Erasing Data Securely From Your SSD or HDD¶
Erasing data from your computer may seem like a simple task, but if you want to make sure the data is truly unrecoverable, there are some things you should consider.
Tip
You should use full disk encryption on your storage devices. If your device is stolen or needs to be returned under warranty your privacy may be at risk.
To erase a storage device thoroughly, you should securely erase the whole device and not individual files.
Erasing Your Entire Drive¶
When you delete a file, the operating system marks the space where the deleted file was as "empty." That "empty" space can be fairly easily undeleted, yielding the original file.
Magnetic storage¶
If the disk is a magnetic storage device, such as a spinning hard disk, we suggest using nwipe
. nwipe
can be installed in most Linux distributions. If you wish to use a complete boot environment on a system, consider using ShredOS Disk Eraser. ShredOS boots straight into nwipe
and allows you to erase available disks. To install it to a flash USB stick see the installation methods.
Once you have your boot media, enter your system's UEFI settings and boot from the USB stick. Commonly used keys to access UEFI are F2, F12, or Del. Follow the on-screen prompts to wipe your data.
Flash Storage¶
For flash memory (SSD, NVMe, etc) devices we suggest the ATA Secure Erase command. Methods such as nwipe
should not be used on flash storage devices as it may damage their performance. The "Secure Erase" feature is often accessible through the UEFI setup menu. NVMe storage can be erased using the nvme-cli
tools. For that see:
nvme format /dev/nvme0 -s 2 -n 1
It is also possible to complete a Secure Erase using the hdparm
command, or Microsoft Secure Group Commands.
Physical destruction may be necessary to securely erase devices such as memory cards, USB sticks and unusable hard disks.
Erasing Specific Files¶
Securely shredding individual files is difficult if not impossible. Copies can exist in a variety of ways such as through manual, or automatic backups, wear leveling (on modern flash storage), caching and filesystem journaling.
Wear leveled devices do not guarantee a fixed relationship between logical blocks addressed through the interface. This means that the physical locations in which the data is stored may be different to where it is actually located, so shredding may not provide adequate security.