Drive Data Erasure
Detailed on this page are the various applicable ways to securely erase data from a drive.
- Assumes commands are run as root, and drive is correctly identified.
- Keep your drives encrypted whenever possible. There is little reason not to do so.
- For SSDs adding the
discard
ordiscard=async
option to your mounts can reduce deleted data lifetime.
Method 1¶
This method applies to traditional hard drives, flash drives, SD cards, and the like.
- shred --iterations 1 --verbose /dev/sdX
Method 2¶
This method applies to solid state drives and advanced flash drives.
- blkdiscard /dev/sdX #minimize wear from next step
- shred --iterations 1 --verbose /dev/sdX
- hdparm --user-master u --security-set-pass password /dev/sdX
- hdparm --user-master u --security-erase-enhanced password /dev/sdX
Method 3¶
This method only applies to hybrid solid state hard drives.
- shred --iterations 1 --verbose /dev/sdX
- hdparm --user-master u --security-set-pass password /dev/sdX
- hdparm --user-master u --security-erase-enhanced password /dev/sdX
Method 4¶
This is the ultimate method for ensuring destruction of data.
- Perform the medium's respective method detailed above.
- Take apart the drive.
- Take a hammer or drill to the platters or flash chips.
Bonus 1: Erase Free Space¶
This is a non-destructive method for an in-use drive to greatly reduce the recovery chance of deleted files.
- cd into a path on the drive
- scrub --no-hwrand -p random -X cfs
Bonus 2: Erase Free Space on Android¶
This is a non-destructive method for an Android device.
- Install our Extirpater app from F-Droid
- Open the app, and tap start!