I've been tasked with securely erasing SSDs in our company to ensure that all data is completely unrecoverable, even with advanced forensic techniques. I did some research, but I found a lot of conflicting advice. Some recommend third-party software, others suggest using specific Linux distributions, and some argue for manufacturer tools instead.
I attempted to use vendor-specific applications, starting with a Western Digital NVMe drive, but their software didn't even recognize the disk. Looking for a more reliable solution, I also tried using `nvme-cli` through WSL, but since we're connecting the drives via a USB-to-NVMe adapter, it didn't work.
Now I'm stuck and need to know: is there a viable method for securely erasing both SATA and NVMe SSDs when they're connected through USB? If not, what's the best alternative approach I should take?
5 Answers
Honestly, the most fail-proof method is to physically destroy the drive. If you're in a regulated industry, it's best to use a certified destruction service. However, if that's not an option due to company policy, then it's tricky.
How about encrypting the drive with BitLocker first before erasing it? That way, even if there's any data left, it should be unreadable after you wipe it.
Just be cautious—internal overprovisioning might leave some data recoverable. It's effective only if the drive was encrypted before any sensitive data was added.
If you're using WSL, it won’t have direct access to the hardware. A better route would be to boot from a live Debian or Ubuntu image and then use `hdparm` or `nvme-cli` to securely erase the drives.
Securely erasing SSDs over USB is generally unreliable. Most vendor tools and `nvme-cli` need a direct connection for commands like Sanitize or Secure Erase to function properly. The best practice is to connect the drive directly to a motherboard or use a proper SATA/NVMe dock. Then, utilize either the manufacturer's secure erase utility or `hdparm` for SATA and `nvme-cli` for NVMe. For techs at a beginner level, you can create a simple checklist: 1) connect directly 2) run the verified erase command 3) confirm the drive is empty afterwards. Anything done over USB might not be reliable.
Using the right tools is key—no need for manufacturer-specific utilities! You could use `dd` or `shred` in WSL. Just run the commands to overwrite the data:
```bash
sudo dd if=/dev/zero of=/dev/sda bs=1M status=progress
sudo dd if=/dev/urandom of=/dev/sda bs=1M status=progress
sudo shred -v -n 3 /dev/sda
```
Just remember to replace `sda` with your actual USB/NVMe device name.
That might be okay for HDDs, but be cautious with SSDs! They might not respond well to those commands.
We're not in a regulated industry, but we still want to minimize the risk of data recovery as we resell old drives. So physical destruction isn't a great option for us.