Secure Erase My Hard Drive?

1 view
Skip to first unread message


Sep 9, 2008, 2:37:07 PM9/9/08
I am looking for a small program to write, say, zeroes over my entire
hard drive so as to render it unrestorable before I release it. I
know I could smash it or melt it, but I want to give it to someone to
use in their machine.

I have looked at a few program demos offered through Google, but they
all require purchase before they will do anything. Their demos merely
show that they can do it.

Is there a freeware or shareware version of 'secure erase' or 'write
zeroes' program available?



John McGaw

Sep 9, 2008, 4:17:02 PM9/9/08

Simple, free, and very effective:

John McGaw
[Knoxville, TN, USA]


Sep 9, 2008, 5:22:08 PM9/9/08
On Tue, 09 Sep 2008 18:37:07 GMT, gecko <>

If it isn't the main system (OS) drive and you'd prefer to
do so in windows (which with some controllers can also be
faster) then the following will do that.

Depending on whether there are files still or free space it
defaults to quite a few overwrites, you'd probably want to
set it to a smaller number of passes.

For the main system (OS) drive you'd have to boot to another
alternative like dban that John McGaw suggested.

Sjouke Burry

Sep 9, 2008, 5:34:47 PM9/9/08
why write zero's? Just take any innocent file of a few MB,
rename it a, and execute a batch file containing

copy /b a+a+a+a+a+a+a+a+a+a b
copy /b b+b+b+b+b+b+b+b+b+b c
copy /b c+c+c+c+c+c+c+c+c+c d
copy /b d+d+d+d+d+d+d+d+d+d e
copy /b e+e+e+e+e+e+e+e+e+e f

that will be 100.000 times the first file a.

That will fill up the disk, and overwrite any private


Sep 9, 2008, 6:32:42 PM9/9/08

There is a way, apparently, to set a secure erase bit in the
ATA interface. Thus, the drive itself has an internal command
for erasure. The command can even be "posted", meaning each time
the drive is powered up, it works on the task, and won't stop until
the entire disk is covered. It doesn't respond to user input
until the command is completed. Then it becomes ready for
usage as a normal disk again.


Ryk Edelstein

Sep 9, 2008, 10:03:53 PM9/9/08

You are on the right track. Secure Erase is the most effective means to
purge data from all data storage regions of the media surface in High
Capacity ATA Spec devices produced after 2001. Rather, most hard drives
present in PC's, workstations and portable computers. Be aware, that as
Secure Erase is actually a technology that resides in your drives
controller, what you are actually doing is activating the Secure Erase
process, which in turn purges all data from your drive.

Software based over write technologies differ from SE as they send
multiple sequential block write commands to the drive in the form of
obfuscating data, using the same write process as you would write data
to the drive. The problem with this is that the embedded drive
controller will not permit external write commands to access protected
storage areas, and other regions where recoverable data may exist. As
an example, regsions on the drive such as the Host Protected Area (HPA)
will not be accessible to external processes that are not HPA aware or
authorized to modify these regions. Likewise, any G-List bad block
entries will have their Logical Block address removed from the list of
accessible sectors, potentially leaving legacy partially written data
stranded on these sectors. hence the reason that the NIST States in
special report 800-88 that overwrite technologies are classified as a
clear level sanitization practice, susceptible to laboratory
reconstruction efforts. Whereas, Secure Erase, which is capable of
accessing all data storage regions, protected or not, and is not
susceptible to reconstruction.

Unlike multipass overwrite technologies, SE can purge data at a rate of
up to 17 Meg per 100 Gig. a 3 pass overwrite could take in the range of
12 hours, or more.

The University of California San Diego's Center for Magnetic Recording
Research had developed Secure Erase, and offers a piece of software
that is really proof of concept. you can download it from their site.
However, let me caution you, this is not for the technically
inexperienced, as there are many situations that you should be aware

1/ you will need to know how to create a DOS boot disk and copy the
software to this disk in order for it to operate.

2/ you will need to know the serial number of the target drive, if you
have more than 1 drive in your system, you do not want to purget he
wrong device.

3/ it will only work on drives connected to the primary IDE channel. It
will not natively purge SATA.

4/ There is a reason that there is no commercial adoption of Secure
Erase software, it cannot be run on many PC's due to the BIOS
protecting the drive channel from potential malicious exploitation of
the command. Think about it, if a malware or virus writer were to send
an SE Init, your drive would be trashed before you could react. The
BIOS makers have in many systems inhibited the ability to pass the SE
init to the drive subsystem.

5/ Controller incompatibilities, many HPA aware drive chipsets will not
let Secure Erase access the protected storage regions of hte drive
including hte HPA and the DCO settings. Although the process will run
with success, the HPA will be recoverable.

If you are up for a bit of experimenting, and have a good technical
understanding you might want to take a whack at using the CMRR
software. Alternately, companies such as Ensconce Data Technologies
(Google them for more info) produce appliances for purging hard drives
with Secure Erase. By taking the appliance approach, EDT has made
Secure Erase accessible to business, government and consumers. They
have recently established a service provider network throughout North
America, and may have a local service provider who could process your
drive for a few bucks.

Secure Erase is proven effective, and a green solution. The drive is
fully operational once processed, and will have absolutely no trace of
any of your legacy data. You would be able to comfortably donate or
reinstall the drive without any concerns of exposing personal
confidential information.

Sorry for the wordy reply, but I hope this helps explain what Secure
Erase is all about.

If you or anyone is interested in a comprehensive guide titled 'The
Best Practices for the Destruction of Digital Data' written by myself
and Dr. Gordon Hughes of the CMRR, I will be glad to offer a PDF copy
of this academic work (not vendor sponsored) for the asking. The guide
is designed to simplify the decision making process for security
professionals looking to develop responsible storage asset management

Please address any requests to ryk @ converge-net .

Ryk Edelstein


Sep 10, 2008, 5:24:20 AM9/10/08
On Tue, 09 Sep 2008 23:34:47 +0200, Sjouke Burry
<burrynu...@ppllaanneett.nnlll> wrote:

>why write zero's? Just take any innocent file of a few MB,
>rename it a, and execute a batch file containing
>copy /b a+a+a+a+a+a+a+a+a+a b
>copy /b b+b+b+b+b+b+b+b+b+b c
>copy /b c+c+c+c+c+c+c+c+c+c d
>copy /b d+d+d+d+d+d+d+d+d+d e
>copy /b e+e+e+e+e+e+e+e+e+e f
>that will be 100.000 times the first file a.
>That will fill up the disk, and overwrite any private

Sounds like a good idea to me. Unless someone cautions me, I am going
to try it.


Sep 10, 2008, 9:28:29 AM9/10/08
On Wed, 10 Sep 2008 09:24:20 GMT, gecko <>

For one, that's a lot slower because you're having to read
the files, stop and write, then read again. Caching may
make reduce the penality but contrast that with a typical
wipe program that doesn't read at all.

For most purposes simply overwriting with the same file will
make prior data beyond the ability of others to recover, but
in theory an expert given a drive with the same file written
over and over could look at minute variations in the signal
strength and possible reproduce the prior data (if it's only
overwritten one time, two or more times makes thing a lot

Reply all
Reply to author
0 new messages