Question: I’ve got a set of computers that have had privileged information on that I want to be able to re-use. If I used a Windows boot drive to re-install Windows, how sufficient would that be towards keeping the old data safe?
I’m aware that the only sure way to secure the data is by grinding the hard drives (HDD for my purpose, but for the sake of a more useful reference, if there’s any difference for an SSD I’d like to know that too) into a fine powder, but how ‘good enough’ is it? If it’s not good enough, is there an alternative that leaves the hardware intact that is functionally good enough, assuming that incredibly powerful people don’t want my data, who’d just break out the pliers and get it anyway.
I don’t have any particular threat model – I’m talking about handing over the hardware and never looking at it again, and honestly don’t know how to construct a threat model. There would be legal ramifications if the data could be recovered, if that helps address the “how worried are you” kind of question in the comments.
Extra points that I’m interested in, but are tangentially related to the question so aren’t required for an answer is; what other issues am I likely to run into if I were to give/sell these computers on? (My organisation owns the computers and the licences for Windows, and would like to offer them to employees once we’re done with them). I believe there’s an issue with transferring the Windows licence, for example.
Answer: Create a DBAN USB or CD and wipe the drive. ?This utility is designed to wipe a hard drive by overwriting it. ?DBAN only works on hard disk drives (HDD), not solid state drives (SSD).
You do not need to do a multipass wipe. ?A single pass is all you need to prevent others from reading your drive. ?The 7 pass wipe is a myth that still persists to this day.
Reinstalling Windows can overwrite some, none, or all of the data. ?Creating a simple DBAN boot disk and using it mitigates all the risk.
As for the Windows licenses, if the license came bundled with the computer, or were bought individually, they can be given to someone else. ?You can always call Microsoft to confirm the validity of selling a license.