Securely wipe disk drives
On this page:
Overview
When erasing sensitive data, always make sure that the data cannot be recovered. A few ways to do this include Darik's Boot and Nuke (DBAN), or various options within macOS.
- To securely delete individual files/directories on a Windows system, use the
sdelete
command. - To securely delete individual files/directories on a Linux system, use the
shred
command. - To securely wipe a solid-state drive (SSD), see Securely erase a solid-state drive.
- For more about secure deletion methods and data destruction services, see About secure data removal.
Use DBAN
To securely wipe a disk drive using DBAN:
- Download DBAN.
- Use DBAN to create a bootable DBAN CD, and then boot your computer using this CD.
- At the
boot:
prompt, pressEnter
to start DBAN in interactive mode. - Press
M
(Method). On the "Wipe Method" screen, use the arrow keys to navigate to your preferred wiping method (for example, [one pass], [three passes], or [seven passes]). Press the Spacebar to save your selection and return to the menu. - If only one disk is present in your computer, select the top option that appears in the
- If you see "[****]", the section of the disk you selected will also be wiped.
- If you see "[----]", you have already selected a section of the disk for wiping. Uncheck your selection and instead wipe the entire disk.
menu, and then press the Spacebar. The selection box will display "[wipe]" to indicate what will be securely erased:
- Press the
F10
key to begin the secure erase process. As soon as you pressF10
, data erasure will begin.
The "Statistics" box at the top right will display an estimate of the time remaining on the disk wiping process.
Use macOS
Due to the prevalence of solid-state drives (SSDs), Apple has removed many of the tools previously provided to securely erase data from hard disk drives (HDDs). The best method to use for any SSD is full-disk encryption; FileVault is Apple's full-disk encryption.
macOS has retained the following built-in options for securely removing data:
- For whole file systems, use the Disk Utility, which can be found in any of the following places:
- In the
Applications/Utilities/
folder on your hard drive - In the Recovery HD partition
In Disk Utility, choose the file system you want to wipe, and then select the
tab. If you have a hard disk drive, select to choose the security level of the erasure. If a solid-state drive is detected, may not be available for selection. - In the
- For individual files, use
rm -P
from the command line. This overwrites files three times before deleting them. Because of the way solid-state drives work, this method may only be effective on traditional hard disk drives.
Related documents
This is document auhn in the Knowledge Base.
Last modified on 2024-08-22 12:48:25.