Cleaning up a Drive – Format vs Secure Wipe – SSD and HDD – UEFI and SecureBoot

 

Introduction

My guides have an additional section on WIPING a Drive which most other Windows Installation guides don't have.

If one only uses the standard settings within Windows installation they will only FORMAT the Hard Drive or Solid State Drive and not perform a WIPE. The terms FORMAT and WIPE are often confused… The main difference is that data is retained after a FORMAT but removed when WIPED. This guide is recommended if you are trying to eradicate Malware and want a CLEAN INSTALL. Should you wish to recover data from an infected system use a Linux Fedora Live USB to back up the Data to an External Hard Drive. Linux Fedora is unlikely to be influenced by Malicious code designed for Microsoft Windows. See my Data Recovery using Fedora guide for more details.

This guide is also recommended if you are selling your computer on and want to ensure all personal information is removed.

Dell have Incorporated a Utility within their UEFI BIOS to Securely Wipe all Internal HDDs and SSD. For more details see:

The utility I recommend to wipe both SSDs and HDDs is Parted Magic see:

Additional Information

This Additional Information is also available as a tutorial video see FORMAT vs WIPING (tutorial video).

Lets use a number of schematics to describe the difference between FORMAT and WIPE and the reason the WIPE procedure is slightly different for a HARD DRIVE (HDD) and SOLID STATE DRIVE (SSD).

Format vs Wipe

One typically has multiple partitions on their Drive. There will be a Master Boot Record which contains the boot files and an OS Boot Drive. 16 Bytes are listed for illustration purposes and each Byte can be readout as either 0 or 1. In raw form any code, program or data file is merely a long string of 1's and 0's.  A standard 2 TB hard drive has  1,099,511,627,776 Bytes. If a GPT partition scheme is used their will be a Master Boot Record on 1 partition and a Backup Boot record on another partition. The partitions are denoted by using [ ]. All a FORMAT does is assign all the data on the drive to unallocated space. One can then reinstall the operating system and reallocate the unallocated space on the Drive by making a new Master Boot Record partition and OS Boot Drive partition. There will be some space which the OS takes up after clean installation but typically the used space will be less as user files, programs etc. have not all been added yet.

Format vs Wipe3

Lets look at the above schematic in detail. Highlighted in yellow is some data. One has FORMATTED the drive and reinstalled the OS. Because this data has not been overwritten it still lies dormant on the DRIVE. This can be problematic if this is sensitive information and you are selling on your computer for instance or if its malicious code as it can merely reinfect your fresh Windows Installation.

WipeStack

A Hard Drive can be wiped, this procedure usually takes a substantial amount of time as you are going through the drive byte by byte overwriting all the data with 0. 16 bytes are shown as an example but recall that a standard 2 TB Hard Drive has  1,099,511,627,776 Bytes so overwriting all the data on the drive can take a long time indeed! Programs which incorporate this type of Wipe for Hard Drives are Parted Magic,  DISKPART (inbuilt into Windows Installation Media) and a program that hasn't aged so well called Darik's Boot and Nuke. Although in most cases 1 pass is sufficient, if one wishes to push for a higher standard 7 passes may be used, that is to overwrite all the data on the Hard Drive 7 times.

This primitive overwrite sequence although time consuming works well on Hard Drives but fails on Solid State Drives.

SSD Format

There are two reasons such primitive algorithms fail to WIPE a SSD properly. The first one is the Storage controller of the SSD reorganises the data with respect to time in order to optimise its life cycle. In this basic example the data is randomly reorientated and although the Storage Controller reorganises data in a more structured manner the way it does this is in general propriety. Since its propriety the algorithm doesn't know where the data is and if it tries to overwrite the data left to right as shown before, it will ultimate erase some data multiple times and miss other data sets completely. The second reason such a primitive algorithm fails is because SSDs don't like to be intensively written to. It reduces their lifetime and their performance. The first problem can be solved by writing to the SSD say with 100 passes or 1,000 passes but this is far too time-consuming and will probably destroy the SSD. There is a much faster way to WIPE a SSD.

Format vs Wipes SSD

SSDs store information as electrons within cells. Each electron can have one of two positions, these are denoted as 0 or 1. Because there are no mechanical moving parts they are much faster. Instead of sequentially writing to every byte on the SSD one may simply apply a voltage spike to the SSD. This will clear the position of ALL the electrons simultaneously to the 0. The Secure Erase utility is found within Parted Magic. Because ALL ELECTRONS are simultaneously cleared this method for wiping data is preferred as it limits the damage done to the drive by intensive writes and is also much faster.

2 thoughts on “Cleaning up a Drive – Format vs Secure Wipe – SSD and HDD – UEFI and SecureBoot

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.