Wiping A Hard Drive


Wiping a Hard Drive means to render all data on a hard drive unreadable.

Formatting a Hard Drive wipes the partition table unlinking the data in the file system.

Format removes the old file system. Data can still be recovered.

For warranty purposes refer to your device's terms before proceeding.


Android ⋅ Windows ⋅ Linux ⋅ Mac ⋅ Standards ⋅ Software


Android

In Android the Factory Reset Protection (FRP) was introduced with Android 5.0. When you factory reset a phone with FRP enabled and try to set it up as a new device, you’ll be prompted to enter the username and password for the last Google account that was registered on the device. This means the device was not fully wiped and most of the data can be recovered.

Unlock Device

Samsung: settings/lock screen/screen lock type and choose None

Huawei: settings/security & privacy/screen lock & passwords/disable lock screen password

Google Pixel: settings/security/screen lock and choose none

A password/pin will be required to unlock the device.

Remove Google Account

Samsung: accounts and backup/accounts tap on Google, then tap remove account

Huawei: settings/users & accounts/Google and tap remove at the bottom

Google Pixel: settings/accounts/Google and tap remove account

A password/2 Factor (if enabled) will be required to remove any Google account associated with that device. Log into each email you used with that device and permanently delete the stored data. Then delete the email account.

Click Here to view the data stored within your Activity Controls.

Click Here to learn more about the data Google retains.

Any vendor that has enabled Find My Mobile must be sanitized, then deleted.

Any vendor that offers backup and restore with biometric data must be terminated.

Once you are certain the data and backups associated with that device have been terminated, proceed with a factory reset.

With Android, you can wipe the SSD from recovery mode. Restart the device and immediately press Volume Up + Bixby + Power for Samsung. Use the volume keys to navigate the menu options. To encrypt the device, a full charge must be ready. Log into the device and skip all registration and update prompts. Go directly to settings/biometrics and security/encrypt ssd and choose Encrypt Now. It will complete quickly because you wiped it from recovery mode. Restart the device and factory reset once again. Encrypt the device one more time just to be sure. This extra layer of security will make it difficult to recover your data.

Reminder: if you left your Micro SD Card in the SD slot during encryption, the Micro SD Card can only be used with that device.

top page


Windows

In Windows you can take advantage of the format CMD to erase, delete and wipe disks and their partitions. To launch a CMD Window press Windows Key + R and then type CMD in the Run Window that appears to the bottom left of screen. All versions of Windows support this. The Format Command can only be applied on disks and their partitions if they're NOT in use. You must also have Administration Privileges to format a drive from within Windows.

Format Command Syntax

format drive: [/q] [/c] [/x] [/l] [/fs:file-system] [/r:revision] [/d] [/v:label] [/p:count] [/?]

drive: letter of the drive/partition that you want to format.

/q will quick format the drive, meaning it will be formatted without a bad sector search.

/c enables file and folder compression using this format command option. Only available when formatting a drive to NTFS.

/x causes the drive to dismount, if it has to, before the format.

/l only works when formatting with NTFS, uses large size file records instead of small size ones. Use /l on dedupe-enabled drives with files greater than 100 GB or risk an ERROR_FILE_SYSTEM_LIMITATION error.

/fs:file-system specifies the file system you want to format the drive: to. Options for file-system include FAT, FAT32, exFAT, NTFS, or UDF.

/r:revision forces the format to a specific version of UDF. Options for revision include 2.50, 2.01, 2.00, 1.50, and 1.02. If no revision is specified 2.01 is assumed. The /r: switch can only be used when using /fs:udf.

/d switch to duplicate metadata. The /d option only works when formatting with UDF v2.50.

/v:label use this with the format command to specify a volume label. If you don't use this option to specify a label, you'll be asked to after the format is complete.

/p:count writes zeros to every sector of the drive: once. If you specify a count, a different random number will be written to the entire drive that many times after the zero writing is complete. You can not use the /p option with the /q option. Beginning in Windows Vista /p is assumed unless you use /q.

/? show detailed help about the command's several options, including ones we did not mention above, like /a, /f, /t, /n, and /s. Executing format /? is the same as using the help command to execute help format.

Delete Command Syntax

del [/p] [/f] [/s] [/q] [/a[:]< attributes >] filename [/?]

/p Prompts for confirmation before deleting each file.

/f Force deletes read-only files.

/s Deletes the specified files from all the subdirectories.

/q Quiet mode; suppresses prompts for delete confirmations.

/a: < attributes > Deletes files based on one of the following attributes:

r read only, h hidden file, i not content indexed files, s system files, a files ready for archiving, l peparse points

Format Commands

format Z: /q /fs:exFAT quickly formats the Z: drive to the exFAT file system. Change Z: to your drive letter.

format J: /q /fs:NTFS quickly formats the J: drive to the NTFS file system. Change J: to your drive letter.

format K: /fs:NTFS /v:Media /p:2 the K: drive will have zeros written to every sector on the drive 2x. The p:2 means a pass of 2. It is highly recommend to do a pass of 7. File system will be set to NTFS naming the volume Media with v:Media.

format d: specifying only the drive to be formatted, will format the drive to the same file system it detects on the drive. If NTFS was before the format, it will remain NTFS. If the drive is partitioned but not formatted the command will fail. This forces you to format again specifying a file system with the /fs switch.

format a-z: /fs:NTFS /p:1. Change a-z to the drive letter you would like to format with the NTFS file system which will write 0 zeros to every sector of the drive. p:1 is one pass. 7 passes would make it very difficult to retrieve any data. When done, press y to confirm and continue. If there are no partitions on the drive you can leave it blank when asked to give a drive name. Press Enter, wait a few moments and then type Exit to close the CMD window/prompt.

Delete Commands

del c:\windows\twain_32.dll means delete the twain_32.dll file located in the c:\windows folder.

del io.sys del command has no path information specified, so the io.sys file is deleted from whatever directory you typed the del command from.

del c:\users\Frieda\downloads\*.exe will remove all EXE files from the Frieda user's downloads folder. The file extension could be replaced with * to delete every file from that folder.

del /a:a *.* will delete every archived file in the current working directory. Like the io.sys command this will execute on whatever folder Command Prompt is set to.

del /q /a:r c:\users\Frieda\documents\*.docx will delete every read-only (/a:r) DOCX file from the Frieda user's documents folder. (/q) quiet mode so that you're not asked to confirm it.

del /s c:\users\Frieda\documents\adobe\*.* deletes every file (*.*) from every folder (/s) inside of the adobe folder in the Frieda user's documents. Folders will remain but every file will get removed. You'll be prompted to enter Y for each file you wish to delete. Add the /q switch before or after the /s switch to run the command in quiet mode.

NT File System (NTFS) formats your system drive with the NTFS when installing Windows. NTFS supports file permissions for security, a change journal to quickly recover errors if your computer crashes, shadow copies for backups, encryption, disk quota limits, hard links, and various other features.

File Allocation Table 32 (FAT32) can support up to 4 Gigabyte and up to 8 Terabytes maximum partition size. Flash drives support FAT32 for the best compatibility across all hardware and software platforms via USB port.

Extended File Allocation Table (exFAT) builds on FAT32 and offers a lightweight system without all the overhead of NTFS. It is designed for flash drives like memory cards and USB devices. Supports storing more files in each directory compared to FAT32.

Another option is to wipe a system partition through the BIOS.

You can also use your Windows Installation disc to format hard drives. Open the CD tray and insert then close. Power off the computer. Power back on and boot from the disc. When you see “Where do you want to install Windows” press Shift + F10 to launch CMD Prompt. Type format C: /fs:ntfs then press Enter.

C: is the default hard drive letter for Windows Installation. Change the drive letter to the drive you wish to format.

top page


Linux

In Linux most distributions include a terminal to interact with a shell from their desktop environment. Bash (Bourne Again SHell) is a common default shell among many Linux distributions and is the default shell for macOS.

To detect what Debian-based distribution you are working with type lsb_release-a

If the above command does not work you can type cat/etc/issue to list your Linux Distro.

To list what RHEL / CentOS / Fedora distro you are working with type cat /etc/redhat-release

Typing uname -a will list basic information about your distro.

List of file management commands. (not all cmds)

pwd full path of the current working directory.

cd - last directory you were working in.

cd current user's home directory.

cd .. parent directory of current directory (space between cd and ..)

ls -l files and directories in the current directory in long (table) format. Use -l with ls for better readability.

ls -ld dir-name information about the directory dir-name instead of its contents.

ls -a all files including hidden ones (file names starting with a . are hidden files in Linux).

ls -F appends a symbol at the end of a file name to indicate its type (* means executable, / means directory, @ means symbolic link, = means socket, | means named pipe, > means door).

ls -lt files sorted by last modified time with most recently modified files showing at the top.

ls -lh file sizes in human readable format.

ls -lR list all subdirectories recursively.

tree generate a tree representation of the file system starting from the current directory.

cp -p source destination copy the file from source to destination. -p stands for preservation. It preserves the original attributes of file while copying like file owner, time stamp, group, permissions etc.

cp -R source_dir destination_dir copy source directory to specified destination recursively.

mv file1 file2 there is no rename command so we use mv moves/renames the file1 to file2.

rm -i filename asks you before every file removal for confirmation and you should always use rm-i. You can specify multiple files

rm -R dir-name remove the directory dir-name recursively.

rm -rf dir-name remove the directory dir recursively, ignoring non-existent files and willnever prompt for anything. You can specify multiple directories.

rmdir dir-name remove the directory dir-name, if it's empty. This command can only removeempty directories.

mkdir dir-name create a directory dir-name.

mkdir -p dir-name/dir-name create a directory hierarchy. Create parent directories as needed, if they don'texist. You can specify multiple directories.

touch filename create a file filename, if it doesn't exist, otherwise change the timestamp of thefile to current time.

chmod < specification > filename change the file permission. Specifications: u user, g group, o other, + add permission, - remove, r read, w write, x execute.

chmod -R < specification > dir-name change the permissions of a directory recursively. To change directory permission and everything within that directory, use this command.

chmod go=+r myfile add read permission for the owner and the group.

chmod a +rwx myfile allow all users to read, write or execute myfile.

chmod go -r myfile remove read permission from the group and others.

chown owner1 filename change ownership of a file to user owner1.

chgrp grp_owner filename change primary group ownership of file filename to group grp_owner.

chgrp -R grp_owner dir-name change primary group ownership of directory dir-name to group grp_owner recursively. Use this command to change group ownership of a directory and everything withinthat directory.

Disk Names in Linux are alphabetical. /dev/sda is the Master (1st) hard drive. /dev/sdb is the second.

Numbers refer to partitions. /dev/sda1 would be the first partition on the Master drive.

/dev/ is the part of the Unix directory tree that contains all “device” files.

hda stands for an PATA Hard-disk a

sda stands for an SCSI Hard-disk a + SATA + USB

sda1 is the first partition of the SCSI drive a

hda1 is the first partition of ide drive aBoot Loader

hd0 harddrive (not depending on the hardware) id 0

hd0-1 harddive 0 partition 1

Using the DD command line utility we want to fill the the disk with random data by typing dd if=/dev/urandom of=/dev/sda bs=1M. sda will likely be your first hard drive and sdb for the second. To wipe your Master Boot Record you can type dd if=/dev/zero of=/dev/hdL bs=446 count=1 and in this case the drive letter is L and you will need to change it accordingly.

Wiping partitions using this same method is just a matter of replacing the device identifier. If /dev/sda is the whole disk, then (naming schemes vary from one distro to another) /dev/sda3 would be a third partition on the same disk. Filling the second partition on the /dev/sda disk with all zeros dd if=/dev/zero of=/dev/sdX2 bs=1M replacing the X with your drive letter and filling the third partition with random data you would type dd if=/dev/urandom of=/dev/sdX3 bs=1M, again replace X with your drive letter.

Shred Utility

In Debian, open terminal, type which shred and if it doesn't display type apt-get install coreutils. To shred a partition type shred -vfz -n 5 /dev/sda1 which means -v for progress display, -f will change permissions on the fly, -z overwrites everything with zeros 0 to hide the shredding, and -n for number of passes. 7 pass recommended. sda1 is the second partition number.

Use shred on RAID partitions. For example shred -vfz -n 10 /dev/md1

To wipe a full hard drive you would use shred -vfz -n 5 /dev/sda

-f, --force change permissions to allow writing if necessary

-n, --iterations=N overwrite N times instead of the default (3)

--random-source=FILE get random bytes from FILE

-s, --size=N shred this many bytes (suffixes like K, M, G accepted)

-u, --remove truncate and remove file after overwriting

-v, --verbose show progress

-x, --exact do not round file sizes up to the next full block; this is the default for non-regular files

-z, --zero add a final overwrite with zeros to hide shredding

--help display this help and exit

--version output version information and exit

If FILE is -, shred standard output.

Shred relies on a very important assumption that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes.

* log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

* file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems

* file systems that make snapshots, such as Network Appliance's NFS server

* file systems that cache in temporary locations, such as NFS version 3 clients

* compressed file systems

In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount).

File system backups and remote mirrors may contain copies of the file that cannot be removed, and that will allow a shredded file to be recovered later.

Extended File System (EXT) EXT 2, 3, & 4 was the first file system created specifically for the Linux Kernel. 1992 was the first filesystem (EXT) designed specifically for Linux. The (EXT2) file system was introduced in 1993 and was the first commercial-grade filesystem for Linux. Great for SD cards and USB drives because of high performance and low writes meaning it does not support Journaling. (EXT3) was introduced in 2003 and was able to support Journaling. Upgrades from (EXT2) to (EXT3) are processed without downtime. In 2008 (EXT4) was created and bypassed all limitations starting from (EXT). Supports Journaling, Extents, Backward Compatibility, Persistent Pre-Allocation, Delayed Allocation, Unlimited Number of Subdirectories, Journal checksum, Faster FS check, and Transparent Encryption.

top page


Mac

To wipe a Hard Disk Drive we power off the machine. Press the Power button, then hold down the Command & R keys until the Apple Logo appears. From the OS X Utilities List select Disk Utility then click continue. From the sidebar choose the disk you would like to erase. Highlight and click Erase.

Security Options (press the security options button) by default offers 4 ways to wipe the HDD. Fastest is basic and not secure. The most secure level, wipes the information used to access the files on your disk, then writes zeroes across the disk surface for a pass of 7. This setting conforms to the DoD 5220.22-M specification. Click OK and it erasing will begin.

ls list the contents of a particular directory

cd change to another directory (as in DOS)

sudo authenticate yourself a superuser to gain extra security privileges

diskutil list lists all mounted drives, partitions, and volumes.

diskutil secureErase freespace 3 /Volumes/name-of-drive securely erases free space.

diskutil eraseDisk FILE_SYSTEM DISK_NAME DISK_IDENTIFIER is the basic syntax to erase a disk from the command line.

diskutil eraseDisk JHFS+ Emptied /dev/disk-name

will Empty the disk name making the new file system format the Extended Journal (JHFS+)

diskutil eraseDisk JHFS+ DiskName /dev/DiskNodeID formats disk to Mac OS Extended Journaled (JHFS+) from the terminal.

diskutil eraseDisk HFS+ DiskName /dev/DiskNodeID formats disk to Mac OS Extended (HFS+) from the terminal.

diskutil eraseDisk FAT32 DiskNameGoesHere /dev/DiskNodeIDHere format disk to MS-DOS fat32 from the command line.

diskutil eraseDisk ExFAT DiskName /dev/DiskNodeID format a disk to ExFAT from the command line.

diskutil eraseDisk FAT32 DiskNameGoesHere /dev/DiskNodeIDHere format disk to MS-DOS fat32 from the command line.

top page


Standards

DoD 5220.22-M data sanitization method will prevent all software-based file recovery methods, as well as hardware-based recovery methods, from recovering meaningful data from the drive. Although this method is more than 25 years old, it is still used to-date.

NIST SP 800-88 Rev. 1 is the newest standard providing guidance to assist organizations and system owners in making practical sanitization decisions based on the categorization of confidentiality of their information.

top page


Software

Debian SSD Optimization

PDF - Filesystem Considerations for Embedded Devices — Tristan Lelong

MITRE ATT&CK™ Enterprise Disk Structure Wipe

cipher.exe Microsoft has developed an improved version of the Cipher.exe tool that provides the ability to permanently overwrite (or "wipe") all of the deleted data on a hard disk. This feature improves security by ensuring that even an attacker who gained complete physical control of a Windows 2000 computer would be unable to recover previously-deleted data.

HDDErase Bootable data destruction program that works by running off a disc, like a CD or DVD, or floppy disk.

ATA Secure Erase This procedure describes how to use the hdparm command to issue a Secure Erase ATA instruction to a target storage device. When a Secure Erase is issued against a SSD drive all its cells will be marked as empty, restoring it to factory default write performance.

DBAN Hard Drive Eraser & Data Clearing Utility Delete information stored on hard disk drives (HDDs) in PC laptops, desktops or servers. Plus, remove viruses/spyware from Microsoft Windows installations.

Eraser is an advanced security tool for Windows Allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.

MiniTool Partition Wizard All-in-one Free Partition Magic Manage disks and partitions, check file system, align SSD partition, migrate OS to SSD, clone disk, convert MBR to GPT, etc.

hdparm Command line program for Linux to set and view ATA hard disk drive hardware parameters and test performance. It can set parameters such as drive caches, sleep mode, power management, acoustic management, and Direct Memory Access settings.

Gparted Enables you to create, destroy, resize, move, check, label, and copy partitions, and the file systems contained within. This is useful for creating space for new operating systems, reorganizing disk usage, and mirroring one partition with another (disk imaging).

blkdiscard used to discard device sectors. This is useful for solid-state drivers (SSDs) and thinly-provisioned storage. Unlike fstrim, this command is used directly on the block device.

balenaEtcher Flash OS images to SD cards & USB drives, safely and easily.

EaseUS Partition Master Resize, Move, Merge, Migrate, and Copy disks or partitions; convert to local, change label, defragment, check and explore partition. Completely wipe out all the data on hard disk permanently to save all confidential & sensitive data.

BleachBit Advanced features such as shredding files to prevent recovery, wiping free disk space to hide traces of files deleted by other applications, and vacuuming Firefox to make it faster. Better than free, BleachBit is open source. BleachBit you can free cache, delete cookies, clear Internet history, shred temporary files, delete logs, and discard junk you didn't know was there. Designed for Linux and Windows systems, it wipes clean thousands of applications including Firefox, Adobe Flash, Google Chrome, Opera, and more.

Seagate Seatools for Windows is a comprehensive, easy-to-use diagnostic tool that helps you quickly determine the condition of the diskdrive in your external hard drive, desktop or notebook computer. It includes several tests that will examine the physical media on your Seagate, Maxtoror Samsung disk drive and any non-Seagate diskdrive. SeaTools for Windows should run on both internal and external hard drives.

Western Digital Dashboard for Windows, Linux, and Mac computers.

Samsung SSD Magician Drive Management, Secure, Benchmark, Performance, Authenticity, Health, Total Bytes Written Check, S.M.A.R.T. Check, plus.

ref: NIST, Tim Fisher, Wikipedia, Linux ?s, Kernel Talks, dss.mil, Colin Plumb, Mac Update

top page