Answer Line: Wipe Your Drive Clean of All Its Sensitive Data

I'm replacing my hard drive. How do I totally obliterate sensitive data on the old drive?

Jim Mercer, via the Internet

To truly erase data, you need to write over it. Simply deleting files or reformatting the drive won't do. Luckily, plenty of free and inexpensive wipe programs (also known as shredders) can cover the data with zeroes or random patterns, making it unreadable by data-restoration software.

Some machines can recover data that's been written over only one or two times, however. That's where secure delete standards, such as the Department of Defense 5220.22-M, come in. According to this specification, overwriting the drive sectors three times with specific, different characters constitutes one pass. Many experts recommend seven such passes to render the data completely unrecoverable. But reading data that has been overwritten by even the simplest shredders requires expensive hardware, so unless you're worried about professional sleuths, such thorough overwriting probably isn't necessary.

Keep in mind that deleting just the sensitive files may not protect you fully. Unidentified copies of those files could exist in "unused" parts of your hard drive, or in your swap file, among other possible locations. It's a good idea to wipe these areas of your drive as well--or go the surefire route and wipe your entire hard drive. (See "Hard Drives Exposed" for more on the dangers of unwiped hard drives.)

To clean up specific files (none holding state secrets) and the drive's free space, rely on Summit Computer's free Hard Disk Scrubber 2. To be extra cautious, check Heavy Scrub to write over the disk three times (see FIGURE 1). Visit Summit to download your copy.

A more powerful option is Jetico's $40 BCWipe 3, which adds 5220.22-M support and cleans up unused space in the swap file. Visit Jetico to download the trial version.

To wipe the entire drive, I recommend LSoft Technologies' free Active@ KillDisk or its $30 sibling, Active@ KillDisk Professional. The DOS programs load from a bootable floppy and overwrite every partition on the hard drive. The free version does a basic wipe, covering the drive with zeroes in one pass. Professional adds 5220.22-M-compliant wiping, and it will make as many passes as you like.

Wiping takes time, however. On my test system, KillDisk took more than 12 hours to complete one pass of a 13GB drive. The recommended seven passes could take days. You can download the freeware version from our Downloads library, or head to the vendor's site to buy the Professional version.