Cleaning up a Drive – Format vs Secure Wipe – SSD and HDD – UEFI and SecureBoot


1. Quick Guide

My guides have an additional section on Cleaning a Drive which most other Windows Installation guides don’t have. Ensure you back up any data before carrying out these operations as the intent of the content on the bulk of this page is to make data unrecoverable.

The Windows Format, Deleting Partitions and DISKPART (CLEAN) will remove all structure from your drive and assign all old files to “free space” ready to be overwritten:

Data can be recovered from the “free space” but it is not as organised so third party recovery programs are generally required.

For a HDD in order to erase data the “free space” must be overwritten, utilities like DBAN will overwrite data 7 times known as 7 passes to “securely wipe” it. DBAN does not support newer technologies such as SecureBoot so the Windows utility DISKPART (CLEAN ALL) can be used. DISKPART (CLEAN ALL) only applies 1 pass but can be ran 7 times to make it comparable to DBAN. These utilites should not be used on a SSD:

The SSD has a kill switch which can be activated using a Bootable Utility such as Magic Parted which will detect whether a drive or SSD and HDD and adjust to trigger the kill switch or overwrite the data respectively:

The above is a fast explanation if you want more detail see below…

2. In Depth Guide

Remarks this is written as I understand it and some of the details below may not be 100 % correct. If I have made a mistake comment below thanks.

A. Simple Definitions:

  • Partition – Assigned “Area” of Hard Drive
  • Format → Assigning of Data to Free Space
  • Wipe → Assigning of Data to Free Space and then overwriting the data with junk data.
  • File Systems for more Details see Comparing NTFS and FAT File Systems
    • FAT32 – Format Allocation Table (FAT32 can support a maximum of 32 GB, this file format is required for installation media in a UEFI BIOS with SecureBoot)
    • NTFS – New Technology File System (Windows should be installed using NTFS)
  • Partition Table, the way Windows setups partitions on a Drive

B. Basics of Hardware Components

Lets talk about some hardware components:

  • Processor
  • RAM – Random Access Memory
  • HDD – Hard Drive
  • SSD – Solid State Drive

The processor carries out each individual operation your PC performs. In layman’s terms the faster the CPU the faster it can carry out the process. However the more cores the processor has the more processes a processor can carry out at once and hence the faster the system will run.

The processor needs to work with the RAM. The Random Access Memory can be thought of as “thinking memory” the processor needs fast memory it can store data on while it is carrying out a process with this data. The more RAM, the greater the amount of space applications can feed data for the processor to quickly access.

The Hard Drive is a mechanical component much slower than the RAM and can be thought of as “storage memory”. Some Windows processes will be continuously copied from the HDD to the RAM when the computer is carrying out its daily tasks.

The Solid State Drive a new type of Hard Drive with no moving parts. Its at a higher price per GB but the price is falling. The Solid State Drive can have a similar capacity to a Hard Drive and has a speed closer to that of RAM. Therefore use of a Solid State Drive can severely speed up the system.

C. Windows Partition Tables – UEFI BIOS and SecureBoot

The HDD or SSD is setup into divisions or partitions and these can be examined in Disk Management.

GPT – Guid Partition Table:

This requires a newer system (>2012 models and possibility 2010-2011 models with the latest BIOS Update). UEFI must be enabled.

Example of a Windows Boot Drive setup in the GPT Partition Scheme for a UEFI BIOS:

vlcsnap-2015-04-03-20h27m37s182A UEFI BIOS with Windows installed in the GPT can have up to 128 partitions and support large capacity drives.

The EFI 500 MB partition and 750 MB Recovery partition are setup by default and the rest of the drive is assigned to a NTFS partition for Windows.

A diagnostics and recovery partition will be present from an OEM install.

One additional advantage of GPT is that its more robust. If the boot record gets corrupt it has a backup and hence this corruption won’t ruin the entire Windows installation.

One additional advantage of the UEFI BIOS is SecureBoot. Previously all code was allowed to boot and now only verified code with a verified signature is allowed to boot. This means it is much more difficult for Malware to be setup in the preboot environment and for it to boot before Windows to cripple any security technologies on the Windows OS.

UEFI requires 64 Bit Windows 7 or later and Secureboot requires 64 Bit Windows 8 or later.

MBR – Master Boot Record Partition Table:

This must be used for older systems (<2009).

Example of a Windows Boot Drive setup in the MBR Partition Scheme for a Legacy BIOS:

NTFS MBR

A Legacy MBR BIOS with Windows installed in MBR can have up to only 4 partitions and can only support up to 2 TB drives.

The 100 MB NTFS system reserved partition is setup by Windows by default and the rest of the drive for Windows.

A diagnostics and recovery partition may be present from an OEM install.

D. The Differences Between Format, Delete and Wipe

When a partition is “deleted” in the Windows setup its boundaries are removed and it becomes unallocated space. The files that resided in the partition are still present in the unallocated space. This unallocated space is less organised and you won’t be able to use Windows Explorer to browse through it. Third party programs such as Recovery Tools can browse this unallocated space. New partitions can be made from this “unallocated space” and become “free space”.

When a partition is “formatted” in the Windows setup the boundaries are retained and all the data on the partition remains but is available as “free space”.

Data in “free space” is not deleted and can be readily be recovered using recovery utilities unless it is overwritten. The Data can in fact be malware and hence survive “a deletion and a format”.

The DISKPART → CLEAN a utility within the Windows 7/8.1 installation USB will essentially remove all partitions and assign all data to free space.

In order to remove data from a hard drive it needs to be overwritten. Once data is completely overwritten it cannot be recovered.

E. Differences Between a SSD and HDD in Terms of Data Overwriting

In the past I recommended exclusive use of a utility called Darik’s Nuke and Boot before Windows installation. This overwrote everything on the hard drive in 7 different passes effectively securely wiping it.

DBAN is pretty old however and has not been updated for newer technologies such as a UEFI BIOS with SecureBoot. DISKPART → CLEAN ALL will work with a UEFI BIOS and SecureBoot but by default only carries out 1 pass. You could effectively just run DISKPART → CLEAN ALL 7 times to mimic the use of DBAN on a UEFI BIOS.

Looking around its not recommended to use such a utilities on a Solid State Drive as they don’t wipe SSDs correctly and also limit the SSDs life cycle.

I won’t pretend to be an expert on the internal functioning of a HDD or SSD. Programs which overwrite the data sequentially as its laid out work well on a HDD but don’t on a SSD. On the SSD however the data is constantly being remapped so the data is in a different order at each instance in time see below…

SSD HDD

Left HDD – 1 and 2 are wiped sequentially, moving onto 3.

Right SSD 1 and 6 are wiped however 5, 4 and 3 are not wiped. This is quick schematic of 8 characters or bytes the point I’m making is not all the data will be wiped in a pass, some will survive. A 100 GB SSD on the other hand will have >100 GB =100000000000 bytes so it is impossible to wipe all the information with 7 passes and a great deal of information or fragments will survive for data recovery.

You could theoretically increase the number of passes to infinite however in reality the SSD has a limited number of read/write cycles so you’d effectively kill it by trying.

F. Solid State Drives

Solid State Drives are newer technologies and effectively have a kill switch. The secure erase command of a SSD will instruct the SSDs controllers to flush all the electronics from its storage cells effectively removing data without sequentially rewriting to the SSD.

The best program I have found for carrying out this operation is Magic Parted which supports a UEFI BIOS with SecureBoot:

Leave a Reply

Fill in your details below or click an icon to log in:

  • normal
  • normal
  • normal
  • normal
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 905 other followers



    © Copyright 2016 dellwindowsreinstallationguide.com.