How do I securely wipe my SSD Windows 10?

by
How do I securely wipe my SSD Windows 10

Securely wiping an SSD before selling or disposing of your Windows 10 computer is extremely important to protect your personal data and privacy. When files are deleted from an SSD, the data is not actually erased right away due to a process called TRIM. TRIM tells the SSD which blocks are no longer being used and can be overwritten. Until those blocks are overwritten, the deleted data still exists on the drive and could potentially be recovered. Formatting and reinstalling Windows does not securely erase all existing data either. The only way to fully wipe an SSD is to use disk wiping software or firmware commands. If you don’t securely erase, the next owner can use data recovery software to access your deleted files, documents, photos, and other sensitive information. Wiping your drive ensures no traces of your data remain before disposal.

Back Up Personal Data

The first step before wiping your SSD drive is to back up any personal files or data you want to keep (Backblaze, 2022). This includes files like documents, photos, videos, music, browser bookmarks, etc. It’s crucial to transfer all important data off the drive before proceeding so nothing gets permanently erased. Many recommend backing up to an external hard drive or cloud storage.

According to tips on Reddit (Reddit, 2021), in addition to personal files, it’s also a good idea to back up program licenses, product keys, browser data, WiFi passwords, and any other custom settings to facilitate easy reinstallation later. Carefully check folders like Desktop, Documents, Downloads, Pictures, etc. as well as hidden AppData folders for any personalization or configs you may want to preserve.

Disconnect External Drives

Before wiping your SSD, it is crucial to disconnect any external storage devices, like external hard drives, USB flash drives, SD cards, etc. to prevent accidentally erasing them. As Microsoft notes, “When you use the reset feature, you’ll remove apps that came pre-installed on your PC as well as apps you installed from the Microsoft Store or the web. You’ll also remove all personal files.”[1] So any external storage devices connected to your computer could be wiped if you forget to unplug them first.

To safely disconnect external drives on Windows 10:

  • Open File Explorer and click “This PC” in the left pane.
  • Right-click on any external drives listed and select “Eject”.
  • Wait for the notification that it is safe to remove the hardware.
  • Physically unplug the external drives from your computer.

Once all external devices have been safely ejected and disconnected, you can proceed to securely wiping the internal SSD.

[1] https://support.microsoft.com/en-us/windows/how-to-refresh-reset-or-restore-your-pc-51391d9a-eb0a-84a7-69e4-c2c1fbceb8dd#Reset

Use Windows 10 Reset Feature

The Reset this PC feature in Windows 10 provides a quick and easy way to wipe your SSD drive. This will reset your Windows installation back to factory settings and erase all personal data from the drive 1. Here’s an overview of using Reset this PC to securely erase an SSD:

Go to Settings > Update & Security > Recovery. Under “Reset this PC”, click Get Started. You’ll be given options to keep personal files or remove everything – choose to remove everything to fully wipe the SSD. Windows will download recovery media and guide you through the reset process. Once complete, your SSD will be wiped clean with a fresh Windows install.

The main benefit of using Reset this PC is it’s quick, integrated into Windows 10, and doesn’t require any extra tools. Just be aware that you’ll need to reinstall any applications afterwards. For more comprehensive wiping, using third party software may be preferred.

Use Third Party Software

There are several secure third party SSD wipe tools that you can use to thoroughly erase data on a solid state drive in Windows 10.

Some top recommended options include:

  • Darik’s Boot and Nuke (DBAN) – This is an open source data wiping tool that completely erases data by overwriting the drive with random data (https://toolbox.easeus.com/hdd-wipe/best-ssd-wipe-software.html). It can be booted from a USB drive and used to wipe an SSD.

  • Active@ KillDisk – A secure data wiping program that utilizes a variety of advanced erasure methods like DoD 5220.22-M and Peter Gutmann’s algorithms (https://www.diskpart.com/ssd-management/ssd-data-wiping-3889.html).

  • Parted Magic – This Linux-based boot disk comes with utilities like shred and nwipe that can securely erase SSDs (https://www.pcworld.com/article/461014/how-to-securely-erase-your-hard-drive.html).

These tools utilize techniques like overwriting the drive with random data patterns multiple times to thoroughly wipe SSDs. They help prevent forensic data recovery.

Overwrite Free Space

Overwriting the free space on your SSD is an effective way to wipe sensitive data. When files are deleted on an SSD, the data is not actually erased – only the file allocation table is updated to mark the space as free. The deleted data remains on the drive until it is overwritten by new data (Source: EaseUS).

There are a few options to overwrite the free space on an SSD running Windows 10:

  • Use the native Windows 10 tool cipher by opening the command prompt as administrator and running the command cipher /w:driveletter. This will overwrite the free space on the target drive with zeroes (Source: Ten Forums).
  • Use a third party tool like Eraser or DBAN to overwrite the free space with random data patterns. This makes it even more difficult to recover deleted files (Source: EaseUS).
  • Enable TRIM, the SSD garbage collection feature, to have the drive automatically wipe deleted blocks when idle (Source: EaseUS).

Overwriting free space is an easy way to add an extra layer of security before reusing or disposing of an SSD.

Clear Pagefile

The pagefile.sys file contains data from your computer’s RAM that has been temporarily written to your hard drive. When you reboot your computer, Windows clears this file and resets it to its minimum size specified in the Virtual Memory settings. To ensure any sensitive data is removed from the pagefile.sys, you can manually clear it by rebooting your PC before performing a secure wipe on your SSD.

To reset the pagefile.sys size on reboot, first access the Virtual Memory settings in Windows 10 by going to Control Panel > System > Advanced System Settings > Advanced tab > Performance Settings > Advanced tab > Virtual Memory. Here you can set the pagefile size to the minimum allowed value, which is typically 400-500 MB. Then simply reboot your PC, which will clear out the existing pagefile.sys and recreate a blank one at the minimum size you specified (Source).

Alternatively, you can completely disable the pagefile.sys prior to reboot by unchecking “Automatically manage paging file size for all drives” in the Virtual Memory settings. However, this is not recommended, as having a pagefile enables your system to efficiently handle memory swapping and crashing apps (Source). The best approach is to minimize the pagefile size before wiping your SSD.

Securely Erase SATA Drive

One of the most effective methods to securely erase an SSD connected via SATA is to use a dedicated bootable tool like HDDErase. HDDErase is designed to completely overwrite all data on SATA SSDs and HDDs to make it unrecoverable.

To use HDDErase to securely wipe a SATA SSD on Windows 10:

  1. Download the latest version of HDDErase and create a bootable CD or USB drive.
  2. Boot your computer from the HDDErase media.
  3. Select your SATA SSD from the list of available drives.
  4. Choose one of the secure erase options like the DoD 5220.22-M 3-pass wipe.
  5. Let the process run – it may take several hours for a full wipe.
  6. Once complete, the drive will be wiped meeting DoD erasure standards.

The key advantage of tools like HDDErase is they work at the hardware level bypassing the operating system. This allows them to directly access and wipe all sectors on a SATA SSD for a forensically secure erase.

Check Wipe Success

Verifying that an SSD has been successfully wiped can be challenging due to the way SSDs handle data writes and storage compared to traditional hard disk drives. While there are some methods that may provide indications, there is no definitive way for consumers to confirm a SSD has been completely erased unless special firmware commands are used.

One option to check if personal files have been removed is to use disk analyzer software, such as WinDirStat or TreeSize, to scan the SSD drive and look for remaining user files and folders. However, these programs may not detect data in protected areas of the SSD. They also cannot verify that all previous data has been securely overwritten at the lowest levels.[1]

There are verification tools designed for enterprise and government-level wiping that claim to validate SSD erasures by scanning for remaining data fragments. But these tools require advanced hardware access and are not readily available to average consumers. In most cases, home users lack the capability to fully confirm an SSD’s contents have been cryptographically erased once wiping and reinstalling the OS is complete.[2][3]

Overall, home users wiping an SSD drive should follow best practices like using built-in Windows tools or third party software to perform multiple overwrite passes. But there is no definitive way to guarantee the wipe worked as intended without utilizing advanced data forensics tools and access.

[1] https://superuser.com/questions/1767901/how-can-i-tell-if-my-ssd-is-really-secure-erased-with-a-huge-badclus-file-on-i
[2] https://www.reddit.com/r/DataHoarder/comments/jabow0/how_to_confirm_if_my_ssd_has_been_securely_wiped/
[3] https://security.stackexchange.com/questions/171396/ssd-erasure-verification

Reinstall Windows 10

After securely wiping your SSD, the next step is to reinstall Windows 10 for a clean and fresh setup. First, you’ll need to boot from the Windows 10 installation media. This can be a USB flash drive or DVD created using the Windows Media Creation Tool.

During installation, make sure to select “Custom” when given the option to upgrade or customize. This will allow you to delete all existing partitions on the SSD and start fresh. Be sure to delete any recovery partitions that may still exist after the wipe process.

With the partitions removed, the Windows 10 installer will create new partitions and begin a clean install of the operating system. Be sure to enter your product key if prompted, or skip this step if using a digital license linked to your Microsoft account.

After installation is complete, you’ll be able to finish setting up Windows 10 with a new user account, personalization options, and installing drivers and applications. Your SSD is now freshly wiped and Windows 10 is ready to use with a clean slate.

For more details, refer to Microsoft’s guide for clean installing Windows 10.