Powershell – How to Secure Erase a Drive

hard drivepowershellsecure-deletewindows

Does Powershell have a built-in way to secure erase a disk? By secure erase, I mean writing random data or all zeros to the entire disk. By disk, I mean the whole physical disk, not individual files, mounted volumes or filesystems.

I found Clear-Disk, but that appears to simply wipe the volume information from the partition tables.

I know there are third-party utilities out there, and Microsoft's own diskpart clean can do the trick, and heck, one could even drop into Linux on Windows and use shred or dd to make the data take a dirt nap…

But can pure vanilla Powershell do it? (without resorting to a complex script or external library call)

Best Answer

There are things you can do in PowerShell to effectively secure data on your disk, depending on your need to erase/dispose/recycle a drive. Unfortunately there is no easy Erase-Disk -Secure cmdlet.

The ATA "SECURE ERASE" and "SANITIZE" commands can be sent to the storage device controller and are usually your best technological bet for quickly and securely erasing an entire disk. However, Microsoft's AHCI driver blocks these commands unless you're running in a WinPE environment. No software running in normal Windows installations can pass ATA commands. https://docs.microsoft.com/en-us/windows-hardware/drivers/storage/security-group-commands

You could probably build a WinPE environment that ran a powershell script to send ATA commands, but then you might as well use a bootable dban image instead.

A solution you could automate using PowerShell from within Windows is BitLocker. Command BitLocker to encrypt either used disk space or all disk space via the GUI or PowerShell, and once encrypted, your data is non-recoverable without the BitLocker key.

https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10

You could also try the built in reset feature of Windows 10 in "recycle" mode which does a secure erase of the onboard storage. I wasn't able to find documentation on automating the process, and only saw systemreset -cleanpc mentioned. I'll update my answer if anybody can find the documentation on automating this.

Related Solutions

Windows PowerShell – How to Diff Two Text Files

Figured it out myself. Because Powershell works with .net objects rather than text, you need to use get-content to expose the contents of the text files. So to perform what I was trying to do in the question, use:

compare-object (get-content one.txt) (get-content two.txt)

Hard Drive Erasure – Fastest and Surest Way to Erase a Hard Drive

DBAN:
dban, Darik's "boot and nuke" bootable cd will do this. It takes a while, but that is because it really makes sure everything get erased when you use the longer format options.

Keep in mind 'sure' and 'fast' are opposing forces with something like DBAN. The faster the wipe, the easier it will be to recover the data.

Other Options:
If you have a lot of drives, you might consider looking at 3rd party vendors that provide this service, lots of companies that shred paper will do this service as well (for tapes and hard drives). If this is something you are going to be doing a lot in the future, you might want to buy a degausser. Both the 3rd party vendor and the degausser options will destroy the drives for future use, but you could still donate the rest of the hardware.

Best Answer

Related Solutions

Windows PowerShell – How to Diff Two Text Files

Hard Drive Erasure – Fastest and Surest Way to Erase a Hard Drive

Related Topic