Secure Erase is the name given to a set of commands available from the firmware on PATA and SATA (so not available on SCSI or SAS) based hard drives. Secure Erase commands are used as a data sanitization method to completely
overwrite all of the data on a hard drive including the HPA (Host Protected Area). Once a hard drive has been erased with a program that utilizes
Secure Erase firmware commands, no file recovery program, partition recovery program, or other data recovery method will be able to extract data
from the drive.
Note: Secure Erase, or really any data sanitization method, is not the same as sending files to your computer's Recycle Bin or trash. The former will "permanently" delete files, whereas the latter only moves the data to a location that's
easy to flush away from the system (and just as easy to recover). You can read more about data wipe methods through that data sanitization link above.
Secure Erase Wipe Method
The Secure Erase data sanitization method is implemented in the following way:
Pass 1: Writes a binary one or zero
No verification of the overwrite is needed with the Secure Erase method because the writing occurs from within the drive, meaning the drive's write fault detection prevents any misses. This makes Secure Erase very fast compared to other data
sanitization methods and arguably more effective. This is different than other data sanitization methods like CSEC ITSG-06,
RCMP TSSIT OPS-II and DoD 5220.22-M, which usually implement a verification after the first or last pass,
and/or any other passes.
Some specific Secure Erase commands include SECURITY ERASE PREPARE and SECURITY ERASE UNIT.
More About Secure Erase
Several free hard drive erasing programs work via the Secure Erase command. See this list of Free Data Destruction Software Programs for more information.
Since Secure Erase is a whole-drive data sanitization method only, it is not available as a data wipe method when destroying individual files or folders, something tools called file shredders can do. See our Free File Shredder Software Programs
list for programs like that. Using Secure Erase to erase the data from a hard drive is often considered the best way to do so because the action is accomplished from the drive itself, the same hardware that wrote the data in the first place. Other
methods of removing data from a hard drive may be less effective because they rely on more standard ways of overwriting data.
According to National Institute of Standards and Technology (NIST) Special Publication 800-88 (PDF file below), the only method of software-based data sanitation must be one that
utilizes a hard drive's Secure Erase commands. It's also worthwhile to note that the National Security Administration worked with the Center for Magnetic Recording Research (CMMR)
at the University of California, San Diego, to research hard drive data sanitation. A result of that research was HDDErase, a freely available data destruction software program that works by executing the Secure Erase commands.
Note: You can not run firmware commands on a hard drive like you can run commands in Windows from the Command Prompt. To execute Secure Erase
commands, you must use some program that interfaces directly with the hard drive and even then, you probably won't be running the command manually.
Secure Erase vs Securely Erasing a Hard Drive
Some file shredder programs and data destruction software have the words secure erase in their names or advertise that they securely erase data from a hard drive. However, unless they specifically note that they use a hard drive's Secure Erase
commands, they likely do not.
What's happening is that they call their erasure method secure because it is: it makes your computer more secure by overwriting the data with zeros, ones, or random data to make it harder for someone to discover what's been deleted from the drive. In
other words, while all data wipe methods could be argued to be secure because of the nature of what they're doing, not all of them can accurately say that they use the Secure Erase method. So, watch out for that before deciding on a program because
you think it's using Secure Erase. For example, Secure Eraser and SDelete (Secure Delete) might look like they support Secure Erase but they actually do not. MHDD, CopyWipe, and hdparm are a few examples of free data destruction programs that do
use Secure Erase.
-
NIST SP 800-88
Language: EN - File: 0,4 MB
-
NIST SP 800-88 revisie 1
Language: EN - File: 0,5 MB