2

I found on the Internet that if you use Diskpart with clean all command you can erase disk so that the data won't be recoverable.

And from my experience it is true, because having done this with my USB flash drive, I used Disk Drill to scan it and nothing was found.

However, on the Microsoft forum someone wrote that you can use EaseUS Data Recovery Wizard to recover data after executing this command. My question: Is clean all in Diskpart totally secure erasure method for SSD, HDD, USB flash drives and other storage device?

Improve this question
3

1 Answer 1

Reset to default
2

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/clean

"all - Specifies that each and every sector on the disk is set to zero, which completely deletes all data contained on the disk."

One could quibble about the term 'deletion' as what actually happens is that data is overwritten. Despite popular (?) belief, overwritten data can not be recovered.

I guess that person was confusing 'clean' without parameters.

I should add that on SSD's, SD Cards, USB flash drives and also SMR hard drives not all memory can be overwritten (or zeroed) as some portion is outside LBA user space. Such space can not be addressed as access to it is blocked by the firmware.

Depending on if an SSD is intended for end user use or professional use, some 7 - 20+ % may be reserved for overprovisioning which leaves this space with potentially recoverable data. Also, this for example is low level information obtained from a 8 TB Seagate SMR drive:

User Partition
LBAs 000000000000-0000756080F9
PBAs 000000000000-000076893477
System Partition
LBAs 000000000000-00000013497F
PBAs 000000000000-000000146F3F
Media Cache Partition
LBAs 000074702556-0000756080F9
PBAs 0000759486D0-000076893477
Spare pool
PBAs: 00007578F548-00007586BDF5 RST Available: 8000 SCT Available: EF
Spare pool (Multi-IOEDC Region)
PBAs: 00007687B32C-0000768872C1 RST Available: 400 SCT Available: 1A

The media cache partition is outside LBA user space and is approximately 60 GB in size. Zero filling this drive potentially leaves 60 GB recoverable data (using Acelab PC3000 for example).

Improve this answer
7
  • 1
    Unfortunately setting all logical sectors to zero doesn't mean that the data is no longer physically stored. It's especially true for solid state storage which tries to avoid write amplification -- all the competent SSD controllers will, and the best of "flash sticks" also. Even HDD had "spare sector" remapping.
    – Ben Voigt
    Commented Oct 18, 2022 at 22:51
  • True, so spare sectors and those reserved for overprovisioning are not zeroed. Also they can not be recovered using Easeus Data Recovery Wizard. I will edit answer.
    – Joep van Steen
    Commented Oct 18, 2022 at 22:53
  • 1
    One really needs to trigger the "Secure Erase" command, which is standard in SCSI and SATA, and may exist as manufacturer extension in other bus protocols. Works best with FDE, as it doesn't need to rewrite the entire drive, only replace the encryption key.
    – Ben Voigt
    Commented Oct 18, 2022 at 22:53
  • And I agree with your subsequent point that "Easeus Data Recovery Wizard" will only see zeroes, since it's going through the disk controller where the remapping takes place. But "totally secure erasure method" to me implies that even connecting to specialized data recovery circuitry cannot discover the original data, so "zeroed in the software layer" falls short of that.
    – Ben Voigt
    Commented Oct 18, 2022 at 22:56
  • Agreed, secure erase or enhanced secure erase (often 2 commands that accomplish the same) is the way to go.
    – Joep van Steen
    Commented Oct 18, 2022 at 23:01

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .