When selling your computer or returning it to your employer, then you should make sure to securely erase the data of your hard drive to prevent unauthorized access to it.
Simply deleting your sensitive files via the system menu is often not sufficient as professional data recovery tools may be able to restore them. In order to guarantee irrevocable deletion, it is recommended to erase the entire contents of your disk and overwrite it several times with random data.
There are several data erasure standards, like the DoD 5220.22-M from the American Department of Defense, that define how data is securely deleted. In this article, I am showing you how to nuke all of your data according to such a standard.
Download a free and versatile erasure software
The variety of hard drive erasing tools makes it difficult to make a choice.
Many applications are either paid solutions, have a limited number of applications, or cannot run on all devices. There is, for example, the Samsung SSD Magician Software which offers a "Secure Erase" functionality only for certain Samsung SSDs or Microsoft's Surface Data Eraser which has been designed for Surface devices and requires a 1.4 GB download.
Fortunately, there is also very good free wiping software such as nwipe (just 6 MB in size). Nwipe offers great deletion algorithms and can be booted from a USB stick through ShredOS.
Install software onto a bootable USB stick
If you want to delete your primary hard disk it often includes deleting your operating system as well. To be able to wipe the operating system from your hard drive, you must first start another operating system running on another drive. To accomplish this task, you can boot an operating system from a USB stick. ShredOS is a great and minimalistic OS which incorporates
nwipe and lets you get started right away.
With Rufus you can install ShredOS on your USB stick and make it bootable. Just download the latest Rufus release and latest ShredOS release to create a bootable USB stick with ShredOS. Make sure that there is no important data on your USB stick because it will get deleted during the process.
Allow your computer to boot from USB sticks
Modern computers run a Unified Extensible Firmware Interface (UEFI). The UEFI is often configured in such a way that it is not possible to directly boot software from a legacy USB stick. Luckily, Rufus already creates a EFI USB stick which works fine with most UEFI firmwares, so you don't have to boot in legacy mode.
If you ever find yourself in a situation where you want to boot in legacy mode (legacy BIOS), then this guide is of help:
- Restart your computer and boot the UEFI firmware by using Window's Command Prompt and entering
shutdown -r -fw -t 0. Alternatively, you can open "Settings", "Update & Security", "Recovery", "Advanced startup", "Restart now", "Troubleshoot", "Advanced options", "UEFI Firmware Settings" & "Restart" on Windows 10.
- Open the "Boot" tab and set "Boot Mode" to "Legacy Support" and "Boot Priority" to "Legacy First" in your UEFI firmware (tested with InsydeH2O® UEFI BIOS on Lenovo Yoga 900-13ISK).
- Move your USB stick on top of the "Windows Boot Manager" in your list of bootable devices.
Note: When using the legacy mode, make sure to set it back to UEFI after your operations as UEFI is the recommended way to safely boot software.
Securely delete directories and files
Heidi Computers offers Eraser which is an advanced security tool for Windows to remove sensitive data. It allows you to securely erase files and folders from the context menu in Window's Explorer. It's a great solution if you just want to delete some specific files and not your whole hard drive.
Erase hard drives or SSDs on macOS
With macOS Big Sur it's very easy to wipe your complete hard disk drive (HDD) or solid state drive (SSD). Here are the necessary steps:
- Hold down the power button on your Mac to boot it. Continue holding the power button until the different startup options show up.
- Click on "Options" which starts "macOS Recovery"
- Open the "Disk Utility"
- Select the "Data" disk (if available)
- Click on "Erase" and "Erase Volume Group"
- Select the "Macintosh HD" disk (if available)
- Click on "Erase Mac and Restart"
Info: Secure erase by writing a random amount of bytes to an APFS Volume is not supported by default due to its possibly-unbounded size. If your volume is not in an APFS format, you may have the possibility to select "Security Options" where you can choose how many times to write over the erased data.
Also make sure to remove your Mac from your Apple account when you are not using the device anymore. When you are logged in to your Apple ID, this can be done from the devices list in Apple's account manager.
If your disk uses on-the-fly encryption with FileVault, then you can make your data unusable by deleting your encryption key. The encrypted file system key is wrapped by an "effaceable key" stored in Effaceable Storage. The benefit of this is that once the encryption key, which is encrypted with your password, is gone, the encrypted data on the disk becomes meaningless and as you reinstall macOS it will be overwritten. This is much safer than relying on wiping data from an unencrypted SSD drive as modern wear levleing techniques of SSDs cause a privacy risk by default.
Make a backup
If you want to backup your files and directories before nuking your disk, then checkout Roadkil's Unstoppable Copier v5.2. Although this freeware is already over 10 years old, it is very reliable and works like a charm on Windows 10.
On Windows (and partially Linux):
- Make a backup of your important files and directories with Roadkil's Unstoppable Copier v5.2
- Download ShredOS
- Prepare a USB stick with Rufus and install ShredOS on it
- Restart your computer and boot ShredOS to securely erase all of your data with a strong overwriting standard (depending on the size and speed of your drive, this can take several hours!)
- Backup your data with Apple's Time Machine
- Start macOS Recovery and erase your storage device using Apple's Disk Utility
- Remove your Mac, when not being used anymore, from your Apple ID
Use volume encryption
When reformatting your drive and installing a new operating system, make sure to apply full volume encryption. This will make it even harder to retrieve your data by follow-up owners or intruders. With Windows you can use BitLocker. On macOS there is File Vault and Linux users may find VeraCrypt useful.
At this point I would like to thank all developers of useful open source software and my dear friend Jan Kroening who supported me finding the little gems mentioned in this article. 🙇
Top comments (1)