This post gives some hints about how to erase a storage device securely. That means that data that was stored in the past on that device cannot be retrieved by any mean.
Deletion Types
Erasing is the deletion of files or media and may not include all of the data in the media.
Clearing describes preparing media for reuse.
Purging is removing data from a device before moving it to an environment with lower level of security (for example, reselling). It is a more intensive form of clearing.
Degaussing is the destruction of the data on a data storage device by removing its magnetism. It is not effective on SSD, as this technology is not based on magnetic fields to store information.
Sanitization is a series of processes that removes data from a system or media while ensuring that the data is unrecoverable by any means.
Crypto-shredding is the practice of making data inaccessible by deliberately deleting or overwriting the encryption keys.
Deletion Methods
As a general rule, experts say that you need to erase the disk at low level at least 7 times.
Deletion Methods:
- Quick erase. 1 step
- RCMP TSSIT OPS-II. 8 steps. RCMP is the acronym for Royal Canadian Mounted Police.
- DoD Short. Quick deletion in 3 steps
- DoD 5220.22-M. 7 steps.
- Gutmann Wipe. 35 steps
- PRNG Stream. 4 or 8 steps
- HMG Infosec Standard 5 (UK)
Example of data that may not be deleted during clearing process:
- Spare sectors on hard drives (HDs)
- Sectors labeled as bad on HDs
- Areas on many modern solid-state disks (SSDs)
Deletion Standards and Guidelines
Deletion Standards and Guides featured on this post:
- NIST SP 800-88
- DoD 5220.22-M
- UK CSO SS-036
- INCIBE
NIST 800-88
NIST SP 800-88, colloquially known as NIST 800-88, is a guideline issued by American organization NIST under the title “Guidelines for Media Sanitization“.
As of 2023, its latest version is 800-80 Rev. 1, released on December 2014.
Official website for 800-88 Rev 1
DoD 5220.22-M
DoD 5220.22-M is the codename for the NISP Operating Manual, also called NISPOM, issued by the Department of Defense of USA.
Official link to DoD 5220.22-M document.
UK CSO SS-036
SS-036, under the title Security Standard Secure Sanitisation and Destruction, is published by the Chief Security Office (CSO) of the United Kingdom.
It was issued in October 2023.
INCIBE’s “Safe deletion and support management” Guide
Spanish IT security agency INCIBE has published guide “Safe deletion and support management” “Borrado seguro y gestión de soporte“, aimed to SMEs.
Deletion Tools
Deletion tools featured on this post:
- DBAN
- Blancco Driver Eraser
- nwipe
- ShreadOS
- OLVIDO
- Killdisk
Take note that the effectiveness of these tools depend on the deletion method that is chosen.
Also it is important to know that no method are effective to some SSDs from different manufacturers. The best mehtod of sanitizing SSDs is destruction.
DBAN
DBAN (Darik’s Boot and Nuke) is a popular deletion tool.
It is FOSS, under a GPLv2 license.
It was originally developed by developer Darik Horn. DBAN was acquired by Blancco Ltd. in 2012. Since 2015, it is not actively maintained.
A FOSS alternative to DBAN is Nwipe/ShredOS.
Blancco Driver Eraser
Blancco Driver Eraser is developed by Finnish company Blancco Ltd..
It is paid and proprietary software.
nwipe
nwipe is a fork of the original dwipe tool in DBAN. Is is available for Linux OS.
It is FOSS, under a GPLv2 license.
Unlike DBAN since 2015, it is actively updated.
ShredOS
ShredOS is a USB-bootable operating system (OS) to run nwipe tool.
ShredOS GitHub source code repository
PartedMagic
PartedMagic is a commercial Linux distribution that includes nwipe tool.
Eraser
Eraser is a tool for Windows OS.
It is FOSS under a GPL license.
OLVIDO
OLVIDO is a tool developed by the National Crytographic Center of Spain (CCN, from the Spanish Centro Critológico Nacional).
OLVIDO is available for Windows OS.
It is proprietary freeware.
Killdisk
Killdisk is a tool for Windows and Linux OS.
It is proprietary software, and it has freeware and paid versions.
External References
- Concepts
- M. Chapman et al; “CISSP Official Guide Study”, chapter 5 “Protecting security assets”, section “Data Destruction”, pp. 194-197; Sybex/Wiley (2021)
- Tools
- Reddit users; “DBaN replacement?“; Reddit