You may be selling your old computer after a recent upgrade and need to make sure your personal photos don’t turn up on the Internet. There are many reasons you may wish to obliterate your data from a hard disk or SSD. Unfortunately, the process is far from what we see in Hollywood films: you can’t push a knob and have everything deleted in seconds.
With a little patience, though, and a command on the terminal or the proper live CD, you can wipe out a full hard drive or SSD, making data retrieval difficult by third parties, if not outright impossible.
Secure Erase VS storage
Secure Erase is a feature that completely wipes out the contents of a storage device. It has been part of the firmware of most HDDs and SSDs and the suggested solution for secure deletion for ages. In practice, though, several users have reported serious complications with it.
Its implementation seems to vary between vendors, and sometimes it doesn’t lead to a complete deletion of data.
Others say its operation “bricked” their devices because “the controller that turned them from internal to external ones” decided it would be a good idea to cut down on electricity costs by putting them to sleep. Or because an iffy BIOS bug somehow “got in the way” and prevented the procedure from completing.
And (much) older hard drives (less than 15GBs in size) just don’t support it.
Thus, the “official and best” method, Secure Erase, remains somewhat of a gamble, making the alternatives that follow much better choices. That’s why we’ll skip it and jump straight to the safer alternatives.
When we delete a file in modern OS, it’s usually transferred to a “Recycle Bin.” We can still recover any data from it for some time if we change our mind.
One might assume a “complete” delete, where the file is not moved to a Recycle Bin, is a safer approach. Again, however, the file is not eliminated: the media controller marks the area inhabited by the file as “free to use,” but the data it contains remains unscathed.
The deletion of the entire partition and file system sounds like a better – and more radical – option, until you realize it’s the same thing but on a grander scale. The whole partition is “marked as non-existing,” and the space it covered as “unused,” but nothing is truly wiped out. The data will exist until overwritten.
The only reliable way to delete sensitive data is by overwriting it with other data. Preferably, more than once. This is what the following methods do. What differs is their availability, ease of use, and extra options for more secure deletion through multiple overwrites and patterns used.
What will you delete?
If you have more than one storage device on your PC, before trying to delete anything, you need to know which it is, to dodge “mishaps” like wiping out the wrong disk.
The simplest path is if you are already in a graphical user environment with the HDD/SSD to be deleted connected as a secondary device. Then you can use a program like GParted to check out all storage devices and identify the right one.
If you prefer the terminal, you have even more options. Some may already be part of your distribution. Others may demand additional tools to be installed.
Lsblk lets you see all block devices attached to the computer. For legible results, try it as:
smartctl lets you view information about each device. Use it like:
A little more illegible but just as helpful,
hdparm can show comparable results with a nearly identical command:
fdisk is probably the most popular option, and is usually installed in almost all Linux distributions. It, too, can present information about your drives and SSDs, though not as detailed as the other options. Try it with:
The dd method
Once you find the device that has the contents you want to destroy, you can use a command that will overwrite this data “with something else,” making its retrieval almost impossible. Both the command and what this “something else” will be is a matter of preference.
The most common method uses the popular
dd tool with a command as:
of=/dev/sdX corresponds to the device to be wiped out, e.g.
You can speed up the process by using large blocks, and see a progress summary by structuring it as:
bs=4096 is the block size, it differs between devices, and ideally, you could find the one for your device from its manufacturer’s site.
Status=progress requires you to have a progress indicator that will display the time until completion.
Using random patterns rather than a uniform set of zeros is deemed safer for deleting data beyond recovery. You can achieve this by using an alternate take on those commands as:
As you can see, we use an alternative source, replacing the zeros with random numbers. Note that this method raises the use of system resources, as it tasks the CPU with constant random number generation.
The scrub approach
Scrub is another alternative that turns out even easier in actual use but has simpler syntax.
Scrub isn’t usually found installed in most Linux distributions, and you’ll probably have to install it first with:
After its installation, the complete deletion of any HDD or SSD is merely a matter of entering the following as root:
Similar to scrub,
wipe can erase the contents of a storage device disturbingly easily – double-check before you set it loose on your precious data. And just like scrub, to use wipe in most Linux distributions, you first need to install it.
Afterward, to erase everything in sdX, you simply have to press Enter after typing in a terminal:
The Live GUI path
Note: The following methods will work regardless of the OS running in the hard drive.
If you wish to destroy the contents of the HDD or SSD where your OS lives, you can’t do it while you’re using the OS. Instead, you can use a Live CD/DVD of a Linux distribution – preferably, one that employs the Gnome desktop environment which usually comes with the easy-to-use Gnome Disk Utility.
To delete everything this way, boot from the distribution’s Live CD/DVD. Run Gnome Disk Utility (found as “Disk” in Gnome).
Select your storage-to-be-deleted from the list in the left pane, click the two-gear button, and select “Format Partition.”
In the window that appears, enable the “Erase” option to overwrite the existing data.
Enter a name for the storage media in Volume Name, click Next on the top right, and accept the warning displayed with another click on the Format button that will show up at the same spot.
Darik’s Boot and Nuke solution
Another approach that is also based on a live CD relies on “Darik’s Boot and Nuke,” better known as DBAN. Instead of a standard distribution, DBAN is a standalone bootable tool specializing in a sole process: the complete and utter deletion of all the contents of an HDD or SSD.
After you boot the computer from it, and after an initial process of identifying the computer’s hardware, DBAN will show you a list of the devices it found. Select the one you want to wipe using the cursor keys and enter or space, and press F10 to start the deletion process.
The best results: hammer and Not-a-Flamethrower
We are not data recovery specialists, so we cannot guarantee which methods perform better. Some claim it is possible to detect and recover traces of data that has been overwritten up to twice from the surface of a hard disk drive by using specialized equipment. Others insist that this is theoretical with no proof that it is feasible. Some recovery companies claim to have saved data even from hard disk drives that almost disintegrated in a fire or whose platters were in pieces.
Since they are the specialists, and they present those as some of the worst-case scenarios, it’s probably best to trust them: the introduction of a hammer and Elon Musk’s Not-a-Flamethrower sounds like the most powerful “safe deletion” method. But for those of us who don’t have access to a flamethrower and who don’t like to act like a raging Thor at three in the morning, the methods we saw are the best bet.