Kill your data dead with these tips and tools

Whatever your reason for wanting to get rid of old files, here's how to make sure sensitive information is truly deceased.

There are lots of ways to obliterate sensitive data from of your drive: blast furnaces, degaussers (magnet field generators), sledgehammers, and secure-deletion software among them. These tools vary in effectiveness--especially as applied variously to hard drives, solid-state drives, and USB flash drives--and in the subsequent usability of the drive.

For the sake of argument (and a more interesting article), let's assume you'd like to preserve your drive's functionality. This rules out violence and degaussing, which, though wonderfully effective and perhaps therapeutic, will render a drive useless. Excluding those options leaves you with a choice between software and software-combined-with-firmware methods.

Free secure-erase utilities

You can easily erase an entire hard drive or SSD by using any of the free utilities listed below. All invoke the secure-erase (sometimes called quick-erase) functions integrated into nearly every ATA/SATA drive produced since 2001. By and large it's a great feature, but using it on older drives has some potential pitfalls, such as buggy implementations, an out-of-date BIOS, or a drive controller that won't pass along the commands. You might also need to fiddle with the ATA/IDE/AHCI settings in your BIOS, and in most cases the drive should be mounted internally.

I've never had a problem secure-erasing a hard drive, but about a year ago I did brick a Crucial M500 SSD. (A firmware problem was probably responsible for this disaster; Crucial accepted the drive for return but never told me why the hardware had gone belly-up.) An enhanced secure-erase operation overwrites a drive's housekeeping data as well as its normal user-data areas, but at least one vendor (Kingston) told me that its normal secure-erase routine does both, too. In the bad old days, running a secure-erase on some SSDs sometimes left data behind.

Depending on the controller you use (notably SandForce), a secure-erase can be cryptographic or physical. If a drive is encrypted--and some are by nature--a secure-erase operation simply deletes the encryption keys, and then regenerates them. Without the original keys, the data is useless. A physical erase involves zapping the drive's magnetic particles or NAND cells back to their default state.

To entirely avoid the danger of erasing the wrong drive in a multiple-drive system, you should power down, disconnect all of the drives except the one to be erased, and then boot from a CD or a flash drive with the utility that does the job. I learned that lesson the hard way.

Linux-based boot disc Parted Magic (formerly donationware, now free to use but $5 to download) has many features, including a file manager and a partition manager. It's handy for recovering data and operating systems, but it also has a link on its desktop to DiskEraser, a simple utility that will erase your drive or invoke the drive's own secure-erase routine. Parted Magic is basic and lightweight, and it will work with any drive. In fact, several SSD vendors recommend it--though the recommendations date from when it was completely free.

Little, command-line-lovely HDDerase.exe isn't for inexperienced users--it's a bit too geeky and can require multiple steps. Another drawback of the app is that it can't bypass the frozen security stat that most modern drives employ to avoid malware erasures. But otherwise it invokes the secure-erase function just fine. It also comes in .ISO form, so you can burn it to disc or create a bootable flash drive from it.

Note that the NSA sponsored HDDerase. Yes, the folks there like to secure as well as monitor data. Not to mention dip their hands into open-source security projects. Interpret that historical nugget as you will.

Most drive vendors provide a utility that can run S.M.A.R.T. diagnostics to check drive health, update firmware, and invoke a drive's secure-erase routine. Odds are you'll have to sign an agreement accepting that the tool may brick your drive--but hey, that's life in the big city. A short list of such utilities includes Data Lifeguard (from Western Digital), Drive Fitness Test (from Hitachi), OCZ ToolboxSamsung Magician (SSD only), and SeaTools (from Seagate).

For hard drives only: Block-overwrite software

Block-overwrite software is more versatile than the secure-erase command because it lets you wipe data from a hard drive while leaving the operating system, program files, and other keepers intact. Unfortunately, this type of software is ineffective on SSDs or USB flash drives, and in many cases it can't wipe a hard drive's HPA (Host Protected Area), which contains data about the low-level organization of the drive. That said, with high-powered algorithms and multiple passes, it will effectively render your data unreadable even when subjected to all but the most expensive forensic techniques.

O&O SafeErase 7 ($30, free demo) is a jack-of-all-trades that can remove individual files and folders or erase entire partitions and disks. Like the previously reviewed PrivaZer, SafeErase scans your hard drive for possibly sensitive files, presents them to you for inspection (or you can elect to accept its assessment across the board), deletes them, and then wipes them. SafeErase did a good job of finding sensitive stuff while ignoring what I wanted to save, and it includes options on general types of files to look for.

SafeErase can also wipe free space (erasing the tracks left by deleted files) and your entire computer (all drives, everything), though those options aren't available in the demo version. But the $30 that O&O charges for those extra features may money well spent if you want to maintain a clean system. SafeErase is a nicely realized, versatile data-destruction program.

MediaTools Wipe 1.2 ($99, free demo) is all about erasing a lot of hard disks with minimal fuss. It's designed for professionals who erase in bulk and will dedicate a (rather powerful) PC to the task. MediaTools Wipe 1.2 can handle up to 18 drives at once, all presented in a convenient console view. The program has its own wipe routines, but it can't invoke a drive's own secure-erase routines.

MediaTools Wipe 1.2 has so many handy features (user-definable erase patterns, smart handling of bad blocks, and so on) that I can't mention them all here. Check out our review of the functionally equivalent version 1.1. You'll likely dedicate a PC to it, so the $49, single-seat technician's license will suffice for most situations. However, $500 single-site and $1000 multi-site licenses are available for the corporate crowd.

The handy and free Eraser 6 utility deletes files, folders, and free space on a schedule. It's just the thing for users who want to maintain a minimal data presence on their PC. You must know what you need to erase, since Eraser 6 doesn't have automatic selection of sensitive data, as O&O SafeErase and PrivaZer do. But Eraser 6 does have a large array of government-level algorithms to choose from, and it's super-simple to use.

Active@ KillDisk is available in a free Windows edition and a DOS (boot disc) edition. Either will overwrite free space or entire partitions with a single pass of zeroes. To obtain its more advanced features and algorithms, you'll need the Active@ KillDisk Pro, which costs $40 for Windows, and $50 with the pro-DOS version thrown in. KillDisk won't invoke a disk's secure-erase routine, and it doesn't have any smarts: It doesn't detect and delete sensitive data such as browsing records, downloads, and program caches.

Active@ KillDisk is very effective as far as it goes, but most users will be just as well off with the free Eraser 6--or better off by paying less for a program that automatically selects and deletes sensitive data and wipes free space. Then again, if you run Piriform's CCleaner before KillDisk (or Eraser 6), you'll have a very effective data-killing combo.

Wiping SSDs and USB Flash drives

Block-overwrite software isn't reliable with NAND-based media because of the voodoo that flash-storage controllers use when writing and deleting data. Im sorry I can't be more specific about what actually happens, but controller vendors are loath to talk about such things, lest they give away a competitive advantage.

That said, SSDs that support the TRIM command and run under a TRIM-supported environment (Windows 7 and 8, OS X 10.6.8 or better, Linux 2.6.28 or better, plus a modern BIOS and drive controller that pass on the command) should wipe deleted data continually. Note that I said "should."

Ideally (for security purposes) an SSD's garbage collection routines, invoked by the TRIM command, would quickly erase the NAND blocks formerly occupied by your file. The whole reason for TRIM is that NAND must be erased before being rewritten. If a drive runs out of clean, unwritten blocks and must erase previously used blocks immediately prior to writing to them, performance suffers drastically.

Unfortunately, from what I could glean from data recovery experts such as strategic technical alliance manager Chris Bross of DriveSavers and SMB partner manager Leon Feldman of ACE Data Recovery, some disk vendors put off block erasures for long periods of time or until they're forced to resort to them. Sad but true: You can't rely on housekeeping to remove data. Even sadder, there seem to be no utilities that will force the garbage collection. That seemingly simple solution has so far been ignored.

USB flash drives don't support standard ATA secure-erase or TRIM--so unless you're using a secure, encrypted type, you'll need to contact the vendor for an erase utility.

You could overwrite the entire drive or just free space with files. This will work to a point, but--especially on SSDs--some blocks used in over-provisioning and marked as bad can't be copied over. They may retain data you want to erase.

In the end, the only sure way to remove all unwanted sensitive data from the free space on an SSD or USB flash drive while retaining the data you still want is to back it up (use imaging if an operating system is involved), secure-erase the drive, and then restore the desired data. Sigh.

And when that's not enough...

All the methods and programs I've described will work great for the average user. That said, forensic data recovery technology has come a long way. Normal affordable methods won't counteract anything I've discussed. But if you have a formula for cold fusion, or a trade secret that will topple the global economy overnight...go for the degausser, the hammer, and then the blast furnace. You can't be too sure.

Join the CSO newsletter!

Error: Please check your email address.

Tags dataUtilitiessecuritysoftware

More about CrucialDriveSaversHitachi AustraliaHPA AustraliaISOKingstonLinuxNSAOCZPiriformSamsungSeagateWestern Digital

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon L. Jacobi

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place