Can anyone here suggest a reliable data shredder that is compatible with the latest Windows operating systems? I’m particularly interested in a tool that ensures thorough and secure data deletion, leaving no room for potential recovery.
Your experiences and recommendations would be immensely helpful in guiding my decision. Thank you in advance for your assistance!
Welcome to the forums!
Unfortunately, SSDs pretty much utilize some sort of wear leveling technology that is opaque to the end users, even at the OS level. There is a longer explanation for this (no time to explain right now, I will probably elaborate later if I remember).
The best and only actionable thing you can do is use full disk encryption during first use and keep using disk encryption to ensure that no latent files will remain decrypted in the underlying raw flash storage.
For HDDs BleachBit should suffice.
1 Like
is using diskpart clean all
through cmd not considered reliable for wiping SSDs?
For HDDs how does DBAN compare to bleachbit?
Basically what @HauntSanctuary also said: The OS can send commands to the disk, but as long as you’re not the literal engineer who built the SSD there’s no reliable way to predict what the SSD controller will then actually do. Because writing data is very bad for an SSD, these cells really love it when you read them but if you change them too often they break. So in order for SSDs to not fail like all the time, the controller is doing a lot of magic constantly in order to try to reduce write counts as much as possible. diskpart clean all
will just lead to the OS telling the SSD to write zeroes everywhere. But that “everywhere” is only from the OS point of view. If the OS thinks the SSD is 100GB big, that means now the SSD controller will write exactly that many zeroes somewhere to the SSD. But generally these drives have more cells inside them than their rated capacity (otherwise they would like instantly break). So maybe there is actually still 20GB of raw “physical” space left on the SSD that wasn’t overwritten by that diskpart command. The OS wouldn’t be able to know, this happens inside the hardware of the drive and is opaque to the OS.
So no, you can’t and probably also shouldn’t zero out an SSD. It’s pointless and will unnecessarily strain it in case you ever want to use it again for storing data. Either you destroy that drive physically or just use encryption from the get-go.
3 Likes
ah I see I guess I misunderstood. Thanks!
Would this be the same issue for manufacture software such as Samsung’s magician to secure erase?
In general yes. Or at least, you have no real way to check except ask the manufacturer and trust them on that. I haven’t looked into Samsung’s documentation on their software, so you might see exactly what they promise and if that includes actually securely erasing every single flash cell inside an SSD and you trust them on that, then it might be something you could use.
But regardless of SSD or HDD, if there’s some data you really need to see destroyed completely from the face of this earth, physically destroying the drive after erasure attempts is probably the best course of action.
2 Likes
DBAN is for the full nuclear option to just delete everything in the HDD. I should remind you that DBAN is the old app name for Darik’s Boot and Nuke and the author has since then sold it to Blancco that now markets it as Blancco Driver Eraser.
The original app has been forked into nwipe
and is actively maintained by the original author of DBAN. If you are on Ubuntu and Debian, it should be already installed.
BleachBit is for when you just want to delete file/s and/or folder/s and want to preserve parts of the disk that is actively being used right now.
Thank you @anon90831229 for the explanation.
2 Likes