. So, you are back to still having to fill the disk with random data, which makes the encryption superfluous for wiping purposes.
     
Loading...
Thread Status:
Not open for further replies.