Software-Based Disk Sanitization
To fully erase all data from a drive's media surface, special-purpose software must be used. These utilities eliminate user data by overwriting all accessible areas of the media surface with obfuscating data to make the data that is overwritten unrecoverable.
There are a many sources of overwrite utilities ranging from the popular open source Darik's Boot and Nuke (DBAN), to commercially available products such as iolo technologies' DriveScrubber. These software tools provide the user the ability to define the level of data sanitization through the choice of overwrite methods and iterations.
DBAN is launched from a self-booting disk, optical media or USB flash drive and securely wipes the hard disks of most computers. Configured for automatic operation, DBAN automatically detects and completely deletes the contents of any attached hard disk, making it an appropriate utility for bulk or emergency data destruction.
Although many still reference the need for a multipass overwrite processes as stated in the outdated National Industrial Security Program operating manual (DoD 5220.22-M), according to NIST 800-88 and the University of California San Diego's Center for Magnetic Recording Research, a single overwrite pass of the entire media surface is sufficient to render the data inaccessible.
As a tool for securely deleting specific confidential files, software has a more functional role. Unlike hardware-based solutions, software such as PGP's Desktop Shredder can be configured to wipe specific data or free space on the hard drive. This flexibility affords the owner of the data the ability to eliminate all remnants of deleted data and maintain ongoing security, while retaining programs and existing files, and keeping the operating system intact.
Although software can provide a cost effective and easily configurable sanitization solution, it has the disadvantage of requiring significant time to process an entire high capacity drive. Additionally, should there be damage to the media surface, the software may not be able to sanitize data from the inaccessible regions, and the process may fail.
An additional advantage that software has over hardware is that you can wipe just the free space on the hard drive, erasing all remnants of deleted data to maintain ongoing security, while keeping existing files and operating system intact.
Unacceptable media sanitization practices
There are a number of methods which are perceived as being effective, but do nothing to remove data. Some of them are:
File Deletion--When a file-system deletes a file, it is not truly erased from the storage media. Rather the file system marks the space as available. That makes the recovery of deleted files relatively easy. Conversely, it makes the true destruction of data somewhat more difficult.
Drive Formatting--The perception that formatting a hard drive removes data is incorrect. Formatting a hard drive does not remove data from the drive. Drive formatting is simply the process of preparing a hard disk or other storage medium for use, by re-initializing the file system. Yet, despite a clean file system, the data will remain on the hard drive in orphaned sectors, and can be easily recovered.
Even though Windows may provide you with the following scary message that all data on the disk will be erased, that is not so as the data can easily be recovered.
Disk Partitioning--When a disk is used for the first time, it must be partitioned, which is the process of establishing the volume allocation information on the hard drive. The information in the partition table identifies how the drive is presented to the operating system, including the number of logical volumes, volume size and the location of these partitions on the drive.
Once a drive is partitioned, each partition is then formatted, establishing the file allocation structure for each logical volume. While some sectors may be overwritten by the new file structure, any existing data though is left intact, and can be recovered.
Encryption--Encryption is a fantastic way to assure the privacy of live data, but is not suitable for the protection of end-of-life data.
Encryption's weakness is that the keys used to secure the data may be compromised. Even if the 256-bit Advanced Encryption Standard (AES) is used, which is unbreakable using current technology; data can be compromised if the user chooses a weak passphrase to protect the data, or if the key was not properly destroyed.
Some have suggested that encryption and then losing the keys is a method of destruction. But in speaking with those who have forensic labs, they note that there are ways of getting keys, as well as cracking keys on lesser levels of encryption. Given that, encryption should be used as a security mechanism, not as a destruction tool.