What Is Secure Erase?

Definition of Secure Erase and How It Wipes a Hard Drive

A picture of a hard drive
© TS Photography / Getty Images

Secure Erase is the name given to a set of commands available from the firmware on PATA and SATA based hard drives.

Secure Erase commands are used as a data sanitization method to completely overwrite all of the data on a hard drive.

Once a hard drive has been erased with a program that utilizes Secure Erase firmware commands, no file recovery program, partition recovery program, or other data recovery method will be able to extract data from the drive.

Note: Secure Erase, or really any data sanitization method, is not the same as sending files to your computer's Recycle Bin or trash. The former will "permanently" delete files, whereas the latter only moves the data to a location that's easy to flush away from the system (and just as easy to recover). You can read more about data wipe methods through that data sanitization link above.

Secure Erase Wipe Method

The Secure Erase data sanitization method is implemented in the following way:

  • Pass 1: Writes a binary one or zero

No verification of the overwrite is needed with the Secure Erase method because the writing occurs from within the drive, meaning the drive's write fault detection prevents any misses. This makes Secure Erase very fast compared to other data sanitization methods and arguably more effective.

This is different than other data sanitization methods like CSEC ITSG-06, RCMP TSSIT OPS-II, and NAVSO P-5239-26, which usually implement a verification after the first or last pass, and/or any other passes.

Some specific Secure Erase commands include SECURITY ERASE PREPARE and SECURITY ERASE UNIT.

More About Secure Erase

Several free hard drive erasing programs work via the Secure Erase command. See this list of Free Data Destruction Software Programs for more information.

Since Secure Erase is a whole-drive data sanitization method only, it is not available as a data wipe method when destroying individual files or folders, something tools called file shredders can do. See our Free File Shredder Software Programs list for programs like that.

Using Secure Erase to erase the data from a hard drive is often considered the best way to do so because the action is accomplished from the drive itself, the same hardware that wrote the data in the first place.

Other methods of removing data from a hard drive may be less effective because they rely on more standard ways of overwriting data.

According to National Institute of Standards and Technology (NIST) Special Publication 800-88 [PDF file], the only method of software-based data sanitation must be one that utilizes a hard drive's Secure Erase commands.

It's also worthwhile to note that the National Security Administration worked with the Center for Magnetic Recording Research (CMMR) at the University of California, San Diego, to research hard drive data sanitation. A result of that research was HDDErase, a freely available data destruction software program that works by executing the Secure Erase commands.

Secure Erase is not available on SCSI hard drives.

Security Erase is another way you might see Secure Erase discussed, but probably not often.

Note: You can not run firmware commands on a hard drive like you can run commands in Windows from the Command Prompt. To execute Secure Erase commands, you must use some program that interfaces directly with the hard drive and even then, you probably won't be running the command manually.

Secure Erase vs Securely Erasing a Hard Drive

Some file shredder programs and data destruction software have the words secure erase in their names or advertise that they securely erase data from a hard drive. However, unless they specifically note that they use a hard drive's Secure Erase commands, they likely do not.

What's happening is that they call their erasure method secure because it is: it makes your computer more secure by overwriting the data with zeros, ones, or random data to make it harder for someone to discover what's been deleted from the drive.

In other words, while all data wipe methods could be argued to be secure because of the nature of what they're doing, not all of them can accurately say that they use the Secure Erase method.

So, watch out for that before deciding on a program because you think it's using Secure Erase. For example, Secure Eraser and SDelete (Secure Delete) might look like they support Secure Erase but they actually do not. MHDD, CopyWipe, and hdparm are a few examples of free data destruction programs that do use Secure Erase.