Standard drive- and file-wiping tools are no longer adequate for completely removing data — especially when used with the newest hard drives.
But researchers have identified new procedures that reliably make old data virtually unrecoverable on any drive, whether magnetic or solid-state.
Leftover data is an obvious security risk when you sell, give away, or otherwise dispose of any computer storage device. Any data — old documents, files, financial records, passwords, photos, whatever — left behind on a hard drive can come back to haunt you, should they fall into the wrong hands.
Most Windows Secrets readers already know that simply erasing files or reformatting a drive doesn’t mean your data is safely removed. There are plenty of undelete and unformat tools (many free) readily available that require no special skills to use.
That’s why, for years, the common advice has been to sanitize or wipe a hard drive before it leaves your possession. The process most often used is overwriting, which typically replaces all existing data with meaningless patterns of ones and zeros.
That’s the theory, at least.
Erasing everything is actually not all that easy
It’s been known for some time that even a multi-pass (so-called “government”) wipe of traditional magnetic drives leaves behind some data — information that might be recoverable by someone with enough access, time, and forensic technology to analyze the drive’s platters.
For example, powerful signal-processing software can unravel many layers of overwrites to reconstruct the original data. And specialized equipment can easily read between the tracks of a magnetic platter’s normal data-recording zones to recover information recorded in nearby magnetic-field spillover areas.
Solid-state drives (SSDs) are even harder to fully erase. To prevent their memory cells from suffering premature wear and failure, most SSDs have hardware-level protections that prevent data from being written to the same area again and again. These internal protections might not allow a standard overwrite. Without special software, overwrite data might actually be written to a new area — which obviously defeats the whole point of overwriting!
For that reason, some SSD vendors provide special sanitizing software for their drives. Recently, however, researchers at the University of California, San Diego, Non-Volatile Systems Laboratory found that those tools (and similar tools for flash-based devices such as thumb-drives) often did not work.
Their report, “Reliably erasing data from flash-based solid state drives” (free PDF download), matches similar studies in Europe and elsewhere which found that some vendor-supplied, secure-erasure tools often leave as much as 10 percent of a hard drive’s data still recoverable!
The ugly truth: software-driven wipes or overwrites simply can’t be counted on to erase 100 percent of your data — no matter what kind of drive you have.
In fact, the National Institute of Standards Technology, in its “Guidelines for Media Sanitization” (free PDF download), recommends overwrite-based data-wiping only for the most basic level of data sanitizing (see Table 2-1, “Clearing”).
If you need to securely erase a drive, an overwrite wipe simply isn’t enough anymore.
Introducing the SAFE drive-sanitizing process
After the UCSD researchers identified the difficulties of sanitizing SSDs, another UCSD group developed a solution to the problem. And it turns out that their method works on all types of drives.
Called Scramble and Finally Erase (SAFE), the process is beautifully simple in its essence. First, encrypt your sensitive data; then, use a proven disk-erasure tool (not necessarily one supplied by the drive vendor). For more on SAFE, see the free PDF download, “SAFE: Fast, verifiable sanitization for SSDs.”
This two-step process is safer and more reliable than either encryption or drive-wiping alone. A good wiping tool will ensure that very little original data is left behind; encryption ensures that anything left behind will be incomprehensible gibberish.
Let’s take a look at the two components of SAFE drive-sanitizing.
SAFE, step one: Encrypting all sensitive data
A quick Web search will turn up dozens of tools that can encrypt your most sensitive files — or an entire hard drive.
Your needs might be different, but file-level encryption is sufficient for me because most of the files on my hard drive don’t contain any particularly sensitive information.
Although Windows offers built-in encryption services (I’ll come back to this in a moment), my tool of choice for file-level encryption is the free, open-source 7-Zip (site). It not only compresses files and folders to a fraction of their original size, it can also apply strong AES-256 encryption (Wikipedia explanation) to those files or folders. 7-Zip is free, fast, and easy to use. I routinely employ it to compress and encrypt financial, tax, and other sensitive files.
If you need or prefer whole-disk encryption, the free, open-source TrueCrypt (site) is an excellent choice. It runs on all versions of Windows (plus Mac and Linux, too). Once set up, it offers automatic, transparent, real-time (on-the-fly) encryption of everything on your hard drive.
Of course, any encryption scheme needs a strong password, or there’s no point to it. I use RoboForm (free and paid; site), which stores all my passwords in its own, separate, AES-256 encrypted database. I need only generate and remember one password — my master password to RoboForm itself — and the app remembers all the rest. This lets me use long and complex (thus, extremely safe) passwords that I don’t have to memorize.
RoboForm can keep one copy of your encrypted passwords on whatever device you’re using (PC, phone, tablet, etc.) and another encrypted copy in the company’s online database. (RoboForm never stores or transmits passwords in plaintext.) The centralized database synchronizes passwords across all your devices; it also ensures that, even if you lose access to your local copy — say, through a hard-drive crash — your encrypted passwords still are safely backed up and recoverable.
The free version of RoboForm is trialware, allowing you to store only a handful of passwords. The paid RoboForm Everywhere version that I use is currently offered at only U.S. $9.95 per year. But there are other, well-regarded password managers that are completely free, such as the open-source KeePass Password Safe (site) and LastPass (site; paid version adds smartphone support and removes ads).
And again, you can find plenty of other encryption tools with a Web search.
Windows’ built-in encryption-tool limitations
Since Windows 2000, Microsoft has offered the Encrypting File Service (EFS) as an option with the NTFS file system. Although EFS works, it has some serious drawbacks.
For example, it’s fully supported only in the business-oriented editions of Windows — it’s not available in the Starter, Home Basic, and Home Premium editions of Windows 7 and Vista. (The third-party encryption tools mentioned earlier can work on all versions of Windows.)
Another drawback: EFS depends on the presence of a kind of key file — an encryption certificate — that must be available on your hard drive in order to decrypt EFS-scrambled files. If the encryption certificate is damaged, corrupted, or lost and you don’t have a backup (more on that below), you won’t be able to decrypt your files.
If that’s not a problem for you (and you have a business edition of Windows), it’s easy to encrypt any file or folder. Simply right-click it, select Properties, click the Advanced button near the bottom of the General tab, and then select Encrypt contents to secure data, as highlighted in Figure 1. Click OK to finish.
The first time you use this encryption method, Windows reminds you to back up the encryption certificate, as shown in Figure 2.
Making a complete backup of the certificate is a two-step process. Once you’ve created a local backup file (by default, it’s placed in your Documents folder), put a copy of that file in a safe, off-system location such as an external hard drive or a CD — anywhere but the drive where the encrypted files are stored.
Remember: You must always have a working copy of the certificate available, or your files will be forever encrypted and unrecoverable.
Yes, this is kind of a pain— and it’s one of the reasons I find EFS to be overkill for my modest encryption needs. If you want to delve further into EFS, there’s plenty of additional information online from Microsoft. For example, see the TechNet article, “The Encrypting File System.”
Windows’ BitLocker offers whole-disk encryption
The Enterprise and Ultimate versions of Vista and Win7 also offer an enhancement to EFS — BitLocker Drive Encryption — which encrypts entire drives.
It works fine and has its place, but it has even more drawbacks than does EFS. In addition to BitLocker’s limited availability and encryption-certificate maintenance requirements, your PC must have special Trusted Platform Module (TPM) circuitry. Check that your system supports TPM before considering BitLocker.
I think these drawbacks make BitLocker unsuitable for general use, but if you want more information, see the Microsoft article, “Hardware requirements for BitLocker Drive Encryption,” and the BitLocker FAQs for Windows 7 or Vista.
The MS article, “What’s the difference between BitLocker Drive Encryption and Encrypting File System?,” is also useful.
SAFE, step two: Use known-good data-erasure tools
Properly encrypting sensitive files is essential for hard-drive data security throughout a hard drive’s life. But when it’s time to sell, pass on, or scrap the drive, combining encryption with a properly implemented, whole-disk erasure tool will remove all traces of useful data.
Although vendor-supplied tools might not work, there are tools that do an acceptable job of wiping an entire drive.
Secure Erase, developed at UC San Diego’s Center for Magnetic Recording Research, is one example. A free download (site), it’s designed to securely erase magnetic media of all types — and it works with SSDs as well.
Secure Erase is pretty straightforward to use, but if you need more detail, Kingston Technology (a maker of SSDs) offers complete how-to instructions online. The only drawback to Secure Erase: it’s a DOS-level tool, so you have to boot from a floppy, optical disc, external flash drive, etc., to run the software and wipe the target drive.
Another good option is the free (donationware) Parted Magic tool (site). Its Erase Disk menu offers a feature (also called Secure Erase) with two options specifically for flash-based drives. Internal erases internal SSDs; External erases external, USB-based flash drives. (These function much like SSDs, making them almost as hard to sanitize.)
Parted Magic is well documented, but if you need detailed instructions, CNET has a how-to article.
Bottom line: Foolproof hard-drive sanitizing
SAFE really is that simple — just two steps:
- 1. Routinely use encryption to protect at least your most sensitive files (if not the whole drive).
- 2. Wipe the whole disk with a known-good tool when it’s time to sell, scrap, or pass along your device.
With SAFE, you’ll have a high level of confidence (especially if you use whole-disk encryption) that none of your data can be extracted from your retired drives without an extraordinary amount of time, effort, and cost.
And remember: The SAFE approach works for any kind of drive — thumb, SSD, or magnetic!Rethinking the process of hard-drive sanitizing