Many of us have some type of portable storage or hard drives used for backups or moving data around from computer to computer. These are USB thumb drives or external hard drives. We use them to store personal photos, private documents, and highly sensitive files like tax returns and medical documents.
Like anything mechanical these devices get old or you upgrade them and want to sell or dispose of the old ones. However, there is a potential risk to your personal data if you don’t know what you are doing.
The common misconception is that using the basic Windows format feature that all the data on your storage device is removed. This is not the case. That data is not deleted but marked in a way that the Operating system knows it’s OK to overwrite that location with new data but the old files are still there, you just can’t see them.
There are tools available that allow you to see those ‘formatted’ files and recover them. If you simply format and sell that drive your data can still be accessed. To properly ensure your data is removed from the device you need to perform a ‘zero out’ process.
Zeroing out is a process that every piece of storage is written with a zero ensuring the old data is overwritten. You can make several passes to be safe.
There are many tools out there that can do this but the simplest way is to use Windows. Since Windows 7 this ability has been available.
NOTE – If you are a business this process DOES NOT meet certified data destruction levels. This is more than sufficient to remove the data but ‘zero-filling’ does not meet NIST 800-88 standards http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf.
This process is using the command prompt method. You can also do this through a System Repair Disc for Windows but this post does not go through those steps.
Text in bold italics are the commands you type.
- Open a command prompt
- Type cmd in the Windows search or open it from the Start Menu.
- Know the drive letter you want to format, in this example the drive is e:
- type format e: /fs:NTFS /p:2
- e: is the drive letter
- /fs: is the file system you want to format to, NTFS is for Windows, use FAT32 or exFAT if you are using this drive for a non-Windows PC. Leave it as NTFS if you are selling or disposing let the new owners re-format for their use.
- /p this command is what tells the system to zero out. The 2 is the number of times it will do this. No number does it once.
- Next you will see a message. Enter the current name of the drive. If you don’t know you can get it from Windows Explorer using the Windows Key (Win+E). Copy and paste the name.
- Enter current volume label for drive E:
- Then you will see this, hit Y to proceed.
- WARNING, ALL DATA ON NON-REMOVABLE DISK DRIVE E: WILL BE LOST! Proceed with Format (Y/N)?
NOTE – This process will take a long time, a very long time. Be patient.
When it’s done you will be asked to enter a new name.
That’s it. Now you can be more confident your data is truly deleted from a device you are selling or giving to someone else for their use.
Side note – In my opinion, portable storage devices should not be sold at all. Use them to the end of their life and take a hammer to them, after you do this step, then recycle them. I call these devices disposable investments.
Be aware, be safe.
