Whenever you get rid of an old hard drive you should always wipe it. This goes without saying but what does “wiping a drive” entail? When I say wipe, I mean more than a format. I even mean more than a destructive format. If you’ve had to wipe a disk for work or some other reason, you’ve undoubtedly heard of Darick’s Boot and Nuke A.K.A. DBAN. This is a great tool that will fill all of your sectors with zeros. It will even do multiple passes to comply with different data sanitization standards. It’s self-contained and easy to use but it has a limitation…
DBAN cannot wipe data blocks that your hard drive has internally marked as “bad” in the g-list(grown list). The g-list is created by firmware in the hard drive whenever a sector takes too much time to access. When the firmware detects that a sector is slow, it determines that the sector is bad and if it can read the data, it will COPY the sector to a new physical location on the disk and this will be reflected as an updated entry in the g-list. Of course this is all done in a way that is totally transparent to the operating system. Windows or whatever other system will have no idea this has occurred and will just continue plugging away. But what about that “bad” block? If it’s bad, it can’t be read anymore, right? Maybe, maybe not. There are tools that exist that have entended control over the physical hard drive that sometimes CAN read that data. It might not be much if you don’t have a lot of bad sectors but it’s probably something and it’s probably not all zeros.
The situation sounds a little grim but the manufactures of IDE hard drives thought of a solution. There is a command in the ATA command set that will make the hard drive erase itself, good AND bad blocks. This will require a couple of things though. You will need a bootable MS-DOS(compatible) disk and a hard drive attached directly to your IDE controller. This will not work through a USB-IDE enclosure since USB doesn’t support a full implementation of the ATA command set.
You will also need a free tool called Secure Erase. It is graciously provided by the Center for Magnetic Recording Research (CMRR) along with instructions but no support. It’s a very small, simplistic program but it does a simplistic job. I am going to borrow a chart from the Secure Erase documentation. I would like to point out that DBAN would share the “medium” slot with the DOD “Block Erase” and I also slightly disagree with the author on the final method suggested:
| Type of Erasure | Average Time
(100 GB) |
Security | Comments |
| Normal File Deletion | Minutes | Very Poor | Deletes only file pointers, not actual data |
| DoD 5220 Block Erase | Up to several days | Medium | Need 3 writes + verify, cannot erase reassigned blocks |
| NIST 800-88
Secure Erase |
1/2-2 hours | High | In-drive overwrite of all user accessible records |
| Enhanced Secure Erase | Seconds | Very high | Change in-drive encryption key |
In my opinion, the Secure Erase tool should be considered as good as it gets for software solutions. I can’t see how changing the in-drive encryption key could possibly be more secure than making the hard drive obliterate every single block, good or bad. The encryption is EXCELLENT right now and for all practical purposes unbreakable but does anyone else remember when Netscape was limited to exporting 40-bit encryption because we didn’t want foreign countries to have anything better than we could crack? That quickly was tossed out the window and clever cryptographers have now broken far more sophisticated algorithms. Seems like breaking or bruteforcing(practically) any encryption is theoretically possible with enough computing horsepower but perhaps I’m entirely misunderstanding the author’s statement. If the chart kept going, the BEST possible way to sanitize your data, of course, is to shred the drive.
If you like the content on this site, please support it by using this link to order from Amazon. You know you were going to go there and buy stuff anyhow so why not help me pay the hosting bill.
Hi! I’m using at the moment this program and it has been running since wednesday. I’m doing it with a HDD of 1 terabyte of capacity. Do you know how long it will take to finish the job? Thank you very much.
I’m not sure precisely how long it will take but probably quite a long time due to the fact that you are also erasing the bad blocks present on the drive. The bad blocks are usually blocks that take much more time to respond than they should. That is why they get marked as bad in the first place. If you have a lot of these, you can see how they would be slower to process.
Thank you for your answer. Could you tell me if the program shows any loading bar or something when it is working? How do I know if it has finished his job?
Thank you again.
It doesn’t show a progress bar since it is actually invoking an ATA command to do the wiping. There is no way to get feedback from it. When it’s done, you should just get a command line back and the activity light will stop.
Can we use the hard disk,i mean, can we reinsall Windows again in that hard disk after erasing with Secure Eraser?
Yes. Secure Erase doesn’t ruin the hard disk like some of the other permanent data wiping solutions.
I’ve been running that software today roughly for about 4:30 hours.
4GB RAM
700GB HDD
CPU 2.4
can anyone tell me approx. how much longer does it take to finish up the erase?
Is: http://cmrr.ucsd.edu/people//Hughes/Secure-Erase.html
Not: http://cmrr.ucsd.edu/people//Hughes/Secure-Erase.shtml
Enter your comments here…have had secure erase freeware 4.0 running for over 12 hrs.
it never asked how many passes, but is showing p0 and p1. how many passes does it do when not been given any info, and how do you know when it is done?
I haven’t used this software in many years now so I don’t remember. How large is the drive you are trying to erase? If it’s huge it could take quite some time I would think. typically 7 passes is thought to be sufficient.