Securely erase physical drives with dban and Hyper-V

I’m writing this between jobs – I’ve left BlueMetal, and haven’t started at Microsoft yet. I’m using this time to do a deep clean on my home office, and I’ve come across a number of hard drives that need disposal. But how to do so securely, so data can’t be recovered? And how can I hit a budget goal of, say, zero?

This article from ZDNet offers three options: one software (Darik’s Boot and Nuke – dban), one hardware (Wiebetech’s Drive eRazer Ultra), and one brute force (drive a nail through the platters). The hardware solution would be perfect if I did this every week, but it’s kind of expensive and this isn’t something I’ll use very often. The brute force solution might be good if I had a lot of pent up aggression, but it physically destroys the drive. That leaves the software approach, and a bunch of people recommended dban. But they recommend running it on a dedicated machine because by default it wipes out all connected hard drives and it’s easy to accidentally wipe out everything.

So I had the idea of using Hyper-V, my favorite virtualization tool that’s built into Windows 10 (Enterprise, Professional, or Education editions). Virtualization provides a safe sandbox to run dban, and I can run it in the background on my existing PC.

Here are the steps:

  1. Download the dban ISO file from its home on SourceForge.
    Save the ISO file wherever you like to create virtual machines.
  2. Find the drive you want to erase, and connect it via a USB adapter. I have an earlier generation of this adapter, which accepts any 2.5″ or 3.5″ SATA drive, and it works well in this situation.
  3. In Windows 10, open the Start menu and type diskmgr to open the Disk Management tool. Find the USB drive you want to clear and, on the left, right-click and select “offline” to take the drive offline.dbanHyperV5
  4. Ensure Hyper-V is working on your host computer. Here is an article if you need help.  I’d imagine this will work with other virtualization tools as well, so long as they let you access a physical drive.
  5. Under Actions in the Hyper-V Manager, select New -> Virtual Machine. Give your VM a name and choose its location, then click next.dbanHyperV1
  6. Select “Generation 1” and then click NextdbanHyperV2
  7. You probably don’t need much memory; I used 1GB with Dynamic Memory disabled. Overkill I’m sure!dbanHyperV3
  8. Click Finish to complete creating the VM. Then select the new VM and click Settings. Apply the following settings:(a) Select the radio button for Physical Hard Drive and choose the offline USB drive
    (b) Find the DVD Drive and set its location to the dban image you downloaded earlier
    (c) Set the BIOS to boot from CD

    When you’re done, you’ll have two drives in your VM as shown below: the physical drive to be wiped, and the dban ISO.


  9. Start your VM. dban will run and will eventually find your USB drive. Follow the prompts to erase the drive, keeping in mind it may take a long time (days for a multi-terabyte drive to do full DoD data removal.) This article has detailed instructions for using dban.dbanHyperV6

The best part

Did I mention this could take days to run? Maybe you don’t want to keep your computer going for days; perhaps you need to reboot  or power down.  No worries! Just right-click on the Hyper-V VM and click “Save”. When it’s saved, you can disconnect the drive, shut down your PC, and move on. Later, simply reverse the steps: ensure the drive is connected, then restart the VM and it will pick right up where it left off. Try that with a physical machine!

I hope this is helpful to Hyper-V users out there, and that everyone I work with knows I take data protection seriously! Thanks!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s