Hard drives may become obsolete from time to time. Maybe your are switching to a new PC or replaced a hard drive with a new one. You may also sell a PC or laptop, or hand it over to someone else.
Data on hard drives may be recoverable, even if you format the hard drive. Windows suggests quick format by default. While that is super speedy, it also leaves the files untouched on the hard drive. Anyone with the right tools may recover the files. Files may contain sensitive information. They may range from personal photos and videos to bank account statements, emails, receipts, letters or your browsing history.
You may want to protect the files in most cases. The best option is to never give away hard drives or other storage devices. This may not be viable in many cases, though.
A full format may work in some cases, but there is an even better option. One that ensures that data can’t be recovered, even with professional tools.
This solution relies on encryption.
The process
The main idea is to encrypt the entire hard drive to protect all data. You’d then run a second full encrypt on the drive afterwards to prevent brute force attacks.
Here is what you need:
- VeraCrypt, an open source encryption software.
You may also use other encryption tools if you prefer those. Note that the following steps apply to any drive that is not the system drive (the drive with the operating system).
Make sure the hard drive is connected to the PC. Here are the required steps:
- Start VeraCrypt.
- Select Volumes > Create New Volume from the menu at the top.
- Pick Encrypt a non-system partition/drive and select Next.
- Confirm the UAC prompt on Windows.
- Keep “Standard VeraCrypt volume” selected and activate the Next button again.
- Activate “select device” and pick the drive that you want to erase all data on and protect. Select Next afterwards.
- Keep “Create encrypted volume and format it” and select Next on the next screen,
- Pick an algorithm, any will do, and select Next. Tip: you may run a quick benchmark to find out which runs well on the device.
- Select Next on the Volume Size screen.
- Type a secure password. You don’t have to remember it. Use copy and paste if you like.
- Check the “use PIM” option to add even better protection.
- Select the Next button.
- Type a PIM. The default value is 485. Selecting any other number makes recovery attempts difficult. Select Next to continue.
- If the PIM is larger, confirm the message with OK.
- Move the mouse around in the window to create randomness. Select Next once the status is green.
- Confirm that all data on the selected drive will be erased with a click on the Yes button.
- Wait for the process to finish.
Note that full formats may take a while to complete. It depends largely on the speed of the drive. The following screenshot was taken from a full format of an external hard drive.
Now repeat the entire process. You can change the format type from Full Format to Quick Format under Volume Format to speed up the process.
Protecting data on an entire PC / laptop
The process is somewhat different if you plan to sell or hand over an entire PC. This requires a system encryption, which VeraCrypt supports.
The process is nearly identical. Here are the main differences:
- Select System > Encrypt System Partition / Drive in VeraCrypt.
- The process of encrypting the system drive is identical, with one notable exception:
- VeraCrypt wants to run a test to make sure that the operating system boots fine after the drive has been encrypted.
- Once you have encrypted the system partition with a strong password and PIM, initiate a reset of the system if you use Windows.
- In Windows 11, go to Settings > System > Recovery > Reset this PC > Reset PC.
- Follow the instructions. Make sure you select to keep no files or other data.
Resetting is important, as it ensures that Windows can be booted. That is all to the process.