The security procedures presented in this article are designed to make it practically impossible to retrieve information from your device and standalone storage devices once they have been erased.

Magnetic Hard Disk or USB Drive on a Macintosh

Use the Disk Utility and select the 7-Pass Erase option. This will overwrite the entire contents of the hard disk or external USB drive seven times, which can take a long time depending on disk size and speed. This option does not appear if the Mac has a solid-state drive (SSD). See the Magnetic Hard Disk or USB Drive Using DBAN section to proceed.

Magnetic Hard Disk or USB Drive Using DBAN

Most computers can run the free version of DBAN. This is an "ISO image," which means that it can be used to create a bootable DVD, CD-ROM, or USB drive. This procedure is fairly technical but full details are available in this article, How To Securely Wipe Your Hard Drive with DBAN—Erase Your Data for Good.

Use Cryptographic Erasure

The methods used to securely wipe magnetic hard drives do not work for SSD drives. The recommended method to sanitize an SSD is to use "cryptographic erasure" as follows:

1. Encrypt the SSD, if it is not already encrypted with one of the following methods.
   
   1. For Windows, use Bitlocker.
   2. For Macintosh, use Filevault 2.
   3. If neither is available, use the freely available Veracrypt.
2. Remove the ability for someone else to recover the encrypted contents.

   For Bitlocker:

   1. Open Command (may require admin rights) from the Start menu, then type manage-bde -forcerecovery c:
   2. Shut it down.
3. For Filevault 2, reformat by:
   
   1. Restart.
   2. Hold down the Command and R keys when the grey startup screen appears.
   3. Select Disk Utility.
   4. Highlight the internal drive, then go to the Erase tab.
   5. Press Erase, accepting the defaults.
4. For other types of encrypted media, such as tapes or even online backups, encrypting the data with a new, strong encryption key, then destroying the key is an acceptable method, as long as you are the only one who knows the key.

USB Drive on Windows

Either of the two approaches will suffice. UChicago IT Security recommends the first method if you have already enabled Bitlocker. The second is the conventional recommendation.

• Method 1: Cryptographic Erasure
  
  1. Encrypt the USB drive with Bitlocker.
  2. Right-click the Drive icon in the Explorer.
  3. Select Turn On Bitlocker and follow the prompts.
  4. Right-click the Drive icon in Explorer again.
  5. Select Format, uncheck the Quick Format option, then press Start.
• Method 2: Conventional Method
  
  1. Download and install the freely available CCleaner program.
  2. Insert the USB drive.
  3. Start CCleaner. Select Tools. Select Drive Wiper.
  4. Select the USB drive (be very careful here!).
  5. Under Wipe select Entire Drive.
     Alert! All data will be erased!
  6. Under Security select Complex Overwrite (the process will run seven times).
  7. Select Wipe.

Smartphones and Tablets

If the device supports it, use the built-in settings to encrypt it. Then use the built-in settings to do a factory reset.

Dispose of Computer and Storage Devices

IT Services provides a device recycling service that properly sanitizes devices of all types before they are recycled. Contact computerrecycling@uchicago.edu for information and to make arrangements.

Server Recycling

When a server or disk array is to be retired, dispose of it using the IT Services device recycling program. Contact computerrecyling@uchicago.edu for information and to make arrangements.

Related Resources

The following resources may be useful for those who must address a sanitization need not covered above.

• Guidelines for Media Sanitization (PDF)
• Guidelines for Information Media Sanitization
• List of Data Erasing Software