How to wipe all data on HDD (Windows 10 system partition)?

Question

I am a bit surprised that I didn't found a canoncial (= recommended by Microsoft) way of doing this by searching Google but here we are:

I am tasked to delete all data safely from a Windows 10 Computer with a single HDD and a single partition (which is the operating systems partition of course).

At the moment the best solution seems to me to use you a tool like Partition Assistant and delete/overwrite the partition from a bootable USB stick.

Do you agree, or are there better ways to do this?

What caveats are hidden in the approach I suggest?

Answer 1

Just deleting a partition does not delete the data. Creating a partition at the same offset will make all data available again. There are tools to automate that. You want to overwrite its contents.

Windows's diskpart has a clean all command that will overwrite selected disk with zeros. You have to boot from a Windows installer USB though or connect the disk to another PC, because you can't erase Windows while it's running. Double check if you have the right drive selected. This will take a while. For multi-terabyte HDDs expect a couple of hours to complete a single pass.

Speaking of third party tools, DBAN is a popular one. Its sole job is to nuke HDD contents.

For SSDs you'd consider other approaches because their lifespan is limited by how much data you write to them. Self-encrypting SSDs have a command that rotates the internal encryption key, instantly garbling all data on the drive without wasting any writes.

Ideally, in the future you could configure full disk encryption from day 1. Then you can simply erase the partition header. Similarly to self-encrypting SSDs, this instantly turns its contents into a bunch of random bytes.

Answer 2

If the disk is not needed anymore, the best way to make the data unusable is by physically destroying the disk. Some people/companies send them off to be shredded, but I find hitting them with a hammer until I've bent or shattered the metal platter is the most satisfying way to permanently delete the data.

Here's a fancy guide from the NSA that recommends disintegration or incineration for HDDs, hybrid HDDs, and SSDs. They refer to the technique as "sanitization."

Answer 3

Second answer, since completely different methods:

Boot a live linux system (eg knoppix), become root, identify clearly the block device of the drive you want to erase (this is dependent on system configuration and BIOS settings :( ). Quite likely it is /dev/sda, verify with sfdisk -dx /dev/sda - if you see the partition layout you expect, this is your drive.

If the drive supports that (most drives will), use the hdparm utility and follow the "ATA secure erase" process.

Alternatively, dd if=/dev/urandom of=/dev/sda bs=1M status=progress will overwrite the drive completely (technically, it CAN leave a so called HPA area intact, see hdparm documentation on how to check for and disable HPA).