Hard drives contain sensitive information, so when it’s time to get rid of one, you’ll want to make sure the data is wiped properly. Simply deleting files or reformatting the drive isn’t enough to prevent the data from being recovered. A professional wipe removes all data by overwriting the drive sectors with random data patterns. This guide will walk you through the steps to securely wipe a hard drive yourself or find a professional service to handle it for you.
Why Do I Need to Wipe a Hard Drive?
There are a few key reasons you should wipe a hard drive before disposing of it:
- Prevent identity theft – Hard drives contain sensitive personal and financial data that could be used for identity theft if accessed by unauthorized parties.
- Comply with regulations – Many industries like healthcare and finance have data security regulations that require proper data destruction before equipment disposal.
- Safeguard proprietary data – Businesses have an obligation to shareholders and regulators to properly destroy data before equipment leaves their control.
- Protect customer privacy – Customers entrust companies with sensitive data that must be kept confidential even after a relationship ends.
Simply deleting files or reformatting a hard drive does not remove the data. The files are marked as deleted, but the actual data remains on the drive and could be recovered. The only way to fully protect your data is to overwrite it.
How Does Overwriting Remove Data?
Hard drives store data on spinning magnetic or electronic media called platters. To write new data to the drive, the drive head changes the magnetic properties for sectors on the platter. To delete files, the directory references to those files are removed but the data sectors themselves are left unchanged.
Overwriting works by instructing the drive head to write new data patterns onto every sector where data was previously stored. The random data has the effect of scrambling and replacing the old data. On a traditional magnetic drive, overwritten sectors have their magnetic polarity flipped to match the new data. On an SSD, electrical charges are flipped to represent the new data. In both cases, the old data is rendered unrecoverable after a successful overwrite.
Overwriting Methods and Standards
There are a few common overwriting standards recommended by governing organizations:
- One-pass overwrite – Writes random data to each sector once. Meets basic data protection needs.
- Three-pass overwrite – Writes alternating data patterns over each sector three times. Meets US Department of Defense 5220.22-M requirements.
- Seven-pass overwrite – Writes complex data patterns over each sector seven times. Exceeds all regulatory and military standards for data destruction.
The more overwrite passes, the more thoroughly the existing data is destroyed and rendered unrecoverable by forensic methods. For consumer hard drives, a three or seven-pass overwrite is recommended to ensure full protection. Some tools also overwrite the drive’s Service Areas and Host Protected Areas which can contain data remnants.
Software Tools for Overwriting Hard Drives
You can use various software tools to perform hard drive overwrites yourself. Here are some top options:
| Tool | Details |
|---|---|
| DBAN | Data wiping utility approved for US Department of Defense use. Provides one, three, and seven-pass overwrite options. |
| Active KillDisk | Data sanitization tool meeting government standards. Supports verification of the overwrite procedure. |
| Eraser | Open source tool for Windows systems. Allows scheduling of overnight drive wiping. |
| Disk Wipe | Mac operating system utility performs basic overwrite passes. Included with Mac OS or available separately. |
These tools provide an effective way to wipe hard drives yourself on Windows and Mac computers. They can overwrite internal or external hard drives connected via USB.
Using a Professional Hard Drive Wiping Service
For those who don’t want to wipe hard drives themselves, you can employ a professional IT asset disposal company to securely destroy drives on your behalf. Here’s how professional hard drive wiping services work:
- You remove any sensitive documents, labels or inventory tags from obsolete computers, servers and hard drives.
- A reputable IT disposal vendor will provide a chain of custody paper trail documenting you handing off the equipment to them.
- Hard drives are physically removed from devices and wiped using industrial-strength software that meets Department of Defense standards.
- The service issues a certificate of data destruction once drives are wiped. Some provide serial number-specific reports.
- You receive documentation for your records showing the hard drives were properly sanitized.
Professional drive wiping is more costly than DIY software, but is the best option for companies and organizations needing to destroy large volumes of hard drives to meet regulatory requirements. Be sure to use an experienced provider who can supply serial number reports and a certificate of data destruction for full audit trail documentation.
Destruction Standards for Hard Drives
For maximum data security, many organizations physically destroy the hard drives after wiping rather than just recycling them. Physical destruction standards include:
- Degaussing – Exposes drive platters to a powerful magnetic field, erasing data.
- Crushing – Applies pressure to completely shatter the drive chassis, platters and components.
- Shredding – Uses cutting blades to tear drives into small metal bits.
- Incineration – Burns drives in a controlled high-heat environment.
Hard drive degaussing, crushing, shredding and incineration provide assurance that data destruction is complete and drive components can never be reused. Some standards like NIST 800-88 provide guidance on acceptable methods for physical hard drive sanitization and destruction.
Best Practices When Wiping Hard Drives
Follow these best practices when wiping hard drives to maximize security:
- Overwrite the entire drive surface, not just partitioned space visible to operating systems.
- Verify the overwrite procedure was successful if the tool offers verification.
- Use a wipe utility that overwrites drive service areas and HPA sections.
- Perform at least a three-pass overwrite based on government standards.
- Use a wiping tool that provides a post-wipe certification report.
- Physically damage wiped drives to render platters unusable.
Taking these extra precautions helps minimize the risk of data remanence on disposed hard drives.
Can Wiped Data Be Recovered?
With the right forensic tools and expertise, partial data recovery is sometimes possible from wiped hard drives:
- Magnetic force microscopy – An expensive technique using advanced imaging to potentially view remnants of overwritten data on traditional magnetic drives.
- Disk microscopy – Looks for original data tracks on the edges of platter tracks that may not be fully written over.
- Data remanence – Electrical or magnetic traces left on SSD cells allowing partial recovery of overwritten files.
Overall these methods are extremely limited, require advanced expertise, and only recover minute fragments of original files at great expense. A three or seven-pass professional hard drive wipe overwhelmingly prevents usable data from being recovered under normal circumstances.
The Bottom Line
Properly wiping hard drives before disposal is crucial to protect sensitive data from unauthorized access. Overwriting the drive platters with random data provides the security needed for regulatory compliance and privacy. Both software tools and professional IT disposal services offer effective data sanitization to restore peace of mind when recycling or discarding old hard drives. Just be sure to use industrial-grade overwrite methods and physically destroy drives when possible as an extra data protection safeguard.