Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

How to completely erase harddrive

  1. Jan 17, 2009 #1
    My friend gave me a one of his old harddrives so I could use it as a secondary hdd on my home desktop. However, to protect his privacy as well as clear all the space being used I want to delete everything that was on it. I tried manually deleting everything however there is still some stuff left on it (ie. operating system etc.) and I heard that it's still not very reliable or secure.

    Therefore I am wondering if anyone knows a way for me to completely delete everything on the harddrive including the operating system?
     
  2. jcsd
  3. Jan 17, 2009 #2

    jtbell

    User Avatar

    Staff: Mentor

    Under Mac OS X, launch the Disk Utility application, select the disk, then select the Erase tab, then click the Security Options button. You can choose between "Don't Erase Data", "Zero Out Data", "7-Pass Erase", and "35-Pass Erase".

    When I got rid of my old Mac at the office, before I turned it in I re-installed the OS and did a 7-pass erase on the unused disk space.
     
  4. Jan 18, 2009 #3
    Thank you jtbell, unfortunately I run windows xp on the computer, I apologize for not previously mentioning that information.
     
  5. Jan 18, 2009 #4

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

  6. Jan 19, 2009 #5

    jtbell

    User Avatar

    Staff: Mentor

    That's OK. I figured you're probably running Windows, but it might be useful to have the Mac OS X instructions handy here in case someone else searches for them in the future. :smile:
     
  7. Jan 19, 2009 #6
    To add to mgb's concise post.

    Does 'erasing' erase the data? Why should it? The idea is to loose pointers in the FAT (file allocation table) to free space for allocation of new files. So it really isn't an 'erase' but a 'forget'. As far as I know the data it still there. It's location is just forgotten by loosing the pointers. It takes little time to loose a pointer. It takes a long time to write a region of 11111111's.

    Edit: If I'm wrong, and the data is overwritten with some constant value like zeroes, the following still holds.

    The only option is multiple radom overwrites. If it's not truely random, the original data can still be obtained from analog analysis. Overwritting data does not completely destroy it. It remains as a ghost. Subtracting the overwriting signal will reveil previously written data.

    To nit-pic this a little further, it should even be possible to subtract out a single random overwrite. After all, it's either a one or a zero. By measuring field strength it should be feasable to deduce whether the randomizing bit was a one or a zero. So one should be able to reconstruct most data subjected to one or two random overwrites.

    Ask the NSA. They're proficient at extracting this sort of information.
     
    Last edited: Jan 19, 2009
  8. Jan 19, 2009 #7

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    The multiple overwrite (DoD requires 7 writes of alternating 0 and random) was mainly aimed at the days of MFM drives where it was relatively easy to read the underlying data if you just wrote 0. The multiple writes were because the heads weren't accurately aligned and it was possible that new data tracks weren't on top of previous tracks.

    With modern GMR drives a single overwrite with zero is all that's necessary to erase the data so that it cannot be recovered. But there may be extra data stored in SMART and bad sectors which isn't overwritten - so if you have top secret data the only way to securely erase a hardrive is thermite.
     
  9. Jan 19, 2009 #8
    So I looked up GMR. GMR is read/write head technology allowing for denser data. It still lays down track of oriented magnetic fields just as before. I don't see the difference.

    I don't know if you mean writting zeros. I haven't kept up, but I'm sure it's still true that encoding methods prevent writing a single flux direction over more than bit cells, or so.
     
    Last edited: Jan 19, 2009
  10. Jan 19, 2009 #9

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    I meant GMR as a synonym for modern high density drives.

    General opinion is that a single overwrite for modern drives is sufficent to make the data unrecoverable
    See. "Overwriting Hard Drive Data: The Great Wiping Controversy" - Dr. Craig S Wright
    http://gse-compliance.blogspot.com/

    A bigger problem is that however many times you tell the OS to overwrite the data it will ignore sectors that have been marked as bad which might contain recoverable data. Even the pattern of accesses recorded in the SMART might be of use to an enemy.
    For classified data the sledgehammer/thermite/acid technique is the only way way to be sure.

    The people selling software packages with "mil-spec overwriting of data" are like the ones selling "mil-spec encryption", they find some standard - however obsolete or inappropriate and overwrite however many times it says, and assume that's all you need to do.
     
  11. Jan 20, 2009 #10
    Thanks for the factoids. You're certainly up on the details. I've been mildly curious for a number of years since Norton included something which would write repeated ascii "hepta" all over your drive. Too bad the Springer paper is copywrite.
     
  12. Jan 20, 2009 #11

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

  13. Jan 20, 2009 #12
    You should do low-level format, and the deleted files will never be recoverable... :-)

    If you want to install windows xp again, just plug the CD in, boot, and when the partitions screen comes, delete all of the partitions (if you have several ones), create new partition, and format it with NTFS or FAT32 file system. At this point your hard disk is completely erased. It is completely demagnetized, new sectors and tracks are completely written on the layer.

    Regards.
     
  14. Jan 20, 2009 #13

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    You cannot do a low level format on most modern drives.
    A low level format (back in the days of FM and MFM) wrote actual track markers onto the disk that were used as a guide by the head positioning - the same thing is still done on floppies but not on modern RLL drives. The head servo is accurate enough without them and the firmware can use the actual data tracks as references if needed.

    An operating system level format will either just erase the file table (windows quick format) or also check the drives for bad blocks (windows full format). A Unix mkfs is similair.
    NTFS also writes spare copies of the file table at the middle and end of the drive - just in case.
    Even if the file tables are erased it is relatively easy to extract data from the disk - especially if you know the content of the file you are looking for, you just read each block in turn and check for the data. That's why to securely erase a drive you write zeros over every block.
    However - if you are '3 letter agency' you can then take the drive apart and put each platter under an electron microscope and see the analogue pattern of magnetic data. If a point on the drive originally held a one and you wrote a zero then the magnetic field might only have been reduced to 0.1 - low enough for the drive to read it as zero, but enough to give the microscope an idea of the original content. This is where the recomendation to write over it with random numbers or some special pattern a certain number of times came from.
    How much this matters for a modern high density drive (ie how close to 0 is the remaining field) is the point that is being debated.

    Like anything else in security - it depends on how valuable the data is, and how much time/money/effort the other guy is prepared to go to in order to get it.

    If you just don't want your friend to get your 'artistic' picture collection then a format and installing windows over the top is enough, if you had people's credit card details or medical records then use sdelete (write over it with zero) and if you had nuclear launch codes - smash the disk and dissolve it with acid!
     
  15. Jan 20, 2009 #14
    You're right. There two things to do. Either demagnetize it (put all 0's), or open it, and smash it. :smile: No other possible way. Anyway, my method will work if he want to erase the HDD completely (if he thought about erasing all possible files on the disk).
     
  16. Jan 22, 2009 #15
    Thank you so much for your answers. However, this leads me to another question...

    If everything on the HDD including the OS is erased, and this HDD is used as a slave, could files still be written and viewed on the slave through XP as long as I have XP installed on the master HDD? Simply put, does the OS have to be on the secondary HDD as well if you want the files on it to be read and interact with the OS on your primary HDD? This is important since the OS takes up a fair amount of space on the HDD and its only 20Gb.
     
  17. Jan 23, 2009 #16

    mgb_phys

    User Avatar
    Science Advisor
    Homework Helper

    No you only need the operating system in one place.
    Each drive does need to be partitioned and formated. Your drive will already have a single partition from before (so no need to do anything for that), then formating it just resets it to be marked blank and so new files can be written.

    The computer's hardware (in this case the disk controller) tells the operating system how many drives are fitted and the operating system reads the directory table from the beginning of each to find which files are on it.
     
  18. Feb 16, 2009 #17
    BCWipe will actually shred the files on your hard drive making them non-recoverable in any manner. It will run up to 7 passes on the selected hard drive to ensure nothing is salvagable. I've only run it on the "free space" of my hard drives. After it successfully completes the 1st pass, my file scavenger application could no longer recover any files, but if you want to be cautious, allow it to run all 7 passes.

    Here’s a link to the download…

    http://www.freedownloadscenter.com/Utilities/File_Cleanup_Utilities/BCWipe_Download.html
     
  19. Feb 17, 2009 #18

    Boot a Linux Recover Floppy (or CD) like the "tomsrtbt",
    and execute "dd if=/dev/zero bs=16025b of=/dev/your_drive" .
    It's enough for your needs, it is fast, and free of viruses.
     
  20. Feb 19, 2009 #19
    I really like Darik's Boot and Nuke. You download it, burn to a CD, then boot that CD. Type "autonuke" and it'll completely wipe and overwrite every drive it can find. I believe it uses 3 passes of psuedorandom data by default, which as said is overkill, but it is simple and easy. Be warned, it'll wipe every drive you have connected by default, so make sure you physically disconnect any drives you don't want wiped. Or you can not use autonuke, and actually pick the drive you want to wipe.
     
  21. Sep 24, 2009 #20

    mheslep

    User Avatar
    Gold Member

    Old thread but if anybody is browsing: use /dev/random for the source instead of /dev/zero. Even better, the linux program wipe will do this for you, make multiple overwrites, etc. wipe is available on many of the canned boot CD Linuxes, such as knoppix.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?



Similar Discussions: How to completely erase harddrive
  1. How to erase cookie ? (Replies: 3)

  2. External Harddrive (Replies: 16)

Loading...