How to delete storage Devices securely

This post gives some hints about how to erase a storage device securely. That means that data that was stored in the past on that device cannot be retrieved by any mean.

Deletion Types

Erasing is the deletion of files or media and may not include all of the data in the media.

Clearing describes preparing media for reuse.

Purging is removing data from a device before moving it to an environment with lower level of security (for example, reselling). It is a more intensive form of clearing.

Degaussing is the destruction of the data on a data storage device by removing its magnetism. It is not effective on SSD, as this technology is not based on magnetic fields to store information.

Sanitization is a series of processes that removes data from a system or media while ensuring that the data is unrecoverable by any means.

Crypto-shredding is the practice of making data inaccessible by deliberately deleting or overwriting the encryption keys.

Deletion Methods

As a general rule, experts say that you need to erase the disk at low level at least 7 times.

Deletion Methods:

  • Quick erase. 1 step
  • RCMP TSSIT OPS-II. 8 steps. RCMP is the acronym for Royal Canadian Mounted Police.
  • DoD Short. Quick deletion in 3 steps
  • DoD 5220.22-M. 7 steps.
  • Gutmann Wipe. 35 steps
  • PRNG Stream. 4 or 8 steps
  • HMG Infosec Standard 5 (UK)

Example of data that may not be deleted during clearing process:

  • Spare sectors on hard drives (HDs)
  • Sectors labeled as bad on HDs
  • Areas on many modern solid-state disks (SSDs)

Deletion Standards and Guidelines

Deletion Standards and Guides featured on this post:

  • NIST SP 800-88
  • DoD 5220.22-M
  • UK CSO SS-036
  • INCIBE

NIST 800-88

NIST SP 800-88, colloquially known as NIST 800-88, is a guideline issued by American organization NIST under the title “Guidelines for Media Sanitization“.

As of 2023, its latest version is 800-80 Rev. 1, released on December 2014.

Official website for 800-88 Rev 1

DoD 5220.22-M

DoD 5220.22-M is the codename for the NISP Operating Manual, also called NISPOM, issued by the Department of Defense of USA.

Official link to DoD 5220.22-M document.

UK CSO SS-036

SS-036, under the title Security Standard Secure Sanitisation and Destruction, is published by the Chief Security Office (CSO) of the United Kingdom.

It was issued in October 2023.

Official link

INCIBE’s “Safe deletion and support management” Guide

Spanish IT security agency INCIBE has published guide “Safe deletion and support management” “Borrado seguro y gestión de soporte“, aimed to SMEs.

Official link

Deletion Tools

Deletion tools featured on this post:

  • DBAN
  • Blancco Driver Eraser
  • nwipe
  • ShreadOS
  • OLVIDO
  • Killdisk

Take note that the effectiveness of these tools depend on the deletion method that is chosen.

Also it is important to know that no method are effective to some SSDs from different manufacturers. The best mehtod of sanitizing SSDs is destruction.

DBAN

DBAN (Darik’s Boot and Nuke) is a popular deletion tool.

It is FOSS, under a GPLv2 license.

It was originally developed by developer Darik Horn. DBAN was acquired by Blancco Ltd. in 2012. Since 2015, it is not actively maintained.

A FOSS alternative to DBAN is Nwipe/ShredOS.

Official web

DBAN source code repository

Blancco Driver Eraser

Blancco Driver Eraser is developed by Finnish company Blancco Ltd..

It is paid and proprietary software.

Official web

nwipe

nwipe is a fork of the original dwipe tool in DBAN. Is is available for Linux OS.

It is FOSS, under a GPLv2 license.

Unlike DBAN since 2015, it is actively updated.

Nwipe source code repository

ShredOS

ShredOS is a USB-bootable operating system (OS) to run nwipe tool.

ShredOS GitHub source code repository

PartedMagic

PartedMagic is a commercial Linux distribution that includes nwipe tool.

Eraser

Eraser is a tool for Windows OS.

It is FOSS under a GPL license.

Eraser official website

Eraser source code repository

OLVIDO

OLVIDO is a tool developed by the National Crytographic Center of Spain (CCN, from the Spanish Centro Critológico Nacional).

OLVIDO is available for Windows OS.

It is proprietary freeware.

Official web

Killdisk

Killdisk is a tool for Windows and Linux OS.

It is proprietary software, and it has freeware and paid versions.

Official website

External References

  • Concepts
    • M. Chapman et al; “CISSP Official Guide Study”, chapter 5 “Protecting security assets”, section “Data Destruction”, pp. 194-197; Sybex/Wiley (2021)
  • Tools

Leave a Reply

Your email address will not be published. Required fields are marked *