Before a person gives his laptop away and wants to erase all info/data

Strictly speaking, no, not nowadays.

Back in the days of magnetic storage, you could boot a Linux live disk, find the hard disk in /dev (say /dev/sda), and then go “shred /dev/sda” as root. That would write a random pattern over the whole disk, and then do it again another two times.

Flash drives don’t present all of their contents to the file system, so a determined opponent could recover some of your data even after shredding.

Most of us don’t have anything that earthshaking on a disk anyway, and don’t have anyone who might want to make that much an effort to recover it, so shred is still an option.

Cheers

Phil Hobbs

One can always use the hammer data erase - I did that for a friend's company - they had forty odd drives they wanted to be unreadable - a sledge hammer did that quite quickly...I could have used the drill press as well, but the hammer was more satisfying.

USB sticks and SSDs also respond well to the hammer data clearing treatment.

John :-#)#

One can always use the hammer data erase - I did that for a friend's software development company - they had forty odd drives they wanted to be unreadable - a sledge hammer did that quite quickly...I could have used the drill press as well, but the hammer was more satisfying.

USB sticks and SSDs also respond well to the hammer data clearing treatment.

John :-#)#

There are various tools that will fill the disk with random data several times over. That won't quite work against a forensic specialist if the data was valuable but should be good enough for all practical purposes.

They tend to be called something like shred. This advice looks OK

SSD's present a bit more of a challenge there can be orphaned blocks with faults that contain your data frozen and inaccessible by normal means but which could be retrieved by a forensic specialist with the appropriate tools (basically hidden in bad blocks or by wear levelling).

Yes, but it'll cost ya. There are disk drives that secure the data by encrypting on-the-fly all the time, and decrypt on-the-fly so it all happens transparently. They're 'enterprise' models, sometimes with odd (SAS, fibre channel, whatever-it-is-this-decade) connection requirements.

Those drives store an internal key that can be overwritten when you want to lose the data. Even 'bad blocks' are encrypted, so the loss of the key makes every bit of the data on the drive into... semi-random bits.

Absolutely all data is hard because the hard drive may have blocks set aside that are 'bad' but not empty, which aren't addressable with normal read/write commands.

For a MacBook, you can wipe out your personal data by making a new user account, giving it admin privileges, and using it to delete your user account. When the deed is done, the user folder is accessible for 'secure delete' with the privileges of the new user.

A cloud copy can exist, for some items, of course. Chasing THAT data down is more confusing.

Just delete the embarassing stuff and write a giant random file until the drive is full. Nobody but maybe the CIA has a chance to recover anything after that.

The 'elsewhere' question is... no, not generally going to be allowed, even for a privileged user, to stray outside the user folder. That's irritating, because only the 'shared' folder is allowable for multiuser read/write items, unless you use the terminal window and SUDO everything...

Well, portions of anything in RAM can be swapped out on any OS that uses virtual memory. It isn't coherent files with organized info, though, and gets overwritten so only recent activity ought to leave traces. There's a journaling system that ought to keep that kind of data corralled even through hard shutdowns, but I can't say how often one REALLY erases anything on SSD media, because the OS has the load-leveling thing to worry about.

If any disk drive has to be shredded, a small one dedicated to swap operations would be the candidate.

That is about what the standard zappers do except that you have to do it two or three times over to weaken residual signals. It depends what technical level of adversary you expect to be going up against.

Most times what you suggest will be good enough. Although you could be unlucky and find your entire password file in plaintext sat inside a bad block (if you were daft enough to store it that way).

These drives will show a time of 2 minutes for SATA secure erase

"2min for SECURITY ERASE UNIT"

This is for most server drives and many desktop drives, also some USB hard drives.

(in practice it takes closer to 2 seconds, but it's an interger field (byte?) and the measuring unit is 2 minutes)