Your computer probably contains a ton of sensitive information about you, your job, and maybe even your finances. Before you sell or dispose of your computer, you absolutely must make sure you destroy any data on it.
Deleting your files is not enough; and neither is formatting your hard drive. I'm going to show you how easily those deleted files can be recovered, and how to make sure they are destroyed properly.
If you don't want to know how deleted files can be recovered, and you already know what type of drive you have, then you can skip this part. But make sure you use the right process; because a lot of the information you'll find on the internet only works on mechanical drives, and is frankly dangerous to use with a solid-state drive.
You might well think that when you delete a file, it's gone. Not really. In fact when you delete a file, usually even if you empty the recycle bin, it's left 100% intact. That sounds mad, but it's actually the fastest and most efficient thing to do because of the way your files get stored.
Your computer probably has hundreds of thousands of individual files on it. If it needed to search through all of them on your hard drive every time it needed a file, it would take ages. Think about how you'd find a specific item in a catalogue. You wouldn't start leafing through hundreds of pages to find a specific pipe fitting. You'd go the index first, to find out what page the pipe fittings were on. Your computer does the same kind of thing - looking up the location of your files in an index of sorts. For the NTFS file system that index is the Master File Table. When you delete a file; rather than taking the time to erase all the pages of data in your catalogue, it simply deletes the index entry, so the computer sees those catalogue pages as available to be overwritten. Your computer only bothers to check the index, so this makes it look like the file is gone; but until another file comes along and is written onto the same space in your hard drive that the old one was on, the original data is all still there.
There are loads of tools that can scan your computer for the remains of these deleted files, and bring them back if they haven't been overwritten yet.
If you're selling your computer, you don't want the new owner to be able to do this and access your files. If you're disposing of it, the same goes for anyone who picks it out of a bin at the recycling point. To make sure that doesn't happen you have two options: a secure wipe, or physical destruction of your drive.
The main difference is that if you physically destroy the drive, nobody's going to be able to use it again in the future, which wouldn't be appropriate if you're planning to sell it on. Before you do either of these things, though; you need to identify what type of drive you have.
Hard drives fall into one of two categories: mechanical drives and solid state drives. They store data in completely different ways, so if you're planning to wipe or destroy them you need to use the right process for the type of drive you have. There are also hybrid drives which are mechanical drives with a bit of solid state bolted on to speed it up. For the purpose of this article you can consider a hybrid drive to be a mechanical drive.
If you don't know what type of drive you have, the best way to find out is to look up its model number. That aside you can usually tell just by looking at it. If it looks like a stick of circuit board with some chip soldered to it, then it's solid state. If it's a four inch wide metal box, then it's almost certainly mechanical. We call it a three and a half inch drive because "history". Three and a half inch solid state drives do exist; but if you've got one then I suspect you also know what you've got. In between you have two and a half inch drives, which are like scaled down versions of the previous one. You will commonly find both solid state and mechanical drives in this form factor, so if you can't tell by looking at it, Googling the model number is your safe option.
We're going to talk about how you can destroy your data next. Now you know what type of drive you have, how do you destroy the data?
Let's start with the mechanical type, first. This stores data magnetically on the surface of circular platters that spin at high speed. If you've ever wondered why a metal box is called a hard "disk" well there's your disk right there. A little arm scoots out and positions a read/write head over the disc to catch the data as it flies past. To physically destroy the data, we need to destroy these platters; or at least the surface of them.
Important warning here. Never ever open a hard drive unless you intend to destroy it. The tolerances in here are so small that if a speck of dust gets caught between the write head and the platter, that could be enough to cause a head crash and shred your data. Never attempt a physical DIY recovery if you care about the data. It's a job for a professional, with the right tools and a clean room. If you try to DIY it, you're likely to end up increasing the cost of recovery and the likelihood of total loss.
Let's say you want to sell the computer on with a working hard drive. A lot of folk won't have the knowledge to install a new drive and put Windows on it, so this is the only type of second-hand computer they'll want to buy. You can use a free tool called DBAN to securely erase a mechanical hard drive. You can download this, burn it to a cd, or copy it to a USB drive, and then boot your computer off it. Then it's just a case of selecting the right drive and starting the erasure program.
Make sure you select the right drive, though; because there's no "undo" option here. The process will take a long time. It's overwriting every piece of data on your drive several times to make sure that any remnants of old files are gone, and there are no magnetic shadows to give away what used to be there. Once it's finished you've got a blank drive that you can format and reuse. If you want to go belts and braces on this, you can always erase the drive with DBAN and then destroy it.
What you should absolutely not do, though; is use DBAN on on a solid state drive. They work entirely differently.
Solid State Drives
A solid state drive doesn't have any platters, and it doesn't use magnetism. It stores data in flash memory chips. That means you need to treat it differently.
If you want to physically destroy it, you need to destroy the chips themselves. You don't need to do this for a mechanical drive, because the chips on the mechanical drive are just for controlling the drive's functions. They can be replaced without affecting your data.
With a solid state drive the data lives in the chips, so those need to be the target of your aggression. Erasure is different, too.
Flash memory can only handle a finite number of writes before it degrades and stops working. To prevent drives from wearing out prematurely, the controller in the drive spreads data writes evenly across different parts of the drive. This poses two problems for a tool like DBAN. If DBAN tells the drive to overwrite the same piece of data three times, that's not actually going to happen; because controller is going to redirect those writes to three different parts of the drive in order to spread out the wear and tear.
The other problem is that because DBAN relies on overwriting the entire drive multiple times, it's going to reduce the lifespan of a solid state drive. So you end up wearing out your drive and not necessarily erasing all of the data as well as you might have thought. There are paid tools that can securely erase solid state drives, but the manufacturers of these drives usually have a tool you can download and use for free. These will trigger a secure erasure process that's built into the drive itself. What these actually do will depend on the drive.
Some of them wipe the drive by applying a voltage to all of the flash cells. Some of the drives internally encrypt all of the data they store. This isn't a security measure, because they also decrypt it again before passing it back to you. What it does mean, though; is the drive can simply throw away its encryption key and generate a new one, and all of the previously stored data is unreadable.
Speaking of encryption... you can largely sidestep this whole problem entirely by encrypting your drives in the first place. If your drive is encrypted, then all you really need to do is throw away the encryption key, and the data is gobbledygook. It's not a bad idea to destroy or erase the drive anyway, but it's not critical. I would advise you always encrypt your drives if you have the opportunity; because if your computer gets stolen, the thief is unlikely to offer you the opportunity to carry out a secure wipe first.
Finally, if this is something you need to do at a large scale, then you should look at more industrial options. Huge datacentres like Amazon's do not destroy drives with a hammer or DBAN. They have industrial shredding machines that will tear the drives to tiny pieces. If you're not Amazon but you do have a company full of drives to dispose of, then it's probably worth outsourcing the problem to a third party who'll take care of it for you. Let them chuck the drives into their shredder, rather than waste the next few months of your time hitting things with a hammer!
Degaussers used to be something of a popular middle ground when you had fewer drives than would warrant a shredder, but too many to hit with a hammer. A degausser basically acts as a really powerful magnet, that effectively wipes a mechanical drive. It does render them unusable as well, because it wipes everything - including some code needed for the drive to function. Degaussers are not effective for solid state drives though, because solid state drives don't use magnetism to store their data. Bear that in mind before you go and buy one. You're going to need another solution for your solid state drives, anyway.
Remember to never dispose of a computer without first rendering its data unreadable; and if you can, you should make a point to encrypt it in the first place.