How safely does reinstalling Windows wipe old data?
Sophia Terry 
I've got a set of computers that have had privileged information on that I want to be able to re-use. If I used a Windows boot drive to re-install Windows, how sufficient would that be towards keeping the old data safe?
I'm aware that the only sure way to secure the data is by grinding the hard drives (HDD for my purpose, but for the sake of a more useful reference, if there's any difference for an SSD I'd like to know that too) into a fine powder, but how 'good enough' is it? If it's not good enough, is there an alternative that leaves the hardware intact that is functionally good enough, assuming that incredibly powerful people don't want my data, who'd just break out the pliers and get it anyway.
I don't have any particular threat model - I'm talking about handing over the hardware and never looking at it again, and honestly don't know how to construct a threat model. There would be legal ramifications if the data could be recovered, if that helps address the "how worried are you" kind of question in the comments.
Extra points that I'm interested in, but are tangentially related to the question so aren't required for an answer is; what other issues am I likely to run into if I were to give/sell these computers on? (My organisation owns the computers and the licences for Windows, and would like to offer them to employees once we're done with them). I believe there's an issue with transferring the Windows licence, for example.
105 Answers
Create a DBAN USB or CD and wipe the drive. This utility is designed to wipe a hard drive by overwriting it. DBAN only works on hard disk drives (HDD), not solid state drives (SSD).
You do not need to do a multipass wipe. A single pass is all you need to prevent others from reading your drive. The 7 pass wipe is a myth that still persists to this day.
Reinstalling Windows can overwrite some, none, or all of the data. Creating a simple DBAN boot disk and using it mitigates all the risk.
As for the Windows licenses, if the license came bundled with the computer, or were bought individually, they can be given to someone else. You can always call Microsoft to confirm the validity of selling a license.
8After Windows format and clean re installation of the OS overwrite all free space using the cypher command using the command prompt.
cipher /w:F
F would be the drive letter of the system volume which is usually C
Nothing can be recovered now, by anyone.
0To answer your initial question first; you are not safe by just reinstalling Windows, since you cannot guarantee that the data in question will be overwritten.
You may want to overwrite the (deleted) sensitive data using one of some available options;
You can use the DiskPart command - Clean All - but make sure that you know what disk you are working with.
You can (after deleting the sensitive data) use the Cipher command with the /W option.
You can also make yourself a simple BAT file or two - a couple of samples below;
One additional comment: If you wipe the disk/data 2-3 times, thereby alter the magnetic patterns beyond recognition, then even 'incredibly powerful people' will not be able to recover the data.
---
@echo off
rem Simple Disk Wipe Utility - wipedfast.bat
rem ---
rem --- 1) Delete all unwanted content from disk, leaving possibly only the command interpreter to run this script.
rem --- 2) Delete content from trashcan/recycled, if any.
rem --- 3) Run this script until it reports file system full.
rem --- 4) Delete WASH*.TMP files on each drive to reclaim space or to rerun utility.
rem --- Do this for all file systems/drives (C:, D:) on system, at least a couple of times.
rem ---
echo Grow file system test (fast / large increments - less secure). See comments in script file.
echo To be done for each drive (C:, D:) on system.
echo Abort with Ctrl-C when disk full and delete WASH-files
echo - Ideally run wipedfast.bat first - then wiped.bat when disk full - before deleting WASH-files.
pause
echo abcdefghijklmnopqrstuvwxyz0987654321ABCDEFGHIJKLMNOPQRSTUVWXYZ > wash_a.tmp
copy wash_a.tmp wash_b.tmp
:start
copy wash_a.tmp+wash_b.tmp wash_c.tmp
del wash_a.tmp
del wash_b.tmp
copy wash_c.tmp wash_a.tmp
ren wash_c.tmp wash_b.tmp
goto start
---
@echo off
rem Simple Disk Wipe Utility - wiped.bat
rem ---
rem --- 1) Delete all unwanted content from disk, leaving possibly only the command interpreter to run this script.
rem --- 2) Delete content from trashcan/recycled, if any.
rem --- 3) Run this script until it reports file system full.
rem --- 4) Delete WASH*.TMP files on each drive to reclaim space or to rerun utility.
rem --- Do this for all file systems/drives (C:, D:) on system, at least a couple of times.
rem ---
echo Wipe file system (slow / small increments - most secure). See comments in script file.
echo To be done for each drive (C:, D:) on system.
echo Abort with Ctrl-C when disk full and delete WASH-files.
echo - Ideally run wipedfast.bat first - then wiped.bat when disk full - before deleting WASH-files.
pause
echo abcdefghijklmnopqrstuvwxyz0987654321ABCDEFGHIJKLMNOPQRSTUVWXYZ > wash_a.tmp
copy wash_a.tmp wash_b.tmp
:start
copy wash_a.tmp+wash_b.tmp wash_c.tmp
del wash_b.tmp
ren wash_c.tmp wash_b.tmp
goto startSimply wiping the data (and overwriting it with random junk/zeroes) and installing a new windows is probably safe enough for you. At that point, any recovery of the old data will require the disk to be a HDD, physical access to the disk, really specialized forensic levels of knowledge, and important people caring a great deal about it.
If that's not safe enough, you need the fine powder method. I'd say it probably isn't, since we're talking cold war state secret levels of security.
If it's that important to you, you probably wouldn't post this question that'll save you a couple hundred bucks, because the security of this level doesn't care about money.
The one thing overlooked here, is the cheapness of hard drives.
If the data is truly sensitive, I have seen 2TB hard drives for $54-$65 online. You are likely to find cheaper 1tb hdd. If you want to sell them adding approx $60 for another hdd shouldn't be a barrier. Also the person purchasing it gets a new hard drive, possibly increasing it over all appeal.
If each computer has a license key sticker, you can verify it from microsoft. Re-install windows with that key. If your company has a KMS server it has a different key.
2
