This page describes Data Destruction: how to reliably delete data from a disk you are disposing of for reuse or for scrap.
Modern hard disks can hold a huge amount of data, some of which is likely to be sensitive. In the wrong hands, this can be used in all manner of frauds and scams. It's therefore very important to ensure that it's put beyond recovery whenever a hard disk (or a computer containing a hard disk) leaves your possession, whether for reuse or for recycling.
- Before starting any data destruction process, double-check that you've copied off any valuable data you wanted to keep, and that it really is the right disk you're about to wipe!
Don't undervalue your data
People often say "I don't have any data on my computer that anyone would want to steal". You probably have.
Your browser may have stored login credentials to your bank, Paypal and eBay accounts, and shopping sites like Amazon. These are like gold dust to criminals, especially any sites which have your credit card on file. If, additionally, you use a token or security code sent by text message in order to access you bank or Paypal accounts, this will considerably reduce the risk, but may not completely eliminate it.
Email and social networking login details, too, are highly prized by criminals. By impersonating you to trusting friends they can work many kinds of scam, such as emailing them so say you've been mugged in Manila and need them urgently to send you money, or tricking them into installing malware which may encrypt their files and demand a ransom for the key, or abuse their Internet connection by sending spam emails or attacking websites, and at the least, slow their computer to a crawl with useless and obnoxious apps or pop-ups.
Your emails and files may reveal personal details of yourself and your friends which could be used to facilitate identity theft or cause embarrassment.
It's a jungle out there - be prepared!
Don't over-value your data
But you don't need to be paranoid. Files which are simply deleted are often easily recovered, even if you empty the recycle bin. But faced with effective yet simple measures a criminal will quickly move on to the next potential victim, unless he has reason to believe you might be sitting on a small fortune.
On the other hand, if you are a dissident living under a repressive regime or if you hold politically or commercially sensitive data that would be of interest to a state-level intelligence service, then you will need to know that your deleted data really is gone for good. Even this is not difficult to achieve.
What NOT to do
- Don't let a disk out of your possession without doing anything - the data on it is probably more valuable than you think.
- Don't simply delete files. Even if you then empty the recycle bin, much of the data may nevertheless be easily recoverable from the free space.
- Don't imagine that reformatting your disk will erase your data - this will only reset the indexes and most of it will probably still be there.
- Don't trust disk erase programs to erase a solid state disk (SSD) or USB memory stick - because of the way they work it's almost impossible to be completely sure your data really is gone.
- Don't bother with multiple overwrites - they're a waste of time. (A controversial paper in 1996 suggested 35 passes might be needed. If it ever was, 2 passes is almost certainly overkill with today's drives.)
What maybe you should have done!
If you had encrypted your entire hard disk with Bitlocker (Windows) or FileVault (MacOS) before writing any sensitive data then all you would need to do is change the encryption password to some random string which you don't record anywhere. With an SSD, this is the only way to be sure your data really is gone.
If the disk is scrap
Since a new solid state disk is now quite cheap there is little reason not to destroy your old disk even if you want to give the computer away or sell it.
Physical destruction is much the easiest, quickest and most effective way of ensuring the disk is unreadable even by a sophisticated attacker. Even if the disk is faulty and you can no longer read it, there are programs such as Spinrite which may be able to recover it. There's a strong chance that a professional data recovery firm would be able to recover most or all the data for a 3-figure sum.
All newer drives have platters made of glass which will shatter into dangerous flying shards. Rather than opening it, the simplest method is to drive a masonry nail through it roughly half to three quarters of the way from the centre and one side. Some sticky tape over the holes will contain the glass.
There is an iFixit guide which describes the process in greater detail.
Some older drives may have aluminium platters which won't shatter, but you can drill right through them to do as good a job.
If the disk is destined for reuse
If you really don't want to destroy the disk (maybe you're giving the computer to a family member or trusted friend), these are the measures you should take.
Retaining the operating system:
If you really don't want to have to reinstall the operating system, the least you should do is:
- Delete all user files
- In your Address Book or Contacts, delete all entries
- In your email application (if you don't exclusively use web mail using your browser), delete all emails in all folders (and lastly, in Trash) and delete any folders you created
- In your browser, and in each browser if you've used more than one:
- delete stored passwords
- delete all cookies
- delete browsing history
- delete bookmarks
- delete anything else the browser lets you delete
- Check all applications for stored personal information or login credentials
- Create a new user account with administrative rights and a bland name such as "User", log in to it, and delete all other user accounts.
- If the computer name identifies the previous owner, change it. (Windows: Control Panel - System - Advanced System Settings; Mac: System Preferences - Sharing.)
- Finally, empty the recycle bin, then VERY IMPORTANTLY, erase free space. You can do this with CCleaner. Under Tools select Drive Wiper - Wipe Free Space Only. On a Mac you can use the Disk Utility - Erase - Erase Free Space.) This could take some hours for a large disk.
Full disk wipe:
A much safer option is to wipe the entire hard disk, but then you will have to reinstall the operating system (or sell or pass on the computer without an operating system).
If you choose this route, before starting it's a good idea to save licence keys and drivers for use if needed after reinstallation. Licence keys can be found using the Magical Jellybean KeyFinder. Drivers can be extracted and saved using Double Driver. Save all licence keys and drivers to a USB memory stick or some other safe place.
To securely wipe a hard disk there are several popular and reliable utilities:
- CCleaner has an option for wiping an entire disk, but this obviously won't work for wiping the system disk you're running from! If you can mount the disk to be wiped on another system, either as a second SATA disk or by using a USB-SATA adapter, this is probably the easiest way.
- DBAN (Darik's Boot and Nuke). This boots from a CD or USB memory stick in order to wipe the hard disk.
- CMRR HDDErase. This is a DOS program that you can add to a DOS bootable CD or memory stick. It uses a secure erase function built in to all hard disks. However, doubts have been expressed as to whether all hard dsks implement it correctly.
None of the above is guaranteed to wipe data from weak or faulty sectors which have been remapped to a spare, or from used but disused spare sectors. For a SSD, read also the later section on Solid State Disks and Memory Sticks.
For professional use or if you feel your life or liberty depend on it, Blancco is the preferred disk wipe product. An evaluation licence is available.
After wiping, you will of course have to reinstall the operating system and all applications.
For a Mac running OS X
For a Mac, the same principles apply. After emptying Trash, the Erase Free Space option in the OS X Disk Utility can be used instead of Ccleaner. This is can also be invoked from the repair partition or the install media. Both DBAN and HDDErase should work provided you can get them to boot. Even if not, you can remove the hard disk and temporarily install it in a PC to wipe it (taking great care not to wipe the PC's own hard disk by mistake!)
Yosemite and later support full disk encryption, which ideally you should enable before loading any sensitive data. A recovery key can be uploaded to iCloud or displayed so you can write it down for safe keeping. If you change the password to something random, destroy any temporary record of it, and ensure there is no hard copy or iCloud copy of the recovery key your personal data should be safe, but you can run DBAN or HDDErase as well if you like.
Smartphones and Other Gadgets
Smartphones may contain just as much personal information as a computer. Even a feature phone will contain many of your contacts and possibly email addresses and appointments. A GPS will contain your favourite places and details of recent journeys. Restoring to factory settings will hide these from an opportunist but much or all of the information may still be recoverable with forensic tools, which criminals may well be in possession of.
Later versions of iOS and Android include encryption, which you should enable from the start. Restoring to factory settings should then be effective, but if you're James Bond or you hold the secret formula for Coca-Cola you might want to remove the motherboard and smash all the larger chips with a hammer. But don't use the hammer on anything that still has a battery in it or you might have a fire on your hands.
Solid State Disks and Memory Sticks
The only sure way to destroy data on a solid state disk (SSD) or memory stick is physical destruction by smashing it with a hammer. Try to ensure that the chips inside are smashed, and not just the circuit board they're mounted on, as otherwise they could possibly be removed from the board in order to read them.
If you want to reuse a memory stick or memory card and only need to protect your data against an opportunist adversary, you can do a reasonably good job by deleting all files and then running the Windows utility H2testw. Select the English language radio button (unless you speak German), select the target as your memory stick or memory card, and click Write+Verify. This will overwrite all free space, but even so, it is still possible that forensic tools could recover fragments of data.
A reliable way to sidestep the difficulty of wiping a SSD or memory stick for reuse is to encrypt it before you write any sensitive data to it. So for a SSD which is to be your system disk, install Windows (or your preferred operating system), then apply whole disk encryption, and only then add any sensitive data. That way, there is no chance there might be vestiges of unencrypted sensitive data lurking. Some memory sticks come with an encryption utility, but there are many encryption utilities around. Most allow you to create an encrypted "vault", which you should make big enough to fill all available space, making it impossible to write data except to the encrypted vault.
To pass on an encrypted device for reuse (whether an SSD or memory stick), simply change the password to a long random string and immediately destroy any record of that string. However, if the device becomes faulty you may not be able to change the password, so the original one must be a good one.
Full disk encryption is available on professional editions of Windows (as Bitlocker) and on MacOS (FileVault). Otherwise, you can use the free utility Veracrypt. This can also be used to encrypt a memory stick.