Securely Wiping Data From A Device

Jan 25, 2023

When you delete a file on your system, it just removes the reference to that file rather than literally delete it from the system. A good analogy here is to think of your file as a page in a book. When you delete the file you are ripping out the contents page of the book, removing the reference to your page so it can no longer be easily looked up. But the page itself still exists, and it can be found by anyone who is willing to just look through the entire book until they find it. Lots of people have discovered that the hard way, giving away or selling an old computer full of sensitive financial information and suffering fraud, or worse.

To truly remove data from a device, such that it can no longer be recovered, you need to overwrite it by replacing the old data with new, gibberish data. Below are the procedures I would recommend

Type Of Device Procedure
HDD Download and boot ShredOS on a live USB and run the 3-pass DoD wipe on the HDD
SSD ATA or NVME Secure Erase from PartedMagic
No Longer Recommended See here for why, and an alternative method
Android Factory Reset the device
Set a new 16 character passcode (the longest Android allows)
Fill up the device with random data
Factory Reset the device. Set a new 16 character passcode and fill it up with random data again
Factory reset a third time. At this point, there is virtually no chance of recovering any old data on the device
iPhone To Be Added
USB Flash Drive On Linux, open a terminal and run dd if=/dev/urandom of=/path/to/usb to overwrite the entire USB stick with pseudorandom data. You must run this command twice, in order to be reasonably sure that you've also wiped any overprovisioning space

On Windows, download Eraser and run the 3-pass DoD wipe on any files currently on the USB. Once this is done, run the "Erase unused space" option on the USB. Once completed, run the "Erase unused space" option once more, to account for any overprovisioning space.
SD Card Same process as USB flash drive
Individual Files On a HDD use the secure erase feature on Eraser or CCleaner to overwrite specific files. Use the 3-pass wipe, or optionally more passes if you like.

On an SSD you can't reliably erase individual files. The only way to be sure you've properly deleted something is to wipe the entire drive but that is often not practical. What you should do is use Full Disk Encryption on the drive before storing any sensitive data on it, then it's protected by the encryption. I recommend Truecrypt (Version 7.1a - Download here) for full disk encryption if you are using Windows, and LUKS for Linux systems.