Data erasure is a method of software-based overwriting that completely destroys all electronic data residing on a hard drive or other digital media. Permanent data erasure goes beyond basic file deletion commands, which only remove direct pointers to data disk sectors and make data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the disk unusable, data erasure removes all information while leaving the disk operable, preserving assets and the environment.
Software-based overwriting uses a software application to write patterns of meaningless data onto each of a hard drive's sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill, identity theft and failure to achieve regulatory compliance. Data erasure also provides multiple overwrites so that it supports recognized government and industry standards. It provides verification of data removal, which is necessary for meeting certain standards.
To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking protection method that is a less time-consuming than encryption.
Importance
nformation technology (IT) assets commonly hold large volumes of confidential data. Social security numbers, credit card numbers, bank details, medical history and classified information are often stored on computer hard drives or
servers and can inadvertently or intentionally make their way onto other media such as printer,
USB,
flash,
Zip,
Jaz, and
REV drives.
Data breach
Increased storage of sensitive data, combined with rapid technological change and the shorter lifespan of IT assets, has driven the need for permanent data erasure of electronic devices as they are retired or refurbished. Also, compromised networks and
laptop theft and loss, as well as that of other portable media, are increasingly common sources of data breaches. If data erasure does not occur when a disk is retired or lost, an organization or user faces that possibility that data will be stolen and compromised, leading to identity theft, loss of corporate reputation, threats to regulatory compliance and financial impacts. Companies have spent nearly $5 million on average to recover when corporate data was lost or stolen.
Regulatory compliance
Strict industry standards and government regulations are in place that force organizations to mitigate the risk of unauthorized exposure of confidential corporate and government data. These regulations include
HIPAA (Health Insurance Portability and Accountability Act);
FACTA (The Fair and Accurate Credit Transactions Act of 2003); GLB (
Gramm-Leach Bliley);
Sarbanes-Oxley Act (SOx); and Payment Card Industry Data Security Standards (
PCI DSS). Failure to comply can result in fines and damage to company reputation, as well as civil and criminal liability.
Preserving assets and the environment
Data erasure offers an alternative to physical destruction and degaussing for secure removal of all disk data. Physical destruction and degaussing destroy the digital media, requiring its disposal and contributing to
electronic waste while negatively impacting the
carbon footprint of individuals and companies.
[2] Data erasure allows secure disposal of obsolete equipment and preserves the potential to refurbish a computer for future use, protecting viable IT assets.
Differentiators
Software-based data erasure uses a special application to write a combination of 1's and 0's onto each hard drive sector. The level of security depends on the number of times the entire hard drive is written over.
Full disk overwriting
There are many overwriting programs, but data erasure offers complete security by destroying data on all areas of a hard drive. Disk overwriting programs that cannot access the entire hard drive, including hidden/locked areas like the host protected area (HPA), device configuration overlay (DCO), and remapped sectors, perform an incomplete erasure, leaving some of the data intact. By accessing the entire hard drive, data erasure eliminates the risk of data remanence.
Data erasure also bypasses the BIOS and OS. Overwriting programs that operate through the BIOS and OS will not always perform a complete erasure due to altered or corrupted BIOS data and may report back a complete and successful erasure even if they do not access the entire hard disk, leaving data accessible.
Hardware support
Data erasure can be deployed over a network to target multiple
PCs rather than having to erase each one sequentially. In contrast with
DOS-based overwriting programs that may not detect all network hardware,
Linux-based data erasure software supports high-end server and
storage area network (SAN) environments with hardware support for
Serial ATA,
Serial Attached SCSI (SAS) and
Fiber Channel disks and remapped sectors. It operates directly with sector sizes such as 520, 524, and 528, removing the need to first reformat back to 512 sector size.
Standards
Many government and industry standards exist for software-based overwriting that removes data. A key factor in meeting these standards is the number of times the data is overwritten. Also, some standards require a method to verify that all data has been removed from the entire hard drive and to view the overwrite pattern. Complete data erasure should account for hidden areas, typically DCO, HPA and remapped sectors.
The 1995 edition of the National Industrial Security Program Operating Manual (DoD 5220.22-M) permitted the use of overwriting techniques to sanitize some types of media by writing all addressable locations with a character, its complement, and then a random character. This provision was removed in a 2001 change to the manual and was never permitted for Top Secret media, but it is still listed as a technique by many offerors of data erasure software.
Data erasure software should provide the user with a validation certificate indicating that the overwriting procedure was completed properly. Data erasure software should also comply with requirements to erase hidden areas, provide a defects log list, and list bad sectors that could not be overwritten.
Overwriting Standard | Date | Overwriting Rounds | Pattern | Notes |
NIST SP-800-88 [1] | 2006 | 1 | Unspecified |
|
NSA/CSS Policy Manual 9-12 [2] | 2006 | not approved |
| Degauss or destroy |
U.S. National Industrial Security Program Operating Manual (DoD 5220.22-M)[3] | 2006 |
|
| not specified |
U.S. DoD Unclassified Computer Hard Drive Disposition [4] | 2001 | 3 | A character, its complement, another pattern |
U.S. Navy Staff Office Publication NAVSO P-5239-26[5] | 1993 | 3 | A character, its complement, random | Verification is mandatory |
U.S. Air Force System Security Instruction 5020 [6] | 1996 | 4 | All 0's, all 1's, any character | Verification is mandatory |
British HMG Infosec Standard 5, Baseline Standard |
| 1 | All 0's | Verification is optional |
British HMG Infosec Standard 5, Enhanced Standard |
| 3 | All 0's, all 1's, random | Verification is mandatory |
Communications Security Establishment Canada ITSG-06 [7] | 2006 | 3 | All 1's or 0's, its complement, a pseudo-random pattern | For unclassified media |
German Federal Office for Information Security [8] | 2004 | 2-3 | Non-uniform pattern, its complement |
|
Australian Government ICT Security Manual [9] | 2008 | 1 | Unspecified | Degauss or destroy Top Secret media |
New Zealand Government Communications Security Bureau NZSIT 402 [10] | 2008 | 1 | Unspecified | For data up to Confidential |
Peter Gutmann's Algorithm | 1996 | Up to 35 |
| Originally intended for MFM and RLL disks, which are now obsolete |
Bruce Schneier's Algorithm[3] | 1996 | 7 | All 1's, all 0's, pseudo-random sequence five times |
|
Data can sometimes be recovered from a broken hard drive. However, if the platters on a hard drive are damaged, such as by drilling a hole through the drive (and the platters inside), then data can only be recovered by bit-by-bit analysis of each platter with advanced forensic technology. Seagate is the only company in the world to have credibly claimed such technology, although some governments may also be able to do this.
Number of overwrites needed
Data on floppy disks can sometimes be recovered by forensic analysis even after the disks have been overwritten once with zeros (or random zeros and ones). This is not the case with modern hard drives. The bits on modern drives are so small that deviation of tracks between writes cannot be discerned by any means[citation needed].
According to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[4]
According to the Center for Magnetic Recording Research, "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."[5] "Secure erase" is a utility built into modern ATA hard drives that overwrites all data on a disk, including remapped (error) sectors.
Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required