I always wanted to write about secure data deletion (or data sanitization), especially when we read news on sensitive data (e.g Credit card numbers) been collected from 2nd hand harddisks and discarded system.
Many people thought that when they empty their "Recycle Bin" in their system, all the data are totally lost and cannot be recovered. The data was only not accessable by the OS but it can be easily recovered using Data recovery software (easily found in the Internet). When you empty the recycle bin, the data was still on the physical harddisk. The data were not "erased", only mark as "overwritable" by the OS and will only be over-written when new data need to be saved in the Harddisk.
Method of Secure Deletion
- Overwriting
It is the most common way of securely deleting data these days. It is commonly known as data wiping. Basically, this method simply overwrite the data with a pattern of all zeros or ones.
But as more and more advanced data recovery and forsenic methods used, simply overwriting with ones or zeros was not effective. More patterns of overwriting were used. Beside the alternating patterns of using ones and zeros, patterns uses the complement, bitwise inverse and NOT of the existing data were also used.The Gutmann method, which uses 35 patterns to overwrite data.
The more patterns you used, the more secure the deletion will be. But more time will also be needed to complete the "deletion" as the system need to overwrite the same amount of data the number of times (patterns).
Previously, overwriting is a DoD (US Department of Defense) acceptable method of secure deletion for magnetic media. DoD 7 passes (patterns) method was widely followed as a best practise. But due to the problem of media degration and errors, overwriting on some areas of the media may not be possible. On Nov 2007, overwriting is no longer accepted as a D0D secure deletion method. Only degaussing or physical destruction is acceptable.
Note:
To recommend a program to securely delete a harddisk, i will recommend DBAN (Darik's Boot and Nuke). It is an freeware (based on open source project), which supports DoD 7 passes and Gutmann method. It can be boot up from floppy, CD or flashdrive. It can also work on IDE, SCSI and SATA harddisk.
- Degaussing
It uses magnetic field that makes the data in the magnetic media to be unreadable. Degaussed harddisks are normally not operational as the magnetic field will erase the low-level formatting(servo control data) that is created during manufacturing.
- Physical Destruction
Physically breaking the media is the most straight forward way of destroying the data. But in order to securely destroying the data, grinding and shredding should be properly carried out. Incinerating of the media can also be used as a way to physically destroying of data.
Using of corrosive chemical, such as acids, can also be used.
- Encryption
With FDE (Full Disk Encryption) harddisk getting popular in the market, encryption became the fastest and probably the easiest way of securely "delete" all the data in a harddisk.
Basically how it works is that since the harddisk is fully encryption, by simply "overwriting" (secure delete) the decryption key, it is almost "impossible" to recover any data from the harddisk. The time taken to overwrite the decryption key is much faster than overwrite the whole harddisk.
Some recommended software (Overwriting):
- Eraser is a secure data removal tool for Windows. It supports DoD 3/7 passes and Gutmann method. It can also be scheduled to securely delete files/folders.
- Darik's Boot and Nuke is used for secure deletion of the whole harddisk. It is an freeware (based on open source project), which supports DoD 3/7 passes and Gutmann method. It can be boot up from floppy, CD or flashdrive. It can also work on IDE, SCSI and SATA harddisk.
Sunday, April 6, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment