Seagate Tools Erase Track Zero

Your data may be stored on a wide variety of different physical media, such as an internal or external hard drive or a USB flash drive. Before repurposing or recycling a laptop, desktop, or other computing system, it's critical to protect your data by securely erasing or disposing of the physical storage.

1. Seagate Tools Erase Track Zero Gravity

Writing zero to hard drive is one of the popular data sanitization methods nowadays. This method is also known as the Single Overwrite method and called zero-fill erase or zero-fill. It is a process of replacing existing data on hard drive with zeros, so as to prevent most hardware-based and all software-based recovery methods from extracting. Write zero is a method of formatting a hard disk whereby the formatter overwrites the disk contents with zeros. It is also called zero fill erase or zero-fill. As the data is manipulated at the most basic level, this method is considered as low-level format. You may demand to write zeros to Seagate hard drive for the following reasons.

When a device has had its data securely erased or destroyed, a clean media labelshould be affixed to the device, signaling that it is ready for disposal.

If you do not feel completely comfortable securely erasing your data, please contact the UVM Tech Team and schedule an appointment to visit the Computer Clinic.

To prevent accidental DATA loss, disconnect any disk drives that are not targeted for secure erasure!

Recommended Methods

Physical drive destruction is only available to computers and storage media that are owned by the University of Vermont

Computer hard drives and storage media can be brought to the Computer Clinic and submitted for destruction. Hard drives will be removed from computers and physically destroyed.

Computers will be returned to you (with the hard drive removed) and will require a Surplus Pickup Request to dispose of the electronic waste properly.

If your computer does have have removable storage media (NVMe soldered to the system board) the guides below may required to securely erase your data.

This service is provided by Enterprise Technology Services at no cost to departments.

BitLocker encrypted disks enable you to quickly sanitize the device by deleting the encryption key, which renders the data on the drive irretrievable. To sanitize the contents of a BitLocker encrypted disk, follow the steps outlined below.

• This guide assumes that you are not booted to the disk that you're attempting to securely erase. You must connect the target disk to another machine via USB dock, or opt to boot to LiteTouch, or Windows Recovery media.

1. Connect the target disk to the computer.
2. Press the on your keyboard, search for the Disk Management program.
   
3. Verify that the target disk is BitLocker Encrypted. In this example, D: is the target disk.
   
4. Right-click on the target volume, from the menu that appears select Delete Volume.
   • If your disk has more than one partition, repeat this step until the disk is completely unallocated space.
     

FileVault encrypted disks enable you to quickly sanitize the device by deleting the encryption key, which renders the data on the drive irretrievable. To sanitize the contents of a FileVault encrypted disk, follow the steps outlined below.

Requirements:

• macOS 10.12 or higher is required for Disk Utility to see APFS formatted volumes.
• This guide assumes that you are not booted to the disk that you're attempting to securely erase. You must connect the target disk to another machine via target disk mode, USB dock, or opt to use Internet Recovery to perform the following steps.

1. APFS and HFS+ encrypted volumes are housed within a logical 'container' disk within the physical disk's available space. By default, Disk Utility only displays available volumes. To display physical disks and containers, click the 'Sidebar' menu and select 'Show All Devices'.
   
2. Verify that the target volume is encrypted with FileVault by selecting the volume from the Sidebar and viewing its details. If you find that the volume is not encrypted, you may want to use one of the 'Alternative Methods' for securely erasing data below. If the machine does not have a removable hard drive, ETS recommends encrypting the disk first, and then proceeding with this guide.
   
3. After confirming the disk is encrypted, the disk can be reformatted. It is important to understand that simply reformatting the encrypted Volume is not enough.
   • Seagate Expansion Media = Physical disk
   • Container disk3 = Logical container disk
   • Macintosh HD = Logical Volume
4. To securely sanitize data on the disk, the entire container must be deleted. To delete the container, select the Physical disk from the Sidebar. In this particular example, the Physical disk is 'Seagate Expansion Media'. When the physical disk has been selected, click the 'Erase' button.
   
5. The default options should work, click the 'Erase' button to wipe the container and securely sanitize the disk.
   

Alternative Methods

One of the most efficient ways to securely erase a disk is to issue an ATA Secure Erase command. When a Secure Erase is issued against an SSD all of its cells will be marked as 'empty', restoring it to a factory default state. Most modern magnetic spindle disk drives also support the command.

Requirements:

• This guide assumes an IDE, SATA, or PCIe connected disk. In testing, disks connected via a USB dock have also worked.
• SSD or modern Spindle Disk drives.

1. Boot to SystemRescueCD on the machine you'd like to securely erase.
   • On Dell systems, you may need to temporarily disable 'Secure Boot'.To disable Secure Boot, tap F12 at boot, then select the 'Change Boot Mode Setting'. From the options that appear, select 'UEFI with Secure Boot disabled'.
2. SystemRescueCD will boot to a shell prompt.
   
3. SSD drives are locked down with a 'security freeze' set by BIOS at boot. To 'un-freeze' a disk we can simply put the computer to sleep for a moment with the following command. After the command has been issued, tap the power button to wake your computer and continue to the next step.
4. List all connected disks with the following command:

   This will display details of all connected disks, including the 'logical name' of each disk. Locate the 'logical name' of the target disk and replace /dev/sdX in the commands below with that name.

5. Set a security password that will be used to erase the disk. In this case, the password is set to NULL.
6. To securely erase the disk run the following command:
7. In testing, the average time for SECURITY ERASE completion was less than two minutes for a 256GB SSD. Note that spindle disk drives will take considerably longer (hours) to complete.
8. When the command completes, verify the disk has been wiped.

To securely erase data, hard disk drives fill the occupied space on the drive with a file consisting of zeroes or execute multiple writes of different characters. However, solid-state drives use wear-leveling algorithms that evenly distribute data among SSD blocks, which means that data is constantly moved around on the drive so the blocks will be worn at an equal rate. Standard secure deletion tools damage SSDs by performing an unnecessary number of additional writes without being able to tell where the data is written.

To securely erase data from a solid-state drive, use one of the following methods:

• Manufacturer-specific software if possible, use software provided by the manufacturer of the drive to erase an SSD. Many manufacturers offer software that allows for securely erasing the drive, as well as other functions such as updating firmware or checking the health of the drive. Use the instructions provided by the manufacturer to erase the SSD. The following manufacturers provide software to securely erase an SSD:

  If you cannot locate the manufacturer of your SSD, or if the manufacturer does not provide software for securely erasing the drive, you can try using a generic utility, or submit the drive for physical destruction at the Computer Clinic.

Requirements:

• This guide assumes you're zeroing a magnetic spindle disk drive.
• If you are looking to securely erase data stored on a Solid State Disk, please see the 'Secure erase a BitLocker encrypted volume', 'Secure erase a FileVault2 encrypted volume', or 'ATA Secure Erase' guides above.

1. Boot to SystemRescueCD on the machine you'd like to securely erase.
   • On Dell systems, you may need to temporarily disable 'Secure Boot'.To disable Secure Boot, tap F12 at boot, then select the 'Change Boot Mode Setting'. From the options that appear, select 'UEFI with Secure Boot disabled'.
2. SystemRescueCD will boot to a shell prompt.
   
3. List all connected disks with the following command:

   This will display details of all connected disks, including the 'logical name' of each disk. Locate the 'logical name' of the target disk and replace /dev/sdX in the commands below with that name.

4. To write zeros to the target disk and display it's progress, use the command below:
5. When the dd command completes, verify the disk has been wiped.

Due to the prevalence of solid-state drives (SSDs), Apple has removed many of the tools previously provided to securely erase data from hard disk drives (HDDs). If you're looking to securely erase data from an SSD, please use a different guide.

Mac OS X has retained the following built-in options for securely removing data:

• For whole file systems, use the Disk Utility app, which can be found in any of the following places:
  • In the Applications/Utilities/ folder on your hard drive.
  • Booting to Internet Recovery (Command+Option+R or Command+R)

  In Disk Utility, choose the file system you want to wipe, and then select the Erase tab. If you have a hard disk drive, select Security Options to choose the security level of the erasure.

  If a solid-state drive is detected, Security Options may not be available for selection.

Related Articles

Okay, this is another one that annoys me: The claim, the myth that certain three letter agencies can recover data from erased or zero filled hard drives. The claim that those can magically ‘read' and reconstruct data from ‘latent magnetic residue' (I am not making this up, others did) using special machines and whatnot.

Wobbly heads

Idea is that the positioning from read/write heads is not exact. so new data (the zeros) may be written slightly off-track compared to the original data that can thus be recovered. My common sense tells me that IF exact head positioning is so difficult, then reading exactly those latent tracks is very difficult. And that IF head positioning is so difficult then there's a chance that indeed some of the previous data may survive while other parts are actually overwritten. So at best you'd have partial data without the context of a for example a file system. You'd have binary blobs at best.

Now, assume a specific area was overwritten with new data several times as data was deleted or modified and rewritten by the same wobbly read/write heads. And finally the zero fill. Now results will be even more confusing as we'd have several layers of imperfectly overwritten data.

Zeros and ones

By the way, modern hard drives may depend to a degree on error correction when reading data. Data reads may be imperfect, but this imperfection is detected and corrected using ECC error correction. Each sector is ‘guarded' by an ECC checksum that is computed as data is written, and data read at a later time is checked against that checksum and if needed corrected. Using ECC we can detect exactly which bits are off, the ones that were supposed to be zeros and vice versa. These ECC codes will not be available when we're reading the latent magnetic data so we read (again) uncorrected fragmented tiny binary blobs at best.

Anyway I don't have a science degree and will not claim that I know how hard drives work at that level, but these guys do and have examined the claims: https://www.researchgate.net/publication/221160815_Overwriting_Hard_Drive_Data_The_Great_Wiping_Controversy.

Let's jump right to the conclusion:

So, if I zero fill my drive, no data can be recovered, right? WRONG!

Hah! You didn't see this coming I bet! What you are correct about is that data can not be recovered from zero-filled LBA space. No one can, not you, not me, not the CIA.

Recommended Methods

Physical drive destruction is only available to computers and storage media that are owned by the University of Vermont

Computer hard drives and storage media can be brought to the Computer Clinic and submitted for destruction. Hard drives will be removed from computers and physically destroyed.

Computers will be returned to you (with the hard drive removed) and will require a Surplus Pickup Request to dispose of the electronic waste properly.

If your computer does have have removable storage media (NVMe soldered to the system board) the guides below may required to securely erase your data.

This service is provided by Enterprise Technology Services at no cost to departments.

BitLocker encrypted disks enable you to quickly sanitize the device by deleting the encryption key, which renders the data on the drive irretrievable. To sanitize the contents of a BitLocker encrypted disk, follow the steps outlined below.

• This guide assumes that you are not booted to the disk that you're attempting to securely erase. You must connect the target disk to another machine via USB dock, or opt to boot to LiteTouch, or Windows Recovery media.

1. Connect the target disk to the computer.
2. Press the on your keyboard, search for the Disk Management program.
   
3. Verify that the target disk is BitLocker Encrypted. In this example, D: is the target disk.
   
4. Right-click on the target volume, from the menu that appears select Delete Volume.
   • If your disk has more than one partition, repeat this step until the disk is completely unallocated space.
     

FileVault encrypted disks enable you to quickly sanitize the device by deleting the encryption key, which renders the data on the drive irretrievable. To sanitize the contents of a FileVault encrypted disk, follow the steps outlined below.

Requirements:

• macOS 10.12 or higher is required for Disk Utility to see APFS formatted volumes.
• This guide assumes that you are not booted to the disk that you're attempting to securely erase. You must connect the target disk to another machine via target disk mode, USB dock, or opt to use Internet Recovery to perform the following steps.

1. APFS and HFS+ encrypted volumes are housed within a logical 'container' disk within the physical disk's available space. By default, Disk Utility only displays available volumes. To display physical disks and containers, click the 'Sidebar' menu and select 'Show All Devices'.
   
2. Verify that the target volume is encrypted with FileVault by selecting the volume from the Sidebar and viewing its details. If you find that the volume is not encrypted, you may want to use one of the 'Alternative Methods' for securely erasing data below. If the machine does not have a removable hard drive, ETS recommends encrypting the disk first, and then proceeding with this guide.
   
3. After confirming the disk is encrypted, the disk can be reformatted. It is important to understand that simply reformatting the encrypted Volume is not enough.
   • Seagate Expansion Media = Physical disk
   • Container disk3 = Logical container disk
   • Macintosh HD = Logical Volume
4. To securely sanitize data on the disk, the entire container must be deleted. To delete the container, select the Physical disk from the Sidebar. In this particular example, the Physical disk is 'Seagate Expansion Media'. When the physical disk has been selected, click the 'Erase' button.
   
5. The default options should work, click the 'Erase' button to wipe the container and securely sanitize the disk.
   

Alternative Methods

One of the most efficient ways to securely erase a disk is to issue an ATA Secure Erase command. When a Secure Erase is issued against an SSD all of its cells will be marked as 'empty', restoring it to a factory default state. Most modern magnetic spindle disk drives also support the command.

Requirements:

• This guide assumes an IDE, SATA, or PCIe connected disk. In testing, disks connected via a USB dock have also worked.
• SSD or modern Spindle Disk drives.

1. Boot to SystemRescueCD on the machine you'd like to securely erase.
   • On Dell systems, you may need to temporarily disable 'Secure Boot'.To disable Secure Boot, tap F12 at boot, then select the 'Change Boot Mode Setting'. From the options that appear, select 'UEFI with Secure Boot disabled'.
2. SystemRescueCD will boot to a shell prompt.
   
3. SSD drives are locked down with a 'security freeze' set by BIOS at boot. To 'un-freeze' a disk we can simply put the computer to sleep for a moment with the following command. After the command has been issued, tap the power button to wake your computer and continue to the next step.
4. List all connected disks with the following command:

   This will display details of all connected disks, including the 'logical name' of each disk. Locate the 'logical name' of the target disk and replace /dev/sdX in the commands below with that name.

5. Set a security password that will be used to erase the disk. In this case, the password is set to NULL.
6. To securely erase the disk run the following command:
7. In testing, the average time for SECURITY ERASE completion was less than two minutes for a 256GB SSD. Note that spindle disk drives will take considerably longer (hours) to complete.
8. When the command completes, verify the disk has been wiped.

To securely erase data, hard disk drives fill the occupied space on the drive with a file consisting of zeroes or execute multiple writes of different characters. However, solid-state drives use wear-leveling algorithms that evenly distribute data among SSD blocks, which means that data is constantly moved around on the drive so the blocks will be worn at an equal rate. Standard secure deletion tools damage SSDs by performing an unnecessary number of additional writes without being able to tell where the data is written.

To securely erase data from a solid-state drive, use one of the following methods:

• Manufacturer-specific software if possible, use software provided by the manufacturer of the drive to erase an SSD. Many manufacturers offer software that allows for securely erasing the drive, as well as other functions such as updating firmware or checking the health of the drive. Use the instructions provided by the manufacturer to erase the SSD. The following manufacturers provide software to securely erase an SSD:

  If you cannot locate the manufacturer of your SSD, or if the manufacturer does not provide software for securely erasing the drive, you can try using a generic utility, or submit the drive for physical destruction at the Computer Clinic.

Requirements:

• This guide assumes you're zeroing a magnetic spindle disk drive.
• If you are looking to securely erase data stored on a Solid State Disk, please see the 'Secure erase a BitLocker encrypted volume', 'Secure erase a FileVault2 encrypted volume', or 'ATA Secure Erase' guides above.

1. Boot to SystemRescueCD on the machine you'd like to securely erase.
   • On Dell systems, you may need to temporarily disable 'Secure Boot'.To disable Secure Boot, tap F12 at boot, then select the 'Change Boot Mode Setting'. From the options that appear, select 'UEFI with Secure Boot disabled'.
2. SystemRescueCD will boot to a shell prompt.
   
3. List all connected disks with the following command:

   This will display details of all connected disks, including the 'logical name' of each disk. Locate the 'logical name' of the target disk and replace /dev/sdX in the commands below with that name.

4. To write zeros to the target disk and display it's progress, use the command below:
5. When the dd command completes, verify the disk has been wiped.

Due to the prevalence of solid-state drives (SSDs), Apple has removed many of the tools previously provided to securely erase data from hard disk drives (HDDs). If you're looking to securely erase data from an SSD, please use a different guide.

Mac OS X has retained the following built-in options for securely removing data:

• For whole file systems, use the Disk Utility app, which can be found in any of the following places:
  • In the Applications/Utilities/ folder on your hard drive.
  • Booting to Internet Recovery (Command+Option+R or Command+R)

  In Disk Utility, choose the file system you want to wipe, and then select the Erase tab. If you have a hard disk drive, select Security Options to choose the security level of the erasure.

  If a solid-state drive is detected, Security Options may not be available for selection.

Related Articles

Okay, this is another one that annoys me: The claim, the myth that certain three letter agencies can recover data from erased or zero filled hard drives. The claim that those can magically ‘read' and reconstruct data from ‘latent magnetic residue' (I am not making this up, others did) using special machines and whatnot.

Wobbly heads

Idea is that the positioning from read/write heads is not exact. so new data (the zeros) may be written slightly off-track compared to the original data that can thus be recovered. My common sense tells me that IF exact head positioning is so difficult, then reading exactly those latent tracks is very difficult. And that IF head positioning is so difficult then there's a chance that indeed some of the previous data may survive while other parts are actually overwritten. So at best you'd have partial data without the context of a for example a file system. You'd have binary blobs at best.

Now, assume a specific area was overwritten with new data several times as data was deleted or modified and rewritten by the same wobbly read/write heads. And finally the zero fill. Now results will be even more confusing as we'd have several layers of imperfectly overwritten data.

Zeros and ones

By the way, modern hard drives may depend to a degree on error correction when reading data. Data reads may be imperfect, but this imperfection is detected and corrected using ECC error correction. Each sector is ‘guarded' by an ECC checksum that is computed as data is written, and data read at a later time is checked against that checksum and if needed corrected. Using ECC we can detect exactly which bits are off, the ones that were supposed to be zeros and vice versa. These ECC codes will not be available when we're reading the latent magnetic data so we read (again) uncorrected fragmented tiny binary blobs at best.

Anyway I don't have a science degree and will not claim that I know how hard drives work at that level, but these guys do and have examined the claims: https://www.researchgate.net/publication/221160815_Overwriting_Hard_Drive_Data_The_Great_Wiping_Controversy.

Let's jump right to the conclusion:

So, if I zero fill my drive, no data can be recovered, right? WRONG!

Hah! You didn't see this coming I bet! What you are correct about is that data can not be recovered from zero-filled LBA space. No one can, not you, not me, not the CIA.

All zero filling tools that I know of can only write (their zeros) to LBA space. LBA space is the space on a hard drive an OS, a tool can address to write to or read from. As far as the OS is concerned, LBA space is all the space that exists on a hard drive.

But that does not necessarily mean LBA space covers all space that exists on a hard drive. You may have heard of HPA (host protected area) or DCO (device configuration overlay). These are areas on a hard drive that exist outside LBA space. Using ATA commands a ‘wiper' could add these areas to LBA space. There's also plenty of tools that can do that for you.

So, if taken notice of, HPA and DCO can be wiped. However, there may still be space lurking on the hard drive, that contains user data but exists outside LBA space. Modern drives may reserve space for caching purposes for example. Seagates refer to this as ‘Media Cache'. This is low level information obtained from a 8 TB Seagate drive:

User Partition
LBAs 000000000000-0000756080F9
PBAs 000000000000-000076893477
System Partition
LBAs 000000000000-00000013497F
PBAs 000000000000-000000146F3F
Media Cache Partition
LBAs 000074702556-0000756080F9
PBAs 0000759486D0-000076893477
Spare pool
PBAs: 00007578F548-00007586BDF5 RST Available: 8000 SCT Available: EF
Spare pool (Multi-IOEDC Region)
PBAs: 00007687B32C-0000768872C1 RST Available: 400 SCT Available: 1A

The Media Cache partition is not inside LBA space. It is not a partition that will pop up in Windows Disk Management! Even if we completely zero fill the drive, potentially 60 GB of recently accessed data remains untouched in the Media Cache! This data can probably be recovered by a capable data recovery lab.

Seagate Tools Erase Track Zero Gravity

The only way to wipe this space is using the ATA Enhanced Secure Erase command.