Securely erase data media - How to nuke HDDs and SSDs - Starline Computer: Storage und Server Lösungen von erfahrenen Experten
/ / / Securely erase media

Attention security leak: Scrapped data media

Take care of your data security even when replacing old drives.

Securely erase media

Here's how you can safely protect the data on your discarded HDDs or SSDs.

HDDs and SSDs are often perfectly fine after their data center lifetimes when the administrator replaces them with new media. Because many of these drives could sometimes be used in less sensitive areas for many years after they are retired, some operators sell off discarded drives. Another part simply ends up in the electronic scrap.

But what about data security when someone tries to restore the data stored on them? Practice has shown that simple deletion is not a secure way to destroy the data on an HDD or SSD. After all, the software only deletes the table of contents. The data itself is still there: They can be made readable again with a variety of tools. By the way, even formatting the disk is not enough to completely erase the data!

Therefore, more rigid measures must be taken to ensure that the data is actually deleted. The following methods are suitable for secure destruction of all data medium contents:

  • Erasure by overwriting
  • Cryptographic erasure
  • Destruction of the data carrier
hard-drive-5235642_1920

Delete by overwriting with ShredOS

Especially in the freeware area there are many programs like the now discontinued dwipe from DBAN (Darik's Boot and Nuke). This overwrites the disks with zeros or randomly generated data - even multiple times if desired.

The same task is now performed by ShredOS, which also runs as a live system, for example from a bootable USB stick. After startup ShredOS executes the tool nwipe. The powerful program erases all data from the readable sectors of the drive and offers several methods for overwriting.

The drawback: Erasing a drive can take a long time. Especially for large disks with several terabytes of capacity, the procedure can take several hours.

ShredOS on Github

Cryptographic erasing

Modern drives with the Instant Secure Erase (ISE) feature offer a simple and fast way to make the data unreadable. With this cryptographic method, the developers use the encryption of the data carrier, which is already integrated ex works. If this originally used encryption key is changed, all data that was encrypted with it is unreadable and cannot be recovered.

In this way, ISE virtually immediately destroys the data stored on the device. All the user has to do is send the manufacturer-specific command to the HDD. Afterwards, he can immediately decommission, reuse or sell the HDD or SSD.

Further information about the manufacturers

Toshiba, Kioxia, Seagate, Western Digital, Micron, Samsung

Brute Force: Destruction of the data medium

If necessary, brute force can also help: As precision mechanical marvels, HDDs are particularly sensitive when it comes to the impact of force. A few blows with a 500 gram hammer should kill most HDDs. This is especially true for HDDs whose platters are made of fragile glass instead of metal. In internal tests, a 5-ton wood splitter has also effectively done the job.

However, even these brute force methods are not yet secure enough for data protection officers - especially with regard to the more robust SSDs. After all, their chips could still be read individually. They therefore demand that the data carriers be shredded. With a particle size of only a few millimeters, this ensures 100 percent that data cannot be recovered from any of the fragments.

Info on data carrier destruction

Our support will be happy to help you

Any questions?

We are happy to advise you!
KB
Konrad Beyer
Technical Support

Our technical manager has a comprehensive knowledge of all storage and server topics.