Secure Erase is the name given to a set of commands available from the firmware on PATA and SATA (so not available on SCSI or SAS) based hard drives. Secure Erase commands are used as a data sanitization method to completelyoverwrite all of the data on a hard drive including the HPA (Host Protected Area). Once a hard drive has been erased with a program that utilizesSecure Erase firmware commands, no file recovery program, partition recovery program, or other data recovery method will be able to extract datafrom the drive.
Note: Secure Erase, or really any data sanitization method, is not the same as sending files to your computer's Recycle Bin or trash. The former will "permanently" delete files, whereas the latter only moves the data to a location that'seasy to flush away from the system (and just as easy to recover). You can read more about data wipe methods through that data sanitization link above.
Secure Erase Wipe Method
The Secure Erase data sanitization method is implemented in the following way:
Pass 1: Writes a binary one or zero
No verification of the overwrite is needed with the Secure Erase method because the writing occurs from within the drive, meaning the drive's write fault detection prevents any misses. This makes Secure Erase very fast compared to other datasanitization methods and arguably more effective. This is different than other data sanitization methods like CSEC ITSG-06,RCMP TSSIT OPS-II and DoD 5220.22-M, which usually implement a verification after the first or last pass,and/or any other passes.
Some specific Secure Erase commands include SECURITY ERASE PREPARE and SECURITY ERASE UNIT.
More About Secure Erase
Several free hard drive erasing programs work via the Secure Erase command. See this list of Free Data Destruction Software Programs for more information.
Since Secure Erase is a whole-drive data sanitization method only, it is not available as a data wipe method when destroying individual files or folders, something tools called file shredders can do. See our Free File Shredder Software Programslist for programs like that. Using Secure Erase to erase the data from a hard drive is often considered the best way to do so because the action is accomplished from the drive itself, the same hardware that wrote the data in the first place. Othermethods of removing data from a hard drive may be less effective because they rely on more standard ways of overwriting data.
According to National Institute of Standards and Technology (NIST) Special Publication 800-88 (PDF file below), the only method of software-based data sanitation must be one thatutilizes a hard drive's Secure Erase commands. It's also worthwhile to notethat the National Security Administration worked with the Center for Magnetic Recording Research (CMMR)at the University of California, San Diego, to research hard drive datasanitation. A result of that research was HDDErase, a freely available data destruction software program that works by executing the Secure Erase commands.
Note: You can not run firmware commands on a hard drive like you can run commands in Windows from the Command Prompt. To execute Secure Erasecommands, you must use some program that interfaces directly with the hard drive and even then, you probably won't be running the command manually.
Secure Erase vs Securely Erasing a Hard Drive
Some file shredder programs and data destruction software have the words secure erase in their names or advertise that they securely erase data from a hard drive. However, unless they specifically note that they use a hard drive's Secure Erasecommands, they likely do not.
What's happening is that they call their erasure method secure because it is: it makes your computer more secure by overwriting the data with zeros, ones, or random data to make it harder for someone to discover what's been deleted from the drive. Inother words, while all data wipe methods could be argued to be secure because of the nature of what they're doing, not all of them can accurately say that they use the Secure Erase method. So, watch out for that before deciding on a program becauseyou think it's using Secure Erase. For example, Secure Eraser and SDelete (Secure Delete) might look like they support Secure Erase but they actually do not. MHDD, CopyWipe, and hdparm are a few examples of free data destruction programs that douse Secure Erase.
FAQs
On February 24, 2021, the DoD 5220.22-M was replaced by the NISPOM Rule. Can you wipe SSD using the DoD Wipe standard? Yes, you can wipe an SSD using DoD wipe, but it is not recommended as SSDs have a limited number of write cycles.
What is the difference between secure erase and overwrite? ›
Secure erase is an overwrite command in the ATA standard that executes a firmware-based process to overwrite the media, replacing all contents with either a 0 or 1. The Enhanced Secure Erase process can vary from manufacturer to manufacturer and may include more steps than a single overwrite path.
What is the difference between secure erase and secure wipe? ›
In short, Erase command erases or overwrites all of the data on the targeted drive, while Wipe command deletes disk space that is not being used by the operating system (unallocated space) and erases files that have already been deleted.
Can data be recovered after a DoD wipe? ›
The best way to ensure data removal—for the highest security environments—is to combine software-based data erasure with physical destruction. That way, there's absolutely no chance the data can be recovered from any fragments because it has been removed completely.
Can DoD 5220.22-M be recovered? ›
This erasure method is one of the simplest techniques used to erase data previously stored on the hard drive, as it overwrites the previous information on the hard drive with patterns of ones and zeros. As a result, the original data cannot be recovered.
Is DoD 5220.22-M cancelled? ›
The NISPOM rule replaces the NISPOM previously issued as a DOD policy (DOD 5220.22-M), which will be cancelled shortly after the allotted six-month implementation period ends. Until then, DOD 5220.22-M will remain in effect.
How do DoD wipe a hard drive? ›
Summary: The DoD 5220.22-M standard is a three-pass method that overwrites data with a series of zeros, ones, and random characters to ensure that the original data cannot be recovered by any means.
Which disk erase method is best? ›
Using Secure Erase to erase the data from a hard drive is often considered the best way to do so because the action is accomplished from the drive itself, the same hardware that wrote the data in the first place. Other erasing methods may be less effective because they rely on more standard ways of overwriting it.
Can you recover data from Secure Erase? ›
The process involves overwriting the entire drive with random data or zeroes, making the original data effectively unrecoverable. This is why it's crucial to have proper backups before performing a secure erase, as there is no practical way to retrieve the data once it has been securely erased.
How to permanently wipe a hard drive? ›
Wiping your hard drive
- Select Settings (the gear icon on the Start menu)
- Select Update & security, then Recovery.
- Choose Remove everything, then Remove files and clean the drive.
- Then click Next, Reset, and Continue.
A factory reset typically removes personal files and restores the OS to its original state, but it doesn't guarantee that all data on the drive is permanently erased. To ensure secure data removal, you should specifically initiate a secure erase process.
Does Secure Erase delete partitions? ›
After a successful secure erase, all data on the SSD drive should be permanently removed. The drive becomes empty, and any previous files or partitions are no longer accessible.
What is the difference between DoD 5220.22 M and DoD 5220.28 STD? ›
When you want to erase data permanently and make them unrecoverable, you can DoD wipe method. DoD 5220.22-M will overwrite the data 3 times and DoD 5220.28-STD will overwrite data 7 times. Through this way, you can make the data unrecoverable to avoid data leak.
Is Secure Erase bad for SSD? ›
It is also important to maintain drive health while securely erasing an SSD, as standard data overwriting methods can negatively affect the lifespan of the drives. Unlike traditional hard disk drives (HDDs), SSDs require special techniques to ensure all data is completely wiped.
What are the 3 methods of data sanitization? ›
There are three methods to achieve data sanitization: physical destruction, cryptographic erasure and data erasure.
What does DoD wipe mean? ›
A DoD wipe refers to permanently erasing data from hardware in accordance with the “DoD standard,” otherwise known as DoD 5220.22-M, which is the standard set by the U.S. Department of Defense for securely erasing data from a hard drive.
How many times can an SSD be wiped? ›
The endurance of SSDs that store three bits of data per cell, called triple-level cell flash, can be as low as 300 write cycles with planar NAND and as high as 3,000 write cycles with 3D NAND. Quadruple-level cell (QLC) NAND supports 1,000 write cycles with 3D NAND.