Data Destruction Methods

---

Data destruction and disposal refer to either destroying or decommissioning data storage media.

• prominent as organizations repurpose and recycle their old computers
• if media device is being repurposed or recycled, then data must be sanitized

Sanitization is the process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.

When selecting an appropriate sanitization method, you need to understand:

• the degree to which data on different media types may be recoverable
• likelihood that a threat actor might attempt such recovery

Important

Data from a file “deleted” from a disk is not erased.

• the HDD sector or SSD block is marked as available for writing
• information contained at that storage location will only be removed when new file data is written
• using the OS standard formatting tool to delete partitions and write a new file system will only remove references to files and mark all sectors as useable
• deleted information from a hard drive could be recovered relatively easily
• Recovery from SSDs requires specialist tools but is still a risk

Erasing/Wiping

Disk erasing/wiping software ensures that old data is destroyed by writing to each location on a hard disk drive, either using zeroes or in a random pattern.

• leaves the disk in a “clean” state
• overwriting method is suitable for all but the most confidential data
• time-consuming and requires special software
• does not work reliably with SSDs

Low Level Format

Most disk vendors supply low level format tools to reset a disk to its factory condition.

Low level format: Using a vendor tool to fully erase storage media before recycling or repurposing, minimizing the risk of leaving persistent data remnants.

• typical functions:
  • Secure Erase (SE) performs zero-filling on HDDs and marks all blocks as empty on SSDs.
    • SSD firmware’s automatic garbage collectors then perform the actual erase of each block over time
    • If this process is not completed (and there is no progress indicator), there is a risk of remnant recovery, though this requires removing the chips from the device to analyze them in specialist hardware
  • Instant Secure Erase (ISE)/Crypto Erase uses the capabilities of self-encrypting drives (SEDs) as a reliable sanitization method for both HDDs and SSDs.
    • SED encrypts all its contents by using a media encryption key (MEK)
    • Crypto Erase destroys this key, rendering the encrypted data unrecoverable

Info

If the device firmware does not support encryption, using a software disk-encryption product and then destroying the key and using SE should be sufficient for most confidentiality requirements.