Data Sanitization

In an IT environment, data is stored on various forms of storage media (e.g., hard drives, USB flash drives, CD-ROM’s, tape drives). When you no longer need to use this storage media, the data must be securely removed to prevent unauthorized access. In compliance with FERPA, University policies and state legislation, this becomes imperative if the data is of a sensitive nature.

Why must the data be removed?
There are several reasons for removing the data from storage media before disposing of it. One of the reasons could be that the server hosting the data is being replaced with a newer model. Or perhaps the backup data on CD-ROMs and tapes are no longer needed and need to be expunged. Or maybe the hard-drive on the computer system is inoperable and needs to be replaced.

In each of these cases, the department or college responsible for the data on the device must ensure that all data is securely removed to minimize the risk of possible compromise of the data. For additional information on data security, see PS06.20 (“Security of Data”).

Why deleting the data is not enough?
There are several ways the data can be deleted from a computer system. The most common way is to grab and drop a file into the recycle bin (trash can) in modern operating systems and then empty the bin. However, the files being deleted are not the actual data, they are just pointers to the files and deleting these does not necessarily remove the data. The data remains on the hard-drive as unallocated space. There are sophisticated methods that can be utilized to retrieve the data previously stored on the hard-drive even if the unallocated space has been utilized by new files.

It is a common misconception that by formatting the hard-drive, all data has been securely deleted. Like delete and emptying the trash folder, this utility only modifies the file system but does not remove the data. Think of this as removing the table of contents from a book but leaving everything else. All the pointers are gone, but the pages still exist.

CD-ROMs provide a different challenge due to their read-only nature. The challenge is that there are no means to securely delete the contents of the CD. Inoperable hard-drives can also provide challenges as they cannot be connected to a system and approached through software.

Secure methods of deleting data
As previously mentioned, one cannot rely on deleting the data alone and it is important to remember that there are devices that present special challenges. So, now the question becomes what steps or utilities are available to us to securely delete and/or destroy the data.

Wiping Utilities
There are several utilities available to us that can perform the task of disk wiping. Disk wiping is a term that describes a utility's ability to write a series of 1’s and 0’s over the disk in an effort to securely remove the data. Some examples of commonly used Windows utilities are DBAN, Declasfy, East-Tec’s Eraser, and Sourceforge Project Eraser. The task of disk wiping might be time consuming depending on the speed and/or performance characteristics of the computer.  If you need to securely erase a Solid-State Drive (SSD), please look at this GROK article.

As a user you have several built-in options for securely removing data from a Macintosh computer running Mac OS X:

  • For files you've deleted by dragging them to the Trash, use Secure Empty Trash from the Finder menu. It will overwrite and delete files in your Trash folder.
  • For whole file systems, use the Disk Utility, which can be found in the /Applications/Utilities/ folder. Select the file system on which you want to securely remove data, and then select the Erase tab. On the Erase pane, the Erase Free Space ...button lets you overwrite free space on the file system - that is, space that may contain data for files that have been deleted insecurely. The Security Options button lets you delete or overwrite files that still exist. Each of these buttons gives you the option of overwriting files once, 7 times, or 35 times.
  • For individual files, use rm -P from the command line. It overwrites files three times before deleting them.

Degaussing is a process by which the storage media is subjected to a powerful magnetic field to remove the data on the media. It is important to note that this method can make the media inoperable. Therefore, if you plan to reuse the media or sell the media, you should not use this method to securely remove data.

For storage media that cannot be wiped (e.g. inoperable hard drive, DVDs) or that has contained highly sensitive data or for devices that cannot be degaussed (CD-ROMs), destruction of media is the most effective means to ensure that the data cannot be recovered. There are several methods through which destruction of media can be achieved. Some examples are shredding disk platters, grinding the surfaces off of CD’s, and incinerating back-up tapes.