Drive Data Erasure

Detailed on this page are the various applicable ways to securely erase data from a drive.

  • Assumes commands are run as root, and drive is correctly identified.
  • Keep your drives encrypted whenever possible. There is little reason not to do so.
  • For SSDs adding the discard or discard=async option to your mounts can reduce deleted data lifetime.

Method 1: Scrub

This method applies to traditional hard drives, flash drives, SD cards, and the like.

  • scrub --no-hwrand /dev/sdX

Method 2: ATA Secure Erase

This method applies to solid state drives and advanced flash drives.

  • blkdiscard /dev/sdX
  • pv < /dev/urandom > /dev/sdX
  • blkdiscard /dev/sdX
  • hdparm --user-master u --security-set-pass password /dev/sdX
  • hdparm --user-master u --security-erase-enhanced password /dev/sdX

Method 3: Scrub + ATA Secure Erase

This method only applies to hybrid solid state hard drives.

  • scrub --no-hwrand /dev/sdX
  • hdparm --user-master u --security-set-pass password /dev/sdX
  • hdparm --user-master u --security-erase-enhanced password /dev/sdX

Method 4: The Hammer

This is the ultimate method for ensuring destruction of data.

  • Perform the medium's respective method detailed above.
  • Take apart the drive.
  • Take a hammer to the platters or flash chips.

Extra: Erase Free Space

This is a non-destructive method for an in-use drive to greatly reduce the recovery chance of deleted files.

  • cd into a path on the drive
  • scrub --no-hwrand -p random -X cfs

Donate