Secure Erasure of Storage Devices

Purpose

Erasing a file off of a storage device normally does not actually erase the file contents - to speed the process, the reference to the contents is erased and the location where the file contents are stored is marked available to the file system.  Reformatting a hard drive is similar: as disk sizes have grown, a full write of a drive can now take hours.  A fast format will write only enough data to define a new file system - leaving most of the existing data in place and potentially available to data recovery tools.

Securely erasing a storage device requires overwriting all of the data on the device - this can be an option during formatting a drive or can be done with software.  Erasing a storage device containing the operating system of the computer will require you to run a separate program when the system starts up.  These are usually recovery programs included in the operating system or a purpose built program to erase storage devices.

Storage Hardware Types

Traditional Hard Disk Drives (HDDs)

Traditional disk drives store data on magnetic material on the surface of one or more disk platters, which can be read and rewritten millions of times.  The disk is divided into physical sectors and the operating system stores data in these sectors.  Erasing the disk is a matter of overwriting all of the sectors on the disk, usually with all zeros or else random data.  This overwriting can be repeated multiple times for additional assurance that the original data is not recoverable.

Solid State Drives (SSDs)

Solid State Drives store data on flash memory chips, which can be rewritten a relatively limited number (in the 10,000 to 100,000 range) of times.  SSDs emulate traditional HDD sectors with software in order to make them plug in replacements for HDDs.  Because of this, the operating system has little control over the physical placement of data on the drive, so writing multiple times to the drive will only server to wear it faster and may not overwrite the entire drive.

To get around this limitation, SSDs can accept a "Secure Erase" command which will wipe all data from the drive and return it to its initial state from the factory.  Issuing a Secure Erase command requires a disk utility program and cannot be done if the disk is in use, so they are normally used with bootable USB or CD images.

Apple OS X

Follow the instruction on this site to erase all storage devices on your system: https://support.apple.com/en-us/HT208496.

Linux

DBAN

You can use Darik's Boot And Nuke (DBAN) https://sourceforge.net/projects/dban/ to erase all conventional HDDs on a system.  First download the ISO and burn it to a USB drive or CD.  Reboot the system and boot into the USB drive or CD, then when the DBAN software starts, you can select which drives to erase as well as the erasure algorithm.  The default behavior is to erase ALL disks in the system.

hdparm

You can use the hdparm disk utility to perform secure erasure of SATA HDDs and SSDs as long as they are connected directly to the SATA interface.  SAS and SCSI drives are not supported.  Do not attempt this with drives connected via USB or Firewire or a SATA RAID controller.  You will require hdparm version 9.31 or later (earlier versions can timeout after 2 hours, leaving the disk in a partially erased state) and a bootable CD or USB image for system disks.

Follow the instructions here https://tinyapps.org/docs/wipe_drives_hdparm.html

Windows

DBAN

On windows 10, you first need to download the Darik's Boot And Nuke (DBAN) ISO from https://sourceforge.net/projects/dban/, then
to burn it to a USB drive or CD if your system has one.  To
"burn" a copy to a USB drive, you can download Rufus <https://rufus.ie> - download the latest version of the "Portable" type and save it to your computer.

Insert the USB drive you wish to install DBAN to - this will overwrite the USB drive and erase any data on it - make sure you have copied any files you need from the USB drive.

After starting the program, you may get a dialog asking if you want this app to make changes to your device.  It should show the following information:

Verified publisher: Akeo Consulting
File origin: Hard drive on this computer

Select "Yes" if this is the case to proceed - next it will ask if you want to allow Rufus to check for application updates online.  You should consider doing this if you intend to use the program in the future, otherwise it's not necessary.

Once that's complete, the program's window should appear.  Select the HDD to erase - remember this will erase all data on this drive, so be careful to select the intended destination.  Then default behavior is to erase ALL drives connected to the system.

Manufacturer's Disk Utilities

To securely erase SSDs, you will need to use a disk utility that supports it.  Most hard drive manufacturers have free downloads of disk utilities for just this purpose, some examples from popular manufacturers are:

Samsung: https://www.samsung.com/semiconductor/minisite/ssd/product/consumer/magician/

Intel: https://downloadcenter.intel.com/download/29205?v=t

OCZ / Toshiba: https://ssd.toshiba-memory.com/en-amer/download/ssd-utility

Kingston: https://www.kingston.com/us/support/technical/ssdmanager

Western Digital / SanDisk: https://support-en.wd.com/app/answers/detail/a_id/9871/kw/ssd%20secure%20erase

Crucial: https://www.crucial.com/usa/en/support-storage-executive
 

Follow the instructions on the web pages above to use the disk utilities.