How best to wipe the data on hard disk and SSD drives

The data-storage drives used in desktop and laptop PCs, tablets and smartphones that store their data and the operating system, which is usually a version of Windows, are hard disk drives (HDDs) and the latest technology solid-state drives (SSDs).

SSDs are wholly electronic devices (do not have any moving mechanical parts) that use non-volatile (permanent) flash memory to store their data, which is not lost when they are switched off. Hard disk drives, marvels of technology, use a mixture software drivers, electronics and mechanical drive heads and disks (magnetic platters) to store their data.

Dropping an SSD or one installed into a device will not destroy it because it has no moving parts, but the chances are good that a HDD will be fatally damaged by a serious fall.

Most people are not aware that HDDs and SSDs contain more computing power than the latest smartphones. Top-capacity SSDs don’t have as much storage space as top-capacity HDDs. HDDs with a capacity of 10TB are available, but SSDs have just reached a capacity of 1TB and are still significantly more expensive than HDDs of the same capacity. (1TB = 1000GB – 1GB = 1000MB.) The SSD-drive manufacturers have adapted their drives to Windows and other operating systems, which are designed to use HDD technology, not vice versa because adapting an operating system to using SSDs is the much more demanding and costly method.

An SSD should not be used with a version of Windows earlier than Windows 7, because those versions do not have built-in wear-leveling software that ensures that particular flash memory address locations are not overused due to the fact that they have a limited lifespan. Windows reads and writes data to the drive constantly and with an SSD it must not do so to the same memory addresses or they will wear out long before lesser-used locations. Data addresses on HDDs can be accessed an unlimited number of times and will last as long as the drive itself does or Windows will mark them as faulty and not use them.

SSDs have about 10% more capacity than their specifications say they have. This is done to compensate for memory-chip failure. Ten percent of the memory chips can fail without any loss of capacity. It is therefore important to realise that when a computer using an SSD is retired and contains information that its owner would not want to be accessed by anyone else, a drive-cleaning utility/tool will not wipe the extra 10% capacity, only the specified capacity. On a 1TB SSD that 10% amounts to 100GB of space that won’t be wiped – as large as some entire drives. Moreover, the disk-wiping utilities provided by drive manufacturers are known not to be 100% reliable in wiping data, so alternative 100% reliable methods of making sure that data does not become available to anyone who could misuse it should be employed.

Note that a disk-defragment program, provided by Windows or a third-party tool, is designed to be used on HDDs and should never be used on an SSD, whose memory locations are always accessed randomly, just as RAM memory is, unlike on a HDD that has fixed data-address locations that can be fragmented. For example, a 5MB file can be accessed and worked on adding 1MB of data. When it is saved the extra 1MB will be saved to empty space anywhere on the drive. The HDD records all of the addresses where the file is saved so can reconstitute it completely when told to do so by an application. Defragmenting the HDD reconstitutes the data as a 6MB file. On an SSD, a 6MB file can be stored in several separated memory locations without affecting retrieval times, because the accessing is not a sequential process as it is with a HDD.

If an SSD is retired due to failure and it contains information that the user would not like anyone else to access, the drive should be smashed to pieces with a hammer. However, if the owner wants to sell the device containing an SSD, the best option is to encrypt the entire drive and then full-format not quick-format it from a Windows Repair CD/DVD disc that can be created by Windows. Note that a quick format leaves the data intact and only deletes file names from the file-allocation system, which leaves the data fully recoverable if it is not overwritten. In that way, no one will be able to access the encrypted 10% of reserve drive space. Windows 7 or later versions can then be clean-installed so that the new owner has a working computer.

Microsoft provides BitLocker encryption software in Pro, Enterprise and Ultimate versions of Vista, Win7 and Win8/8.1. If you have a home version of Windows, you’ll have to use a third-party encryption tool.

BitLocker –

I would use a third-party tool in any case, due to the negative reports users have posted on the web about BitLocker. There is plenty of reviewed encryption software on the web that is relatively cheap or free. You must always create backups or system images if you use encryption and you must always create the rescue disc of the backup/imaging software that you use, because you’ll need to use it if you lose the encryption key and get locked out of your own computer.

Some new desktop and laptop PCs come with data encryption enabled by default, using what is called self-encryption disk (SED) technology, which is hardware-based (not-software-based) full-drive encryption, which means that it is hard-coded into the drive.

Hardware-based full disk encryption –

On some systems it is not possible to disable automatic encryption. To dispose of the HDD and SSD drives that use it, merely requires changing the encryption key instead of using a drive-wiping tool, which as you now know, leaves 10% of an SSD not wiped. Also remember that drive-wiping tools, even those provided by the drive manufacturers, can be unreliable.