Data erasure
Encyclopedia
Data erasure is a software-based method of overwriting data that completely destroys all electronic data residing
on a hard disk drive or other digital media
. Permanent data erasure goes beyond basic file deletion
commands, which only remove direct pointers to data disk sector
s and make data recovery
possible with common software tools. Unlike degaussing
and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment.
Software-based overwriting uses a software application to write patterns of random meaningless data onto all of a hard drive's sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill, identity theft
and failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards. Good software should provide verification of data removal, which is necessary for meeting certain standards.
To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking
protection method that is less time-consuming than encryption
.
. These can inadvertently or intentionally make their way onto other media such as printer, USB
, flash
, Zip, Jaz, and REV
drives.
and loss, as well as that of other portable media, are increasingly common sources of data breaches.
If data erasure does not occur when a disk is retired or lost, an organization or user faces that possibility that data will be stolen and compromised, leading to identity theft, loss of corporate reputation, threats to regulatory compliance and financial impacts. Companies have spent nearly $5 million on average to recover when corporate data was lost or stolen. High profile incidents of data theft include:
(Health Insurance Portability and Accountability Act); FACTA
(The Fair and Accurate Credit Transactions Act of 2003); GLB (Gramm-Leach Bliley
); Sarbanes-Oxley Act
(SOx); and Payment Card Industry Data Security Standards (PCI DSS). Failure to comply can result in fines and damage to company reputation, as well as civil and criminal liability.
while negatively impacting the carbon footprint
of individuals and companies. Hard drives are nearly 100% recyclable and can be collected at no charge from a variety of hard drive recyclers after they have been sanitized.
(HPA), device configuration overlay
(DCO), and remapped sectors, perform an incomplete erasure, leaving some of the data intact. By accessing the entire hard drive, data erasure eliminates the risk of data remanence
.
Data erasure also bypasses the BIOS
and OS
. Overwriting programs that operate through the BIOS and OS will not always perform a complete erasure due to altered or corrupted BIOS data and may report back a complete and successful erasure even if they do not access the entire hard disk, leaving data accessible.
rather than having to erase each one sequentially. In contrast with DOS
-based overwriting programs that may not detect all network hardware, Linux
-based data erasure software supports high-end server and storage area network
(SAN) environments with hardware support for Serial ATA
, Serial Attached SCSI
(SAS) and Fibre Channel
disks and remapped sectors. It operates directly with sector sizes such as 520, 524, and 528, removing the need to first reformat back to 512 sector size.
The 1995 edition of the National Industrial Security Program
Operating Manual (DoD 5220.22-M) permitted the use of overwriting techniques to sanitize some types of media by writing all addressable locations with a character, its complement, and then a random character. This provision was removed in a 2001 change to the manual and was never permitted for Top Secret media, but it is still listed as a technique by many providers of data erasure software.
Data erasure software should provide the user with a validation certificate indicating that the overwriting procedure was completed properly. Data erasure software should also comply with requirements to erase hidden areas, provide a defects log list, and list bad sectors that could not be overwritten.
Data can sometimes be recovered from a broken hard drive. However, if the platters on a hard drive are damaged, such as by drilling a hole through the drive (and the platters inside), then data can only be recovered by bit-by-bit analysis of each platter with advanced forensic technology. Seagate
is the only company in the world to have credibly claimed such technology, although some governments may also be able to do this.
s can sometimes be recovered by forensic analysis even after the disks have been overwritten once with zeros (or random zeros and ones). This is not the case with modern hard drives:
Data remanence
Data remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
on a hard disk drive or other digital media
Digital media
Digital media is a form of electronic media where data is stored in digital form. It can refer to the technical aspect of storage and transmission Digital media is a form of electronic media where data is stored in digital (as opposed to analog) form. It can refer to the technical aspect of...
. Permanent data erasure goes beyond basic file deletion
File deletion
File deletion is a way of removing a file from a computer's file system.The reasons for deleting files are#Freeing the disk space#Removing duplicate or unnecessary data to avoid confusion#Making sensitive information unavailable to others...
commands, which only remove direct pointers to data disk sector
Disk sector
In computer disk storage, a sector is a subdivision of a track on a magnetic disk or optical disc. Each sector stores a fixed amount of user data. Traditional formatting of these storage media provides space for 512 bytes or 2048 bytes of user-accessible data per sector...
s and make data recovery
Data recovery
Data recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives, solid-state drives , USB flash drive,...
possible with common software tools. Unlike degaussing
Degaussing
Degaussing is the process of decreasing or eliminating an unwanted magnetic field. It is named after Carl Friedrich Gauss, an early researcher in the field of magnetism...
and physical destruction, which render the storage media unusable, data erasure removes all information while leaving the disk operable, preserving IT assets and the environment.
Software-based overwriting uses a software application to write patterns of random meaningless data onto all of a hard drive's sectors. There are key differentiators between data erasure and other overwriting methods, which can leave data intact and raise the risk of data breach or spill, identity theft
Identity theft
Identity theft is a form of stealing another person's identity in which someone pretends to be someone else by assuming that person's identity, typically in order to access resources or obtain credit and other benefits in that person's name...
and failure to achieve regulatory compliance. Many data eradication programs also provide multiple overwrites so that they support recognized government and industry standards. Good software should provide verification of data removal, which is necessary for meeting certain standards.
To protect data on lost or stolen media, some data erasure applications remotely destroy data if the password is incorrectly entered. Data erasure tools can also target specific data on a disk for routine erasure, providing a hacking
Hacker (computer security)
In computer security and everyday language, a hacker is someone who breaks into computers and computer networks. Hackers may be motivated by a multitude of reasons, including profit, protest, or because of the challenge...
protection method that is less time-consuming than encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
.
Importance
Information technology (IT) assets commonly hold large volumes of confidential data. Social security numbers, credit card numbers, bank details, medical history and classified information are often stored on computer hard drives or serversServer (computing)
In the context of client-server architecture, a server is a computer program running to serve the requests of other programs, the "clients". Thus, the "server" performs some computational task on behalf of "clients"...
. These can inadvertently or intentionally make their way onto other media such as printer, USB
Universal Serial Bus
USB is an industry standard developed in the mid-1990s that defines the cables, connectors and protocols used in a bus for connection, communication and power supply between computers and electronic devices....
, flash
Flash memory
Flash memory is a non-volatile computer storage chip that can be electrically erased and reprogrammed. It was developed from EEPROM and must be erased in fairly large blocks before these can be rewritten with new data...
, Zip, Jaz, and REV
Iomega REV
REV was a removable hard disk storage system from Iomega.The small removable cartridges store 35, 70, or 120 gigabytes and were based on hard-drive technology. Like a standard hard drive, the REV system used a flying head to read and write data to a spinning platter...
drives.
Data breach
Increased storage of sensitive data, combined with rapid technological change and the shorter lifespan of IT assets, has driven the need for permanent data erasure of electronic devices as they are retired or refurbished. Also, compromised networks and laptop theftLaptop theft
Laptop theft is a significant threat to users of laptop computers. Many methods to protect the data and to prevent theft have been developed, including alarms, laptop locks, and visual deterrents such as stickers or labels. Victims of laptop theft can lose hardware, software, and essential data...
and loss, as well as that of other portable media, are increasingly common sources of data breaches.
If data erasure does not occur when a disk is retired or lost, an organization or user faces that possibility that data will be stolen and compromised, leading to identity theft, loss of corporate reputation, threats to regulatory compliance and financial impacts. Companies have spent nearly $5 million on average to recover when corporate data was lost or stolen. High profile incidents of data theft include:
- CardSystems Solutions (2005-06-19): Credit card breach exposes 40 million accounts.
- Lifeblood (2008-02-13): Missing laptops contain personal information including dates of birth and some Social Security numbers of 321,000.
- Hannaford (2008-03-17): Breach exposes 4.2 million credit, debit cards.
- Compass Bank (2008-03-21): Stolen hard drive contains 1,000,000 customer records.
- University of Florida College of Medicine, Jacksonville (2008-05-20): Photographs and identifying information of 1,900 on improperly disposed computer.
- Oklahoma Corporation Commission (2008-05-21): Server sold at auction compromises more than 5,000 Social Security numbers.
Regulatory compliance
Strict industry standards and government regulations are in place that force organizations to mitigate the risk of unauthorized exposure of confidential corporate and government data. These regulations include HIPAAHealth Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. It was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum . Title I of HIPAA protects health insurance coverage for workers and their...
(Health Insurance Portability and Accountability Act); FACTA
Fair and Accurate Credit Transactions Act
The Fair and Accurate Credit Transactions Act of 2003 is a United States federal law, passed by the United States Congress on November 22, 2003, and signed by President George W. Bush on December 4, 2003, as an amendment to the Fair Credit Reporting Act...
(The Fair and Accurate Credit Transactions Act of 2003); GLB (Gramm-Leach Bliley
Gramm-Leach-Bliley Act
The Gramm–Leach–Bliley Act , also known as the Financial Services Modernization Act of 1999, is an act of the 106th United States Congress...
); Sarbanes-Oxley Act
Sarbanes-Oxley Act
The Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...
(SOx); and Payment Card Industry Data Security Standards (PCI DSS). Failure to comply can result in fines and damage to company reputation, as well as civil and criminal liability.
Preserving assets and the environment
Data erasure offers an alternative to physical destruction and degaussing for secure removal of all disk data. Physical destruction and degaussing destroy the digital media, requiring disposal and contributing to electronic wasteElectronic waste
Electronic waste, e-waste, e-scrap, or Waste Electrical and Electronic Equipment describes discarded electrical or electronic devices. There is a lack of consensus as to whether the term should apply to resale, reuse, and refurbishing industries, or only to product that cannot be used for its...
while negatively impacting the carbon footprint
Carbon footprint
A carbon footprint has historically been defined as "the total set of greenhouse gas emissions caused by an organization, event, product or person.". However, calculating a carbon footprint which conforms to this definition is often impracticable due to the large amount of data required, which is...
of individuals and companies. Hard drives are nearly 100% recyclable and can be collected at no charge from a variety of hard drive recyclers after they have been sanitized.
Limitations
Data erasure through overwriting only works on hard drives that are functioning and writing to all sectors. Bad sectors cannot usually be overwritten but may contain recoverable information. Software driven data erasure could also be compromised by malicious code.Differentiators
Software-based data erasure uses a special application to write a combination of 1s and 0s onto each hard drive sector. The level of security depends on the number of times the entire hard drive is written over.Full disk overwriting
There are many overwriting programs, but data erasure offers complete security by destroying data on all areas of a hard drive. Disk overwriting programs that cannot access the entire hard drive, including hidden/locked areas like the host protected areaHost Protected Area
The host protected area, sometimes referred to as hidden protected area, is an area of a hard drive that is not normally visible to an operating system .- History :HPA was first introduced in the ATA-4 standard cxv .-How it works:...
(HPA), device configuration overlay
Device configuration overlay
Device configuration overlay is a hidden area on many of today’s hard disk drives . Usually when information is stored in either the DCO or host protected area , it is not accessible by the BIOS, OS, or the user. However, certain tools can be used to modify the HPA or DCO...
(DCO), and remapped sectors, perform an incomplete erasure, leaving some of the data intact. By accessing the entire hard drive, data erasure eliminates the risk of data remanence
Data remanence
Data remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
.
Data erasure also bypasses the BIOS
BIOS
In IBM PC compatible computers, the basic input/output system , also known as the System BIOS or ROM BIOS , is a de facto standard defining a firmware interface....
and OS
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
. Overwriting programs that operate through the BIOS and OS will not always perform a complete erasure due to altered or corrupted BIOS data and may report back a complete and successful erasure even if they do not access the entire hard disk, leaving data accessible.
Hardware support
Data erasure can be deployed over a network to target multiple PCsPersonal computer
A personal computer is any general-purpose computer whose size, capabilities, and original sales price make it useful for individuals, and which is intended to be operated directly by an end-user with no intervening computer operator...
rather than having to erase each one sequentially. In contrast with DOS
DOS
DOS, short for "Disk Operating System", is an acronym for several closely related operating systems that dominated the IBM PC compatible market between 1981 and 1995, or until about 2000 if one includes the partially DOS-based Microsoft Windows versions 95, 98, and Millennium Edition.Related...
-based overwriting programs that may not detect all network hardware, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
-based data erasure software supports high-end server and storage area network
Storage area network
A storage area network is a dedicated network that provides access to consolidated, block level data storage. SANs are primarily used to make storage devices, such as disk arrays, tape libraries, and optical jukeboxes, accessible to servers so that the devices appear like locally attached devices...
(SAN) environments with hardware support for Serial ATA
Serial ATA
Serial ATA is a computer bus interface for connecting host bus adapters to mass storage devices such as hard disk drives and optical drives...
, Serial Attached SCSI
Serial Attached SCSI
Serial Attached SCSI is a computer bus used to move data to and from computer storage devices such as hard drives and tape drives. SAS depends on a point-to-point serial protocol that replaces the parallel SCSI bus technology that first appeared in the mid 1980s in data centers and workstations,...
(SAS) and Fibre Channel
Fibre Channel
Fibre Channel, or FC, is a gigabit-speed network technology primarily used for storage networking. Fibre Channel is standardized in the T11 Technical Committee of the InterNational Committee for Information Technology Standards , an American National Standards Institute –accredited standards...
disks and remapped sectors. It operates directly with sector sizes such as 520, 524, and 528, removing the need to first reformat back to 512 sector size.
Standards
Many government and industry standards exist for software-based overwriting that removes data. A key factor in meeting these standards is the number of times the data is overwritten. Also, some standards require a method to verify that all data has been removed from the entire hard drive and to view the overwrite pattern. Complete data erasure should account for hidden areas, typically DCO, HPA and remapped sectors.The 1995 edition of the National Industrial Security Program
National Industrial Security Program
The National Industrial Security Program, or NISP, is the nominal authority for managing the needs of private industry to access classified information.The NISP was established in 1993 by Executive Order 12829...
Operating Manual (DoD 5220.22-M) permitted the use of overwriting techniques to sanitize some types of media by writing all addressable locations with a character, its complement, and then a random character. This provision was removed in a 2001 change to the manual and was never permitted for Top Secret media, but it is still listed as a technique by many providers of data erasure software.
Data erasure software should provide the user with a validation certificate indicating that the overwriting procedure was completed properly. Data erasure software should also comply with requirements to erase hidden areas, provide a defects log list, and list bad sectors that could not be overwritten.
Overwriting Standard | Date | Overwriting Rounds | Pattern | Notes |
---|---|---|---|---|
U.S. Navy United States Department of the Navy The Department of the Navy of the United States of America was established by an Act of Congress on 30 April 1798, to provide a government organizational structure to the United States Navy and, from 1834 onwards, for the United States Marine Corps, and when directed by the President, of the... Staff Office Publication NAVSO P-5239-26 |
1993 | 3 | A character, its complement, random | Verification is mandatory |
U.S. Air Force United States Air Force The United States Air Force is the aerial warfare service branch of the United States Armed Forces and one of the American uniformed services. Initially part of the United States Army, the USAF was formed as a separate branch of the military on September 18, 1947 under the National Security Act of... System Security Instruction 5020 |
1996 | 4 | All 0s, all 1s, any character | Verification is mandatory |
Peter Gutmann's Algorithm Gutmann method The Gutmann method is an algorithm for securely erasing the contents of computer hard drives, such as files. Devised by Peter Gutmann and Colin Plumb, it does so by writing a series of 35 patterns over the region to be erased.... |
1996 | 1 to 35 | Various, including all of the other listed methods | Originally intended for MFM and RLL disks, which are now obsolete |
Bruce Schneier Bruce Schneier Bruce Schneier is an American cryptographer, computer security specialist, and writer. He is the author of several books on general security topics, computer security and cryptography, and is the founder and chief technology officer of BT Managed Security Solutions, formerly Counterpane Internet... 's Algorithm |
1996 | 7 | All 1s, all 0s, pseudo-random sequence five times | |
U.S. DoD United States Department of Defense The United States Department of Defense is the U.S... Unclassified Computer Hard Drive Disposition |
2001 | 3 | A character, its complement, another pattern | |
German Federal Office for Information Security Federal Office for Information Security The Bundesamt für Sicherheit in der Informationstechnik is the German government agency in charge of managing computer and communication security for the German government... |
2004 | 2-3 | Non-uniform pattern, its complement | |
Communications Security Establishment Canada ITSG-06 | 2006 | 3 | All 1s or 0s, its complement, a pseudo-random pattern | For unclassified media |
NIST National Institute of Standards and Technology The National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce... SP-800-88 |
2006 | 1 | ||
U.S. National Industrial Security Program National Industrial Security Program The National Industrial Security Program, or NISP, is the nominal authority for managing the needs of private industry to access classified information.The NISP was established in 1993 by Executive Order 12829... Operating Manual (DoD 5220.22-M) |
2006 | No longer specifies any method. | ||
NSA National Security Agency The National Security Agency/Central Security Service is a cryptologic intelligence agency of the United States Department of Defense responsible for the collection and analysis of foreign communications and foreign signals intelligence, as well as protecting U.S... /CSS Central Security Service The Central Security Service is an agency of the United States Department of Defense, established in 1972 by a Presidential Directive to promote full partnership between the National Security Agency and the Service Cryptologic Elements of the United States Armed Forces.-Organization:The blue... Storage Device Declassification Manual (SDDM) |
2007 | 0 | Degauss or destroy only | |
Australian Government ICT Security Manual | 2008 | 1 | Degauss or destroy Top Secret media | |
New Zealand Government Communications Security Bureau Government Communications Security Bureau The Government Communications Security Bureau is an intelligence agency of the New Zealand government.The mission statement is given as:To contribute to the national security of New Zealand through:... NZSIT 402 |
2008 | 1 | For data up to Confidential | |
British HMG Infosec Standard 5, Baseline Standard | 1 | All 0s | Verification is optional | |
British HMG Infosec Standard 5, Enhanced Standard | 3 | All 0s, all 1s, random | Verification is mandatory |
Data can sometimes be recovered from a broken hard drive. However, if the platters on a hard drive are damaged, such as by drilling a hole through the drive (and the platters inside), then data can only be recovered by bit-by-bit analysis of each platter with advanced forensic technology. Seagate
Seagate Technology
Seagate Technology is one of the world's largest manufacturers of hard disk drives. Incorporated in 1978 as Shugart Technology, Seagate is currently incorporated in Dublin, Ireland and has its principal executive offices in Scotts Valley, California, United States.-1970s:On November 1, 1979...
is the only company in the world to have credibly claimed such technology, although some governments may also be able to do this.
Number of overwrites needed
Data on floppy diskFloppy disk
A floppy disk is a disk storage medium composed of a disk of thin and flexible magnetic storage medium, sealed in a rectangular plastic carrier lined with fabric that removes dust particles...
s can sometimes be recovered by forensic analysis even after the disks have been overwritten once with zeros (or random zeros and ones). This is not the case with modern hard drives:
- According to the 2006 NISTNational Institute of Standards and TechnologyThe National Institute of Standards and Technology , known between 1901 and 1988 as the National Bureau of Standards , is a measurement standards laboratory, otherwise known as a National Metrological Institute , which is a non-regulatory agency of the United States Department of Commerce...
Special Publication 800-88 Section 2.3 (p. 6): "Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."
- According to the 2006 CMRR Tutorial on Disk Drive Data Sanitization Document (p. 8): "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure." "Secure erase" is a utility built into modern ATA hard drives that overwrites all data on a disk, including remapped (error) sectors.
- Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required.
See also
- Data remanenceData remanenceData remanence is the residual representation of data that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal file deletion operation, by reformatting of storage media that does not remove data previously written...
- Data recoveryData recoveryData recovery is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally. Often the data are being salvaged from storage media such as internal or external hard disk drives, solid-state drives , USB flash drive,...
- Electronic wasteElectronic wasteElectronic waste, e-waste, e-scrap, or Waste Electrical and Electronic Equipment describes discarded electrical or electronic devices. There is a lack of consensus as to whether the term should apply to resale, reuse, and refurbishing industries, or only to product that cannot be used for its...
- File deletionFile deletionFile deletion is a way of removing a file from a computer's file system.The reasons for deleting files are#Freeing the disk space#Removing duplicate or unnecessary data to avoid confusion#Making sensitive information unavailable to others...
- Gutmann methodGutmann methodThe Gutmann method is an algorithm for securely erasing the contents of computer hard drives, such as files. Devised by Peter Gutmann and Colin Plumb, it does so by writing a series of 35 patterns over the region to be erased....
- Physical information securityPhysical Information SecurityPhysical information security is concerned with physically protecting data and means to access that data . Many individuals and companies place importance in protecting their information from a software and/or network perspective, but fewer devote resources to protecting data physically...
- Sanitization (classified information)Sanitization (classified information)Sanitization is the process of removing sensitive information from a document or other medium, so that it may be distributed to a broader audience. When dealing with classified information, sanitization attempts to reduce the document's classification level, possibly yielding an unclassified...
- SecuritySecuritySecurity is the degree of protection against danger, damage, loss, and crime. Security as a form of protection are structures and processes that provide or improve security as a condition. The Institute for Security and Open Methodologies in the OSSTMM 3 defines security as "a form of protection...