How to Erase Any Drive -- Even SSDs -- in 2016
There are easier and safer methods for erasing hard drives - including SSDs - than 10 years ago. Windows has two easy methods and Mac OS X has another. They are built into the operating system and are free to use. Also included here is another method for regulated industries or frequent erasures.
SSDs - now the standard in industrial systems - are a little different. Because of the Flash Translation Layer (FTL) the OS does not know where the data is physically. As a result the Mac's "Secure Empty Trash" command has been removed because it can not be sure that the data has actually been erased. The easy workaround for SSDs is to encrypt, reformat, and re-encrypt, which is described below.
Secure Erase
Delete does not delete the data. All that delete does is erase the file's reference information in the disk directory, marking the blocks as free for reuse. The data is still there, even though the OS can not see it. That is what "file recovery" programs look for: data in blocks that the directory says aren't in use.
The Secure Erase command built in to the ATA standard overwrites every track on the disk - including bad blocks, the data left at the end of partly overwritten blocks, directories, everything. There is no data recovery from Secure Erase.
Secure Erase is sometimes difficult to use because it has been disabled in the BIOS, but there are other ways to achieve data security.
Encrypt, Reformat and Encrypt Again.
Full disk encryption is built into Windows (Vista, 7, 8, & 10) and Mac OS X. These operating systems will work on any attached drive. However the Windows encryption tool - BitLocker - usually requires a system with a TPM (Trusted Platform Module) chip. If the system does not have TPM module, it will not be able to access BitLocker or will generate an error message. (This varies with Windows releases and versions).
Windows
To run BitLocker, go to the Control Panel, click System and Security and then click on BitLocker Drive Encryption. Select the drive and start the process. Encryption will take a few hours on a large disk, but the system can still be used while encryption completes.
If BitLocker cannot be used, the drive can still be erased by performing a standard - NOT quick - format of the drive. From Control Panel, click Computer Management, click Storage, then Disk Management, then the drive to erase. Right click on the disk, choose New Simple Volume, and let the wizard guide you until you get to the Format window. Make sure that Perform a quick format is NOT checked.
A standard format overwrites the entire drive and on a hard drive will again take a few hours. If a hard drive format takes less than a minute, go back and make sure a standard format has been slected.
MAC OS
The Mac OS FileVault 2 (10.7 and later) function is accessed from System Preferences>Security & Privacy>FileVault. Choose Turn On FileVault, select a password option, enable any other accounts - in this case none - and click Restart. The encryption process will begin and like Windows will take some hours for a large drive.
Encrypted – Next Step
After the drives are encrypted, they can now be reformated as a new drive and encrypted again. Since the drive is now empty, the second encryption will be much faster.
The second encryption ensures the first encryption key - which is usually kept on the drive - is overwritten. A zealous decrypter could recover the key and decrypt the data. With the second encryption only the second key can be recovered and since the older data is also encrypted still cannot be read.
Wiping that has Legal Requirements
In a regulated industry - such as health care or finance - with a regulatory or fiduciary responsibility for data protection, the foregoing will protect the data, but may not protect against claims for mishandled data. For that something stronger is required.
For this type of security, something like the StarTech Standalone Eraser Dock is required. It will invoke the ATA Secure Erase function and print a receipt to document the fact. Since the Secure Erase option is NIST approved and better than the DOD requirement, it gives strong legal protection. It does however, require removing the drives from their enclosures.
A faster option is to physically distroy the drive's disk platters. Few players will attempt a recovery from a physically damaged drive.