Before I get into it, I want to address this right off the bat. Too many people approach security issues with a "why bother" attitude. That sort of attitude will only come back to bite you in the end. Never EVER approach a security issue assuming that another person "will never figure it out", or "what are the chances someone will find this?", because eventually you will lose. You might get lucky and never have an issue, but real security does not rely on luck. The consequences of not protecting yourself FAR outweigh the "hassle". Once you see how easy it is to get real security, you won't have an excuse not to use it.
The whole time you've had your computer you've been generating all sorts of data on it; saved games, financial information, passwords, family pictures, etc... Now you have a new computer (or even just a new hard drive) -- and it's time to get rid of the old one.
But what about all of that data? You want to remove it in a way that makes sure the new owner (or someone who picks it out of the garbage) can't get to it. Your first thought might be to delete the files by moving them to the Recycle Bin, then emptying it. Your second thought might be to format the drive. If you only do either of those (or both), you just failed "Security 101".
The problem is that deleting files from a hard disk does not delete the data itself, just the entry in the table of contents. It's like crossing your name out of the phone book -- it doesn't actually knock down your house. Formatting is similar, except instead of crossing out one name, you are making a new, blank, phone book. Doing that doesn't actually destroy the whole city. Most people don't know this, and some simple experiments on drives bought from eBay have turned up interesting results.
The fix for this problem is to wipe the free space on the drive. The empty space on the drive needs to be overwritten with other data, so even a detailed analysis cannot recover it. This can be more tricky than it sounds because there are systems on the computer that could get in the way, such as disk caching. Fortunately there are programs already out there that handle this for you, and they're free and easy to use. The only real effort needed is to wait for them to finish running, because the process can take a few hours.
I'm going to go over 2 different tools you can use for this, but you only need to choose one. Using both will just waste your time -- you won't gain any additional security from it. The tools are Sysinternals "sdelete", and Eraser. "sdelete" is a command line tool, but I feel that it's easier to use then eraser, so don't let that scare you away! "Eraser" is more full-featured, lets you schedule tasks, integrates with the shell, etc... but for a one-time wipe, it might be more than you need.
A word of caution: The process I am describing will wipe out the FREE (empty) space on the drive. It does not destroy data that you have not already deleted. However, each of these tools also has the capability to destroy your real data, so don't mess around unless you know what you are doing. Once you do this, you will not be able to "undelete" anything by using an "undelete" program. This procedure will NOT destroy data stored in Vista "Previous Versions".
This process is a very disk intensive process. It may slow down your system while it's running, and you should not run other disk intensive processes at the same time, such as an anti-virus/spyware scan, large zipping/unzipping of files, etc... Doing so will drastically slow down both processes, and could potentially overheat your disk drive.
then press [Enter]
sdelete -z -p 3 c:
The "-p 3" tells sdelete to run 3 passes. You can change this amount if you want (I usually use 1 pass), but 3 should be more than enough.
If you used "sdelete" above, you do NOT need to use Eraser.
Recent versions of Windows have a built-in command that can also wipe free space, "cipher".
To wipe free space using "cipher":
where "X" is the driver letter you want to wipe.