how to prepare a Thinkpad for sale?


Recommended Posts

A normal format (as opposed to a quick format) should be fine for general cases.

If you know the manufacturer of your SSD, you can probably find a tool on their site that performs a more secure formatting option.

And if the information on the drive is really sensitive - for example, Government or company information - then you should sell the laptop without the SSD, and physically destroy the drive.

All data is just 0's and 1's, so if you do a secure format to make everything a 0, the data is impossible to recover.  There's plenty of safe ways to perform a secure format.
I assume you can do that format with a bootable USB key.  Or if you can pop out the SSD, connect it to another PC to format it, that's easier yet.  Load a fresh copy of Windows on it, and then you're good to go.

On 11/01/2024 at 12:37, Nick H. said:

A normal format (as opposed to a quick format) should be fine for general cases.

If you know the manufacturer of your SSD, you can probably find a tool on their site that performs a more secure formatting option.

And if the information on the drive is really sensitive - for example, Government or company information - then you should sell the laptop without the SSD, and physically destroy the drive.

As far as I know, with SSDs there's no need to format them overwriting data, a quick format plus trim command (TRIM/UNMAP) would be enough to render the previous data unrecoverable; assuming the SSD supports trimming and its implementation works. The secure erase commands most drives support is also a quick way of achieving similar effects, e.g. erasing/changing the encryption key on self-encrypting drives. On mechanical hard drives yes, overwriting each sector is required (at least once), and some governments even have standards that dictate how many passes and patterns to use. Hell, some even require specific tools to be used for auditability and compliance or, physically destroying the drives like you mentioned.

On personal devices, I have never worried about it to be honest, single random pass on mechanical drives and trimming SSDs is enough for me, perhaps examining some sectors to see what's there afterwards for confirmation, but I don't think I've ever done that more than once or twice. Replacing the drive before selling it would certainly quench any privacy concerns of course 😅

 

On 11/01/2024 at 15:10, Astra.Xtreme said:

All data is just 0's and 1's, so if you do a secure format to make everything a 0, the data is impossible to recover.

Not necessarily, on mechanical disks and with specialized equipment (think data recovery or forensics company) residual magnetic patterns on the platters may lead to (partial) recovery of previous data, that's why protocols on secure data deletion include several passes. Still, they are costly and complex procedures, a full drive write should be impossible to recover with software alone so it's good enough for me. There may also be similar procedures when it comes to solid state drives, but I am not versed in those, and they would certainly involve chip-offs and a whole lot of expertise.

On 11/01/2024 at 08:41, aphanic said:

Not necessarily, on mechanical disks and with specialized equipment (think data recovery or forensics company) residual magnetic patterns on the platters may lead to (partial) recovery of previous data, that's why protocols on secure data deletion include several passes. Still, they are costly and complex procedures, a full drive write should be impossible to recover with software alone so it's good enough for me. There may also be similar procedures when it comes to solid state drives, but I am not versed in those, and they would certainly involve chip-offs and a whole lot of expertise.

That could be potentially true for mechanical HDDs, but since he mentioned his laptop has a SSD, I figured it wasn't worth mentioning.

Even a simple data format will probably prevent a software recovery program from being able to retrieve the data.
What you don't want to do is use the existing Windows install, throw all your files in the Recycle Bin, clear the bin and then sell off the PC. Then it's not too difficult for somebody to revive the files.  As you mentioned, a single pass and fresh Windows install is prefectly fine.

If he has nuke codes or secret intelligence on it, and thinks the FBI is going to purchase it, then yeah I guess that's a different story, haha.

On 11/01/2024 at 09:41, aphanic said:

Not necessarily, on mechanical disks and with specialized equipment (think data recovery or forensics company) residual magnetic patterns on the platters may lead to (partial) recovery of previous data, that's why protocols on secure data deletion include several passes. Still, they are costly and complex procedures, a full drive write should be impossible to recover with software alone so it's good enough for me. There may also be similar procedures when it comes to solid state drives, but I am not versed in those, and they would certainly involve chip-offs and a whole lot of expertise.

That was true for older Hard disks, modern ones the magnetic flux is so hard to impossible to read recovering data is virtually impossible because of how the bits are laid and how close together they are, the write heads don't have as much "wiggle" room as the old days where you could do that stuff. even now days NIST says a single random pass is enough to make it unrecoverable again, way down from their old DoD requirement with older drives

Hello,

Depending upon the age/model of the ThinkPad, you can look at using the ThinkPad Drive Erase Utility or the Secure Wipe function in the BIOS (UEFI) firmware to perform a wipe of the drive prior to reinstalling Windows on it from the factory recovery media.

Regards,

Aryeh Goretsky
 

I would do 'Secure Erase' as it will probably only take a few seconds on a SSD but should work since from what I read it wipes the drives internal encryption key as while it does not actually overwrite the drive but it's like it was overwritten since the key has changed. so basically all previous data written to the drive is unreadable.

p.s. like Goretsky said, some newer ones might have a option in the bios to make it easier. if not, there are ways to do it using software from the SSD manufacturer or with Linux's 'hdparm' which is a bit more complicated.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.