The only method I use to securely erase hard disks is ATA Secure Erase using the hdparm utility. Be sure to read the disclaimers and warnings at kernel.org carefully, since secure erase doesn’t work with all configurations and may brick your drive.
The primary benefit of ATA Secure Erase is that it erases 100% of usable space, not just existing data or the space visible to you. As I will argue below, this distinction is important.
If you ask any mailing list or forum about secure hard disk disposal, you’ll get a lot of different suggestions, like writing random data over the disk with dd if=/dev/urandom of=/dev/sdX, or running DBAN or equivalent software, or encrypting the disk with something like Apple’s FileVault and then reformatting it, which (probably) erases the encryption key and (probably) renders the encrypted data irretrievable. The problem here is that none of these methods cover all usable space. And of course there are always vendors willing to sell you expensive ‘secure erase’ techniques that may or may not perform as claimed.
Rotational Disks and SSDs
Rotational hard disks are essentially plates of iron oxide that store data electromagnetically, which means that the concentric tracks on them aren’t physical grooves like on a vinyl record. This means the sectors and blocks may not overlap precisely, so it’s possible for usable data to be hanging around “between the cracks” and magnetically accessible even after you’ve run software that claims to securely destroy data. This is discussed in Dr. Peter Gutmann’s seminal paper on the subject, Secure Deletion of Data from Magnetic and Solid-State Memory. Dr. Gutmann writes:
Faced with techniques such as MFM [magnetic force microscopy], truly deleting data from magnetic media is very difficult. The problem lies in the fact that when data is written to the medium, the write head sets the polarity of most, but not all, of the magnetic domains. This is partially due to the inability of the writing device to write in exactly the same location each time, and partially due to the variations in media sensitivity and field strength over time and among devices.
The best approach here is to overwrite 100% of usable space, even that which isn’t directly visible to you. By imaging variations in magnetic force across a properly-erased hard disk, an attacker may be able to obtain single bits here and there, but they are unlikely to obtain chunks of usable data. (For some further discussion of this, see Overwriting Hard Drive Data by Dr. Craig Wright.) For what it’s worth, Dr. Gutmann recommends physical drive destruction or the GNU shred utility for rotational hard disks.
Since an SSD is a mass of integrated circuits, it doesn’t share the problems of a magnetic track-based storage device; that is, there’s never going to be any previous image of the old value of a given bit because the ferromagnetic field of your hard disk wavered due to the uncooperative nature of its subatomic particles. However, SSD vendors have introduced some new issues:
- SSDs may include hidden spare capacity to help storage algorithms minimize write amplification
- SSDs may include hidden spare capacity to handle remapping of bad blocks
- SSDs may include varying-size blocks due to compression or deduplication routines. This opens the possibility that the new value of a given block doesn’t match the value of the old block, thus leaving some hidden data hanging around.
Again, the best approach is to overwrite 100% of usable space with something like ATA Secure Erase. I don’t hear ATA Secure Erase mentioned by many security vendors, probably because it’s cheap/free to implement.
Use Common Sense
Above all, you should consider the identity of potential attackers and how valuable your data really is. If you think your girlfriend is running a program like Recuva to figure out which of your Tinder hookups is emailing you nude pictures (you slimebag), then a secure software erase should fix the problem until she finds your old laptop that you forgot to wipe. On the other hand, if you’re convinced a hostile government is funding experts to retrieve your data at the atomic level, then you should physically destroy the disk. This can be accomplished with a minimal hardware investment.