Proper Ways to Destroy Private Data and Sanitize Hard Drives

To continue this week’s security focus, today we’re going to talk about how to securely delete sensitive data off of old hard drives. All businesses must make it a top priority to protect their customer’s private information because in many states, the data they store becomes their liability if mishandled. There is a proper way to sanitize hard drives that significantly reduces your liability if there is a policy in place to address data destruction and the company follows it to a T.

This guide will focus on properly handling and sanitizing data on magnetic hard disk drives.

How Data is Stored and Removed

First, let’s take a brief look at how media is stored on a hard drive:

• Data is written on a series of metal platters using a strong magnetic field
• Data is not always stored contiguously (a process called fragmentation)
• A Table of Contents entry is written to tell the drive where the actual data is stored (allowing for faster access times)

Next, let’s take a brief look at what happens when you delete a file:

• The Table of Contents entry is removed
• The actual data is not touched
• Logically, the drive does not see the data if there is no Table of Contents to tell it where to find the data
• Physically, the data still exists in its entirety, but is listed as “free space”

The Problem: Data is Recoverable

Even after years of normal operation, data which is deleted is not always overwritten. Overwriting the file is the only condition that will physically remove a file, but this can also be difficult because there are still magnetic traces of a file even after you have physically overwritten it on the disk. Special tools can be used to recover the actual binary data off of the drive, which could allow partial or full access a particular set of files.

This can be nice for someone who accidentally deletes a critical file, but not so much when you think you deleted a file that contains a customer’s or your own private data.

How to Securely Remove or Sanitize Data on a Hard Drive

The key difference between the terms “securely removing” and “sanitization” is very important to note:

• Securely Removing: removes data to the point where it is extremely unlikely that a particular bit of information could successfully retrieved
• Sanitization: removes any possibility of any data of any kind is retrieved.

Note: United States Department of Defense Data Destruction Standards have Changed!

Although methods will be discussed in a few paragraphs, it is important for you to note that the US DoD no longer allows for hard drives which have stored classified data to survive in an unclassified environment.

Securely Remove Data

The previous Department of Defense standards for data destruction specified standards for securely removing data from a hard drive without physically destroying the drive and which would allow for normal operation in an unclassified environment after holding classified data. This specification defines a secure removal as one which overwrites the entire contents of a hard drive with random cypto key patterns and repeats this overwrite process 7 times.

While a trained expert with very specialized equipment might be able to recover bits and pieces of data, this level of secure removal provides enough protection from recovery for most types of information stored on a hard drive.

There is also a process that overwrites an entire hard drive randomly 35 times, which provides even more protection from potential prying eyes. The determination must be made by your organization as to how sensitive your data is, how likely the possibility of exposure is, and how much information could be exposed if an attacker did gain access to it.

Sanitize Hard Disks

The NIST and DoD are now requiring that hard drives which have held classified information be physically destroyed or degaussed. Drives can be physically destroyed or degaussed one of the following ways:

• Shredded
• Degaussed using an NSA-certified degausser
• Incinerated

Whether it is necessary to physically destroy or degauss your hard drive depends on your organization’s specific needs. If the risk is not there or you do not store information that is extremely sensitive, you should be okay to use either the 7 or 35 overwrite methods.

Software to Use

Eraser is a program I have been using recently that is free and open source (GNU Public License). It is capable of the DoD (former standard) 7 overwrite algorithm, the 35 overwrite algorithm, as well as a few others. It has worked very well for me over the last few months and I have been very impressed with it.