The amount of data we store continues to grow. Where in the past everything was written on magnetic media, this is no longer the case. In addition to the traditional hard drive, we increasingly use SSD's, USB drives, memory cards, mobile phones, etc.
This makes it necessary to rethink how the information on data carriers should be erased before they leave the organization.
To select the right method of data destruction it is important to consider a number of things; Where does the data carrier go and what security classification does the information have on the data carrier? A data carrier with low risk information that
stays within the organization can be handled differently than a carrier with sensitive information leaving the organization. The following flow chart is taken from the National Institute of Standards and Technology "Guidelines for Media Sanitization"
NIST SP 800-88 rev-1. A more practical example of a
data security policy and classification in risks
can be found on the Stanford University website.
Hard disk drive sanitization
To ensure that no data fragments remain on a hard disk when reused, appropriate measures must be taken. Simply formatting a hard drive is not sufficient to permanently delete all data. There are a large number of different Erase standards, such as
the DoD 5220.22-M, CSEC ITSG-06,
RCMP TSSIT OPS-2, Secure Erase, etc. To ensure that all data has been permanently removed, our Erasers offer the following
safe erase methods:
- DoD Erase
This method complies with the security specification 5220.22M for data removal from U.S. Department of Defense. The 5220.22M data sanitization standard for overwriting a
hard disk means; three times per bit completely overwrite and then verify once (check for result). In addition, the overwrite patterns can be adjusted and a random pattern can be used to improve data security.
- 7x Erase
Fully complies with the security specification 5220.22M for data sanitization from the US Department of Defense but adds 7 times override to improve security. This method
is the same as the RCMP TSSIT OPS-II standard.
- Secure Erase
The secure erase method conforms to the NIST 800-88 (rev1) Guidelines for Media Sanitization
and uses the hardware instructions from the hard disk controller to completely overwrite all data, including the data area, HPA / DOS hidden area and other empty areas. This international standard can be used together with the U-Reach Multi-Core Transfer
Technology. This makes it possible to simultaneously overwrite up to a hunderd drives.
Solid state drive sanitization
Securly erasing a SSD (Solid State Drive) is a lot more complex than it seems to be. The reason for this lies in the way in which flash memory is controlled. Traditional magnetic media writes information to a physical location, an LBA
(Logical Block Address). Flash media writes data via an FTL (Flash Translation Layer). As a result, when a file is overwritten, the information always enters a different location in the physical memory. There for it may be concluded that
traditional overwriting does not work with flash media. A deeper technical analysis can be found in
"Reliably Erasing Data From Flash-Based Solid State Drives" and
"Destroying Memory-Based Storage Devices".
To overcome this, it is possible to delete a SSD via the ATA Secure Erase command. A big drawback, however, is that not all manufacturers have implemented this command correctly. It is also not possible
to check the overwriting result since the physical sectors cannot be directly addressed. The sanitization of SSD's is therefore only usable for data carriers with a low security rating or where data encryption has been used. More background information
can be found in "SAFE: Fast Verifiable Sanitization for SSD's".
Flash Media sanitization
This not only applies to erasing SSD media but also to flash media (USB sticks, memory cards). For reuse within your own organization or the disposal of cards that only contain material with a low security classification, it can be effective
to overwrite flash media. Use of encryption on flash media makes it possible to safely remove all data. Any remaining data fragments are, after all, unusable without the right key.
To erase data, video and audio tapes, you can use of your tape playback / recording equipment. However, this is a lengthy process with the annoying side effect that magnetic distortion occurs. The only effective method is to use a
NIST SP 800-88
Language: EN - File: 0,4 MB
NIST SP 800-88 revisie 1
Language: EN - File: 0,5 MB
Reliably Erasing Data From Flash-Based Solid State Drives
Language: EN - File: 1,9 MB
Destroying Memory-Based Storage Devices
Language: EN - File: 0,2 MB
SAFE: Fast Verifiable Sanitization for SSD's
Language: EN - File: 1,1 MB
Examination of Data Erasure Tools and Methods
Language: EN - File: 21,0 MB
NSA/CSS Storage Device Sanitization Manual
Language: EN - File: 0,2 MB
Data Reconstruction from a Hard Disk Drive using Magnetic Force Microscopy
Language: EN - File: 2,1 MB