How to completely format a hard drive so it cannot be recovered?

by
How to completely format a hard drive so it cannot be recovered

Formatting a hard drive is one of the most effective ways to wipe a drive clean and prevent data from being recovered. When data is deleted from a hard drive, the files themselves are not actually erased – only the index linking the files to their physical location on the disk is removed. This means deleted files can often be recovered using data recovery software, until that space is overwritten with new data. Formatting a drive writes null data over the entire disk, wiping it fully clean.

Can a formatted hard drive be recovered?

If a hard drive is formatted using the standard quick format option, some data may still be recoverable. This is because a quick format simply deletes the index linking files to locations on disk – it does not actually overwrite the existing data. However, if a full format is performed, followed by a multi-pass overwrite of the disk with null data, it becomes virtually impossible to recover the original data.

Steps to securely format a hard drive

Here are the steps to completely wipe and format a hard drive to ensure no data can be recovered:

  1. Back up any important data you want to keep to another location before formatting the hard drive. Formatting will erase everything.
  2. Boot the computer from a bootable disk or USB drive instead of the hard drive you want to format. This prevents any processes from writing new data to the drive.
  3. Use disk management utility software like DiskPart on Windows or Disk Utility on Mac to perform a full format, not a quick format.
  4. Run a program like Darik’s Boot and Nuke (DBAN) to overwrite all disk sectors with null data. DBAN is free to download and easy to use.
  5. Configure DBAN for a 3-pass overwrite, using an algorithm like DoD 5220.22-M to write random data patterns over all sectors.
  6. After the overwrite is complete, reformat the hard drive one more time for good measure.

Tools required

Here are the tools you’ll need to securely format and wipe a hard drive:

  • Bootable disk or USB drive – Allows booting the computer without accessing the drive being formatted.
  • Disk utility software – For performing initial full format. E.g. DiskPart or Disk Utility.
  • Data wipe software – Overwrites all data sectors on the drive. Darik’s Boot and Nuke (DBAN) is a popular free option.

How does overwriting sectors make data unrecoverable?

Overwriting all sectors on a hard drive with null data through multiple passes makes data essentially irretrievable. This is because forensic data recovery relies on traces left on disk from the original file system and files. When null data is repeatedly overwritten on every sector, it becomes exponentially harder to extract anything usable.

A single pass overwrite has a chance of some data being recovered. But a 3-pass overwrite, using an algorithm to write semi-random bit patterns each time, ensures virtually zero chance of recovery. There is simply too much noise vs. the weak trace signals of the original data.

Overwrite algorithms to prevent recovery

Some common algorithms used by data wiping software to perform multi-pass overwrites include:

  • DoD 5220.22-M – U.S. Department of Defense standard, 3-pass overwrite with different bit patterns.
  • Gutmann method – Complex 35-pass pattern developed by Peter Gutmann.
  • Schneier’s Algorithm – 7 random passes recommended by cryptography expert Bruce Schneier.

While more passes provide more security, as few as 3 passes with a complex algorithm like DoD 5220.22-M are considered enough to prevent all but the most sophisticated forensic data recovery.

Formatting vs. deleting a hard drive

There is an important difference between formatting a hard drive and simply deleting files or folders from it:

  • Deleting files/folders – Only removes references to the files, not the actual data itself. Files can be recovered.
  • Quick format – Deletes file references and erases the index. Some data may still be recoverable.
  • Full format – Completely overwrites the file system metadata. But old data still remains intact.
  • Multi-pass overwrite – Repeatedly writes null data over every sector. Prevents virtually all data recovery.

For maximum security, you need to both fully format as well as perform a multi-pass data wipe of the entire drive. This overwrites all existing data at a sector level.

Steps for secure deletion on solid state drives (SSDs)

Solid state drives (SSDs) can still retain data after formatting and sector overwriting. For secure data removal on SSDs:

  1. Encrypt the SSD drive when it is first purchased and set up.
  2. Securely wipe all encryption keys from the drive.
  3. Perform firmware secure erase command built into most modern SSDs.
  4. Destroy the drive physically/mechanically if all traces of data need removal.

The controller architecture and wear-leveling algorithms on SSDs distribute data across the drive in a complex manner. Thus physical destruction is the only way to be 100% certain all data has been removed. A combination of encryption, key wiping and built-in self-erase commands come close otherwise.

Conventional hard drives vs. solid state drives

There are some key differences between traditional rotational hard disk drives (HDDs) and newer solid state drives (SSDs) when it comes to data wiping and secure formatting:

Hard Disk Drives (HDD) Solid State Drives (SSD)
Magnetic media, sequential sector access Flash memory chips, scattered sector access
Multi-pass overwrite is very effective Overwrite less reliable due to wear-leveling
Slow read/writes due to physical seek Much faster access but still sector-addressable
Lower capacity, lower cost per GB Higher capacities, improving cost per GB

Due to the fundamental differences in how HDDs and SSDs store data, somewhat different tools and techniques are required to thoroughly wipe both drive types.

When is a secure wipe necessary vs. quick format?

In most cases, simply formatting a hard drive using the standard quick format option in your operating system is sufficient. However, there are some instances where you may want to take steps to permanently destroy data:

  • Before selling or disposing of an old hard drive that contained sensitive or confidential data.
  • Companies and organizations that require complete data sanitization according to regulation or policy.
  • Drives used to store highly sensitive data like medical records, classified documents or financial information.

Multi-pass overwrites with data wiping tools provide extra assurance that absolutely no usable data traces remain for these situations. Quick formatting is fine for personal, non-critical drives.

How long does a full drive overwrite take to complete?

The time required to completely overwrite and format a hard drive depends on a few factors:

  • Drive capacity – Higher capacity takes longer to wipe.
  • Overwrite method – More passes means longer wipe time.
  • Drive type – SSD vs. HDD impacts speed due to differences in how they handle sequential vs. random writes.
  • Processor and RAM – System resources impact software running times.

As a rough estimate, it can take 30 minutes up to several hours for a typical hard drive or SDD capacity using a 3-pass overwrite. Larger drives and more passes increase the estimated time proportionally.

Is physical destruction better than overwriting for disposal?

Physically destroying old hard drives protects data more reliably than any software overwrite method. However it’s also more costly and time consuming. Degaussing and disintegration/shredding both physically destroy the disk material to prevent data recovery.

So for highly confidential data that must be protected at all costs, physical destruction is more foolproof. But it’s overkill for wiping regular consumer hard drives being discarded or repurposed. Secure multi-pass software overwrites are usually good enough for those cases.

Can forensics labs recover overwritten data?

With the right equipment, time and expertise, it’s possible unknown sectors of partially overwritten data could be recovered by a criminal forensics lab. However, recovering anything usable from a drive that has undergone a 3+ pass comprehensive overwrite process is virtually impossible. At that point too much noise and too little signal remains.

Government intelligence agencies may have the capability to extract traces of data from thoroughly erased drives. But not your average tech forensics firm. As far as criminal prosecution goes, data recovered from a wiped drive would likely be too fragmented and damaged to be admissible as evidence anyway.

Options for built-in hard drive wiping

Some operating systems and hardware manufacturers provide options for performing built-in drive wipes or secure erasure functions:

  • Windows – DiskPart “clean all” command writes null data patterns to disk.
  • Mac – Disk Utility “secure erase” options based on NIST standards.
  • Linux – The “shred” command and “dd” tools can overwrite drive data.
  • Android – Factory reset protection uses crypto erasure on newer devices.
  • Chromebook – Powerwash feature cryptographically erases user data.

While handy, it’s still advisable to follow up these operations with a wipedown using a software utility like DBAN for maximum assurance across the whole drive.

Should you remove or destroy the drive platters?

Physically removing or destroying the magnetic or flash storage platters inside a drive makes data virtually impossible to recover. But it requires disassembling the drive enclosure and requires safety precautions. Degaussing and drive shredding services are typically a better option than handling platters yourself.

For casual consumers, dismantling an old drive is really overdoing it. Secure multi-pass software wiping followed by basic physical damage like scratches or holes is enough to deter typical software forensics. Remove platters only if you expect serious tampering capability and have safety training.

Recap of steps for complete drive erasure

In summary, here are the steps to securely wipe a hard drive or SSD so no data is recoverable:

  1. Backup data – Save any files you need before wiping the drive.
  2. Boot from external media – Don’t run tools from inside operating system to be wiped.
  3. Quick wipe partitions – Use built-in tools like DiskPart or Disk Utility.
  4. Multi-pass overwrite – Wipe software like DBAN with 3+ passes.
  5. Final format – Reformat one last time for good measure.

Follow these steps carefully using the right tools and you can feel confident your data has been rendered unrecoverable to all but the most skilled adversaries.

Conclusion

Securely wiping a hard drive takes more than a simple format or delete. To protect against even advanced data recovery methods, you need to overwrite all sectors multiple times. This overwriting leaves behind only noise and frustrated forensic experts. Just be sure to transfer important files and backups before you wipe, as the data destruction will be complete. With the proper tools and techniques, you can wipe your drive clean and prevent usable data from ever being recovered.