How to Securely Erase an SSD or HDD Before Selling It or Your PC

Erasing Data
(Image credit: Shutterstock)

If you're planning to sell / gift your old PC or just the drive inside, you need to securely erase your SSD or best hard drive so that the next person can't gain access to your files. You could have sensitive files on the drive, which contain everything from your passwords to your photos to financial information that some could use to steal your identity.  

It almost goes without saying, but just deleting a file doesn't make it completely disappear. If you don't securely erase your SSD or hard drive, the operating system just removes a pointer to each deleted file, leaving all the bits in place, until the drive needs that space for new data and overwrites it. But that could take years or, if you have lots of free space, never happen.

You might think that resetting Windows 10 or 11 with the option to delete your files enabled would get rid of all your personal data, but, as our tests provide, that's not the case. I was getting ready to donate my old Windows 10 PC so I used the built-in Windows reset feature and I clicked "Remove everything," which deletes all of your files and leaves you with a factory default install of the OS. 

Reset Your PC

(Image credit: Tom's Hardware)

After the reset process completed, my personal files were erased as was all the software I had installed. However, after I installed and ran EaseUS Data Recovery Wizard Free, a utility that finds and undeletes files, I located all my old files. To prove my point, I recovered a file called mypasswords2.txt that had lived in the Documents folder and I was able to read everything inside of it. 

Finding a deleted file on EaseUS Data Recovery

(Image credit: Tom's Hardware)

No matter how nice a person you sell your computer or your bare drive to, you can't trust that they won't see what deleted files they can recover. Below we'll explain how to securely erase an SSD using Windows and then explain how to do the same to a hard drive as the process is a bit different.

How to Securely Erase an SSD

Securely erasing an SSD is different than doing the same process on a mechanical hard drive. The best way to erase an HDD, which we'll cover in more detail below, is to use a program that writes random data over all the sectors several times so that no remnants of the old files remain. 

This brute-force overwrite method won't work as well for SSDs. Hard drives need multiple overwrites because magnetic media can leave remnants of data, but all SSDs have a limited number of write cycles so overwriting them multiple times will harm the drive's longevity and may not even wipe the files you want to get rid of.

SSDs use overprovisioning to extend the life of the drive and replace any blocks that fail over time. So there might be 5 or 10 percent of blocks that are unavailable to the OS at any given time. A full drive overwrite wouldn't touch these blocks, which could have data in them. However, since the over provisioned blocks are out of circulation, they won't be used (or visible to software) again until they've already been overwritten. Therefore, it's unlikely someone would be able to get to those blocks using consumer-grade recovery software (a government agency might be able to, however). 

What you need is a utility that can quickly get at all the visible data. Some SSD makers provide secure erase utilities for free and some motherboard BIOSes have "secure erase" capability built in. These tools effectively reset your SSD to a factory state, with even the OP blocks wiped. But your particular drive or motherboard may not have these options available.  A paid utility called Parted Magic can do secure wipes for you, but if you don't want to spend money, Windows 10 and 11 have a tool called diskpart which does a good job for free.

How to Securely Erase Your SSD via Your Motherboard

If your SSD is the boot drive in the PC you are wiping, the easiest way to securely erase it is through your motherboard's UEFI BIOS. On each brand of motherboard, the secure erase feature may have a different name and a different location in the menu structure.

1. Enter your motherboard's UEFI BIOS. See our article on how to enter your BIOS if you haven't done this before.

2. Look for a secure erase option under a tools or storage menu. If you can't find one, consult the user manual. On our Asus ROG motherboard, the option was under Tool->Asus Secure Erase. 

Asus secure erase

(Image credit: Future)

3. Select your drive, choose options and confirm. In our case, the software also asked 

select drive

(Image credit: Future)

How to Securely Erase Your SSD with a Manufacturer's Utility

Depending on the make and model of your SSD, the manufacturer (ex: Samsung) may have a free utility that will allow you to perform an official "secure erase," resetting the blocks. Note that if the drive you are wiping is the boot drive in the PC you are using to clear it, you will need a utility that can create a bootable USB erasure tool. 

The method and capabilities vary for each manufacturer's software. For example, we had a Kingston Rage Fury M.2 NVMe SSD but found that Kingston's software would only secure erase the company's SATA drives. 

Here's some quick links to manufacturers' software you can try.  We haven't tested to see if all of these have secure erase features that work with all of their drives.

How to Securely Erase Your SSD with Parted Magic

Parted Magic is the best universal secure erase utility around. If you don't have a free manufacturer's utility or a motherboard with a secure erase function in the BIOS, Parted Magic, a bootable Linux environment with secure erase utilities built-in, will do it for you. 

However, the utility starts at $15 and does not have a free trial period. If you are planning to wipe disks on a regular basis or you want to make sure the OP area is wiped, we definitely recommend Parted Magic, but otherwise, you should consider a free method like using Windows Diskpart, which we describe below.

To use Parted Magic: 

1. Buy Parted Magic and Download its ISO file. You will use this to create a bootable live disk.

2. Create a bootable USB flash drive. We recommend using Rufus, a free USB Flash drive utility, to do the writing. 

Creating Parted Magic Live Disk with Rufus

(Image credit: Tom's Hardware)

3. Boot your PC from the Parted Magic USB drive.

4. Hit Enter to select Default settings (option 1) when prompted for a boot method. 

Parted Magic Boot menu

(Image credit: Tom's Hardware)

A Linux desktop environment will appear with several icons on the desktop for you to click.

5. Launch the Erase Disk app

Launch erase disk

(Image credit: Tom's Hardware)

6. Select "NVMe Secure Erase" if you have an NVMe SSD or "Secure Erase ATA Devices" if yours is a SATA drive.

Parted Magic Disk Eraser Menu

(Image credit: Tom's Hardware)

A list of available disks will appear. The disk(s) you want to erase may be listed as "Frozen" which means that they can't be selected at the moment.

7. Click the Sleep button if the drive is listed as Frozen. The screen should flicker off for a few seconds and then come back on with the drive now available to be selected. 

Click Sleep

(Image credit: Tom's Hardware)

8. Select the drive(s) you want to erase and click Continue.

Select drives and click continue

(Image credit: Tom's Hardware)

9. Check "I allow this utility . . ." and click Start Erase

Start Erase in parted magic

(Image credit: Tom's Hardware)

The system will now take a few minutes to erase your drive and show you a progress bar. It took me two minutes to erase a 1TB SATA SSD. 

Parted Magic Progress bar

(Image credit: Tom's Hardware)

When Parted Magic is done with the secure erase, it will show you a box saying that the process was successful and offering you the opportunity to view logs. 

Parted Magic Success

(Image credit: Tom's Hardware)

You can shut down Parted Magic (or reboot the computer) as your drive has been securely erased.

How to Securely Erase Your SSD with Windows Diskpart

But what if you don't want to pay $15 for Parted Magic and don't have a motherboard or manufacturer software that will securely erase your SSD? A cheap and universal way is to use Windows 10 or 11's built-in diskpart utility at the command prompt. 

You can even use this method if the SSD you plan to wipe is the computer's boot drive. The caveat with diskpart is that this method does not blank the overprovisioned blocks of the OS, but it does erase the disk map which references them. The method is effective enough that DriveSavers, a professional data recovery service, said that it should "do the trick," but noted that they have not validated it with every hardware combo. Here's how to use it.

1. If the drive you are wiping is the computer's boot drive, start the computer from a Windows 10 or 11 install disk (see how to do a clean install for instructions on creating the disk). If the disk you are wiping is not the boot disk, you don't need to boot from an install disk and can perform this wipe from within Windows.

2. Launch the command prompt. If you booted off a Windows install disk, hit Shift + F10 to get the command prompt on top of the installer. If you are using your regular install of Windows, just search for "cmd," right click the top result and select "Run as administrator."

Launching Command Prompt from Windows Setup

(Image credit: Tom's Hardware)

3. Enter diskpart. The prompt will now read as DISKPART>.

Launch diskpart

(Image credit: Tom's Hardware)

4. Enter list disk to see a list of all the disks attached to your PC and their numbers. If you have only one drive, it will be Disk 0.

List disk

(Image credit: Tom's Hardware)

5. Enter select disk [NUM] where [NUM] is the disk number, likely 0. So if it's disk 0, type select disk 0.

select disk

(Image credit: Tom's Hardware)

6. Enter clean all. After several seconds or perhaps a few minutes, you will see a message telling you that the process has completed.

diskpart clean all function completed

(Image credit: Tom's Hardware)

Your drive should now be securely wiped. If you were planning to give the computer to someone else, you can go ahead and reinstall Windows on it. When I used "clean all" to secure erase the SSD on a PC I was donating to charity, I was no longer able to see my deleted files on it using EaseUS Data Recovery.

TRIM Won't Securely Erase SSDs

Some experts claim that SSDs which have TRIM enabled -- most modern SSDs -- don't need to be securely erase because the process purges deleted data in the background. Unfortunately, you can't count on TRIM to purge all your blocks even if you attempt to force it by using Windows 10 or 11's Optimize Drive feature. I took the drive I'd wiped with Windows 10's reset feature and then ran Optimize Drive on it, but my sensitive files were still recoverable with EaseUS Data Recovery.

"This is an expected result from experience," DriveSavers Director of Engineering Mike Cobb told us. "TRIM doesn’t always function with all devices. This is why TRIM cannot be trusted, ever unless validated with the system and the actual drive model." 

DriveSavers is a leading data recovery service that uses its own set of proprietary tools to get deleted data off of clients' SSDs and hard drives. For companies that are especially concerned about the quality of their secure erases, DriveSavers offers its "Data Erasure Verification Service," where experts will check to make sure that nothing can be recovered.

How to Securely Erase a Hard Drive

The best way to make sure an old-fashioned mechanical hard drive is securely erased is to overwrite it with dummy data multiple times. There's a popular freeware app called DBAN (Darik's Boot and Nuke) that writes to all the sectors using secure sanitization methods. 

DBAN is its own boot environment (no OS necessary) so you can use it to securely erase the boot drive on a computer without taking that drive out and attaching it to another PC. However, if the hard drive you're wiping is not the boot drive, you must be very careful when using DBAN so that you don't accidentally wipe the wrong drive.

1. Download the DBAN ISO file.

2. Write the ISO to a USB Flash drive (it only requires 20MB of space) so it becomes bootable. The easiest way to do this is by using Rufus, a free USB burning tool. Launch Rufus, click Select, choose the ISO and then click Start.

write DBAN to USB

(Image credit: Tom's Hardware)

3. Boot from the DBAN USB drive. You will see a menu with a blue background and gray letters.

DBAN main menu

(Image credit: Tom's Hardware)

4. Press Enter to start interactive mode. The system will take a minute or two to detect your storage devices. A menu screen will then appear, showing all of your drives and some other options.

DBAN interactive mode

(Image credit: Tom's Hardware)

5. Select the drive(s) you wish to wipe. Use the J and K keys to move up and down and hit space to select the drive, which will now say "wipe" next to it.

DBAN selecting a drive

(Image credit: Tom's Hardware)

6. Select the method of drive erasure by hitting M if you want something other than the default, DoD Short method. DoD short is a 3-pass version of the American Depart of Defense 5220.22-M wipe process. It overwrites all sectors with zeroes on the first pass, overwrites them with ones on the second pass and then uses a random pattern on the third pass. 

A standard DoD 5220.22-M erasure is 7 passes.  The more passes, the longer the secure erase takes. The DoD short method should be fine for most people so you can skip this step if you agree.

DBAN method menu

(Image credit: Tom's Hardware)

7. Hit F10 to start the process. Depending on the number of passes, the capacity of your drive and its speed, this could take a few minutes or several hours.

DBAN progress

(Image credit: Tom's Hardware)

When it's complete, DBAN will show you a message stating that it has wiped all the drives you assigned to it.

DBAN succeeded message

(Image credit: Tom's Hardware)

Your hard drive should now be safe to give away or sell. If you plan to give away the computer with the hard drive in it, be sure to reinstall the operating system. See how to get Windows free or cheap if you need a copy of Microsoft's OS.

Avram Piltch
Avram Piltch is Tom's Hardware's editor-in-chief. When he's not playing with the latest gadgets at work or putting on VR helmets at trade shows, you'll find him rooting his phone, taking apart his PC or coding plugins. With his technical knowledge and passion for testing, Avram developed many real-world benchmarks, including our laptop battery test.
  • cfbcfb
    One word: Hammer.
    Reply
  • Alvar "Miles" Udell
    Starting with Windows 10 the Format command has included the /p switch which sets the number of overwrites with random numbers, after first writing all 0s, so DBAN is not necessary unless you're using a HDD as a boot disk.
    Reply
  • InvalidError
    cfbcfb said:
    One word: Hammer.
    If you hammer-erase a HDD or SSD, it becomes kind of difficult to sell or donate.

    For normal people, a simple full erase is good enough.

    If you are paranoid about security, you should be using full-drive encryption where secure-erasing is as simple as deleting encryption keys. This way, your data is also relatively secure from theft and seizure where you don't get the chance of applying hammer first.
    Reply
  • TerryLaze
    If you choose reset windows with deleting personal files you can use ccleaner afterwards to wipe all free space, it also allows for multiple passes for the paranoid.
    Make sure you know what to do with your windows registration though.
    Reply
  • Sippincider
    InvalidError said:
    If you hammer-erase a HDD or SSD, it becomes kind of difficult to sell or donate.

    Replace the drive and reinstall the OS. Storage is too cheap for even normal people to take a non-zero risk of someone getting their data.

    But my drive is soldered in, you say? End-of-life the machine and give the drive some physical erasing. New hardware is cheaper than risk.
    Reply
  • ZiffLem
    Why in the name of DOS is everyone still stuck on DBAN? Is it the cute name?
    Look up when DBAN was last updated. Maybe, just maybe you want to use something from this side of the 21st century?
    Please note: for years, DBAN has recommended for commercial purposes BLANCCO Drive Eraser. Those benefits include support and report generation, useful and necessary for business compliance.

    Please see for yourself an excellent open source project: ShredOS, utilizing nwipe, found on GitHub. One it's most useful features is that it can be run headless with no input.
    Reply
  • TerryLaze
    ZiffLem said:
    Why in the name of DOS is everyone still stuck on DBAN? Is it the cute name?
    Look up when DBAN was last updated. Maybe, just maybe you want to use something from this side of the 21st century?
    Please note: for years, DBAN has recommended for commercial purposes BLANCCO Drive Eraser. Those benefits include support and report generation, useful and necessary for business compliance.

    Please see for yourself an excellent open source project: ShredOS, utilizing nwipe, found on GitHub. One it's most useful features is that it can be run headless with no input.
    It's not like deleting sectors has somehow changed, we are still using the same ones and zeros from 70 years ago, it still works and does a good job, home users don't need business compliance.
    ZiffLem said:
    Please see for yourself an excellent open source project: ShredOS, utilizing nwipe, found on GitHub. One it's most useful features is that it can be run headless with no input.
    Yeah that's a great thing to suggest to beginners, a way to destroy all of their data on all of their disks without them even having to do any input...
    This is a fluff piece for noobs not a CIA report for counter espionage.
    Reply
  • InvalidError
    Sippincider said:
    Replace the drive and reinstall the OS. Storage is too cheap for even normal people to take a non-zero risk of someone getting their data.
    A simple proper full erase makes the data unrecoverable through conventional means. Nobody is going to spend the tens of thousands of dollars and hundreds of man-hours required for low-level forensic data recovery on a drive purchased from a normal person since the likelihood of recovering anything usable of any value is slim to none.

    I'd be 1000X more worried about personal data loss from theft than resold drive.
    Reply
  • Aaron Priest
    The Secure Erase command built into the controller firmware works better than DBAN and Diskpart to ensure all data blocks are erased, and much faster. You can do it with hdparm on Linux, or you can use PartedMagic if you want a nice GUI for it:

    https://grok.lsu.edu/article.aspx?articleid=16716
    https://partedmagic.com/
    Reply
  • thisisaname
    cfbcfb said:
    One word: Hammer.
    Four little words Hammer and some nails
    Reply