Jump to content



Photo

How to SAFELY Format Hard Disk That I'm NOT Using?

format

  • Please log in to reply
17 replies to this topic

#1 Sir Topham Hatt

Sir Topham Hatt

    A Very Talented Individual

  • Tech Issues Solved: 1
  • Joined: 02-November 03
  • Location: Island of Sodor, UK

Posted 22 August 2013 - 10:58

Hot on the heels of my other thread, are there any utilities out there that I can use to safely format a hard drive?

 

I took a look around the net but everywhere I did look just suggested the right-click and format way.  If I choose the "quick format" option, it deletes the data table but not the data correct?  If I un-tick that box, will it zero the drive?

 

Thanks




#2 Nick H.

Nick H.

    Neowinian Senior

  • Tech Issues Solved: 15
  • Joined: 28-June 04
  • Location: Switzerland

Posted 22 August 2013 - 11:00

My suggestion from the last thread still stands. DBAN can solve that as well. :laugh:

To answer your question, a quick format removes only the headers, meaning that the data is still recoverable. If you zero-out the drive then the data is gone.

#3 Thygod

Thygod

    Neowinian

  • Joined: 17-January 02

Posted 22 August 2013 - 11:07

A quick format or a regular format will leave a lot of data on the drive.  The standard format will only do a bad sector scan after the quick format.  If you want to zero the drive you need a disk wiper.  Or in Linux use the dd command to overwrite the drive.

 

Check this link for an explanation on quick and standard format:

 

http://support.microsoft.com/kb/302686



#4 He's Dead Jim

He's Dead Jim

    Neowinian Senior

  • Joined: 06-October 10

Posted 22 August 2013 - 11:08

How about something along the lines of "Active Boot Disk Suite 7.5.2"

 

It has a disk format prog.

 

 

http://lsoft.net/bootdisk.aspx



#5 +Frank B.

Frank B.

    Member N° 1,302

  • Tech Issues Solved: 11
  • Joined: 18-September 01
  • Location: Frankfurt, DE
  • OS: OS X 10.10
  • Phone: iPhone 6

Posted 22 August 2013 - 11:09

http://dban.org/



#6 +theblazingangel

theblazingangel

    Software Engineer

  • Tech Issues Solved: 6
  • Joined: 25-March 04
  • Location: England, UK

Posted 22 August 2013 - 11:52

DBAN!

#7 Starbuck84

Starbuck84

    Would You Kindly?

  • Joined: 26-June 07
  • Location: Breda, Netherlands

Posted 22 August 2013 - 11:57

AFAIK: a quick format will only remove the table of contents of a disk. A full format will only change the first byte of every sector to zero. (Correct me if I'm wrong here). If you really want to wipe a disk, use DBAN as others already suggested, it will zero out your entire (selected) disk.



#8 OP Sir Topham Hatt

Sir Topham Hatt

    A Very Talented Individual

  • Tech Issues Solved: 1
  • Joined: 02-November 03
  • Location: Island of Sodor, UK

Posted 22 August 2013 - 21:21

I ended up using Disk Wipe, which seems to have done the job.
Didn't want to use DBAN this time around, will give that a go with the other one. A portable app too so no installation rubbish :)

#9 StrikedOut

StrikedOut

    Outside the box

  • Joined: 09-December 08
  • Location: Southampton

Posted 22 August 2013 - 21:28

From windows CMD, Format /?, check out /P:Count towards the bottom.

Formats a disk for use with Windows.

FORMAT volume [/FS:file-system] [/V:label] [/Q] [/L] [/A:size] [/C] [/I:state] [
/X] [/P:passes] [/S:state]
FORMAT volume [/V:label] [/Q] [/F:size] [/P:passes]
FORMAT volume [/V:label] [/Q] [/T:tracks /N:sectors] [/P:passes]
FORMAT volume [/V:label] [/Q] [/P:passes]
FORMAT volume [/Q]

volume Specifies the drive letter (followed by a colon),
mount point, or volume name.
/FS:filesystem Specifies the type of the file system (FAT, FAT32, exFAT,
NTFS, UDF).
/V:label Specifies the volume label.
/Q Performs a quick format. Note that this switch overrides /P.
/C NTFS only: Files created on the new volume will be compressed
by default.
/X Forces the volume to dismount first if necessary. All opened
handles to the volume would no longer be valid.
/R:revision UDF only: Forces the format to a specific UDF version
(1.02, 1.50, 2.00, 2.01, 2.50). The default
revision is 2.01.
/D UDF 2.50 only: Metadata will be duplicated.
/L NTFS Only: Use large size file records.
By default, the volume will be formatted with small size file
records.
/A:size Overrides the default allocation unit size. Default settings
are strongly recommended for general use.
NTFS supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K.
FAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
FAT32 supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
(128K, 256K for sector size > 512 bytes).
exFAT supports 512, 1024, 2048, 4096, 8192, 16K, 32K, 64K,
128K, 256K, 512K, 1M, 2M, 4M, 8M, 16M, 32M.

Note that the FAT and FAT32 files systems impose the
following restrictions on the number of clusters on a volume:

FAT: Number of clusters <= 65526
FAT32: 65526 < Number of clusters < 4177918

Format will immediately stop processing if it decides that
the above requirements cannot be met using the specified
cluster size.

NTFS compression is not supported for allocation unit sizes
above 4096.

/F:size Specifies the size of the floppy disk to format (1.44)
/T:tracks Specifies the number of tracks per disk side.
/N:sectors Specifies the number of sectors per track.
/P:count Zero every sector on the volume. After that, the volume
will be overwritten "count" times using a different
random number each time. If "count" is zero, no additional
overwrites are made after zeroing every sector. This switch
is ignored when /Q is specified.
/S:state Specifies support for short filenames (enable, disable)
Short names are disabled by default

#10 srbeen

srbeen

    Neowinian

  • Joined: 30-November 11

Posted 22 August 2013 - 21:54

If you said securely I'd suggest shred and dd. You want safely so use quick format in windows. It dont really erase anything, just the pointers which can be recreated. To safely & securely do this in ubuntu for example, pull all other drives in the system and boot from CD/DVD/USB. load up terminal and run the commands.

 

To truly securely erase the data run 4 passes of shred on the drive, then follow that with 2 each of dev/zero & dev/full, then quick format it/install a new partition table.. Don't use dev/urandom or dev/random as it just takes too long and isn't really much more beneficial than shred. (2.4MB/s rather than 40MB/s) Nothing a forensics lab has could recover anything at that point. You can also link commands using a double ampersand (&&) so you can leave it go overnight.

 

Key is to do 7 (seven) full passes on mechanical, and at least 1 on flash/SSD to securely erase.

 

shred - http://www.howtoforg...ives-with-shred

dd - http://how-to.wikia...._clean_in_Linux

 

after looking into dban, it seems it does this automatically to any and all connected drives it can find. Seems much more user-friendly but I bet under the hood its doing what I mentioned above.



#11 srbeen

srbeen

    Neowinian

  • Joined: 30-November 11

Posted 22 August 2013 - 21:55

My suggestion from the last thread still stands. DBAN can solve that as well. :laugh:

To answer your question, a quick format removes only the headers, meaning that the data is still recoverable. If you zero-out the drive then the data is gone.

but not unrecoverable until after 7 passes. (exception flash/ssd)



#12 Nick H.

Nick H.

    Neowinian Senior

  • Tech Issues Solved: 15
  • Joined: 28-June 04
  • Location: Switzerland

Posted 23 August 2013 - 07:52

but not unrecoverable until after 7 passes. (exception flash/ssd)

No, when you zero-out the drive it is as good as unrecoverable. Government equipment may be able to get some information, but that is costly and rare, meaning that it is gone.

I know there was once the idea of it being otherwise, but let me give you a situation:

00110100011011110100101011110100101000001010101

Ok, that is on your hard drive. Now let's say that that is a file and we want to put it in the recycle bin. Then the following code takes its place:

00110100011010010100101011110100101000001010101

Let's pretend that you hadn't seen the first lot of code. Would you be able to tell what was once a zero and what was once a one? If you zero-out the drive, you're in the same situation. Whatever the code may have been before, all of the bits are now 0. How can you tell which ones were once a 1?

#13 primexx

primexx

    Neowinian Senior

  • Tech Issues Solved: 6
  • Joined: 24-April 05

Posted 23 August 2013 - 21:10

If you said securely I'd suggest shred and dd. You want safely so use quick format in windows. It dont really erase anything, just the pointers which can be recreated. To safely & securely do this in ubuntu for example, pull all other drives in the system and boot from CD/DVD/USB. load up terminal and run the commands.

 

To truly securely erase the data run 4 passes of shred on the drive, then follow that with 2 each of dev/zero & dev/full, then quick format it/install a new partition table.. Don't use dev/urandom or dev/random as it just takes too long and isn't really much more beneficial than shred. (2.4MB/s rather than 40MB/s) Nothing a forensics lab has could recover anything at that point. You can also link commands using a double ampersand (&&) so you can leave it go overnight.

 

Key is to do 7 (seven) full passes on mechanical, and at least 1 on flash/SSD to securely erase.

 

shred - http://www.howtoforg...ives-with-shred

dd - http://how-to.wikia...._clean_in_Linux

 

after looking into dban, it seems it does this automatically to any and all connected drives it can find. Seems much more user-friendly but I bet under the hood its doing what I mentioned above.

 

but not unrecoverable until after 7 passes. (exception flash/ssd)

 

No. That is completely unnecessary. One pass on modern hard drives will be sufficient at making any data practically unrecoverable.

 

Elaboration on "practically": if you have fancy expensive equipment it's still possible to recover bits here and there up to ~7 passes (according to the NSA, whose own standard is 7 passes), however, just because you can recover bits doesn't mean that they will give you anything coherent or meaningful. So really for all practical purposes a single zero-out is more than sufficient.

 

The thing that you have to worry about isn't electron microscope scanning, it's bad sectors that an overwrite won't touch. That won't get fixed no matter how many passes you do, the only solution to that is physical destruction.



#14 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 100
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 24 August 2013 - 12:42

"Key is to do 7 (seven) full passes on mechanical, and at least 1 on flash/SSD to securely erase."

Where do you people still get this nonsense? As stated above - One pass of writing Zero's, or 1's for that matter is more than enough.. Also lets keep in mind your not wiping the US Nuclear Arsenal Launch codes!! So even if it was technically possible, which it isn't to recover the data.. Who is going to be doing that on billy's drive -- wtf they going to get your SS number, or bank account -- be easier to just send you a email pretending to your back ask for it ;) They get lots of info that way, why should they spend the time trying to recover something that was wiped clean??

All your doing with 7 passes is wasting your time and electricity. And posting information like you did only keeps the FUD alive.. This has been gone over and over for years here and still is comes back..

Please Read!
http://www.infosecis...-Overwrite.html
https://www.anti-for...pass-is-enough/
http://www.howtogeek...ce-to-erase-it/

I could post up a dozen other sources -- just too lazy to do so.. Tired of hearing this nonsense get repeated.. Arrrggghhhh!!!

#15 Vester

Vester

    Neowinian

  • Joined: 06-March 12
  • Location: UK
  • OS: Windows 8.1, Kali Linux
  • Phone: I9000 Custom Rom 4.2.2

Posted 24 August 2013 - 12:44

Yeah DBAN every time or find the HDD manufacture normally they have some software to wipe disk (not as effective as DBAN). Another way is to just keep formatting the HDD I think it's about 7 times in total needed but far better to just use DBAN.