For the general user, the delete or format command appears to be the logical method of removing unwanted data files. These methods, however, are like sweeping something under the carpet: you may not be able to see it, but it's still there. All that deletion has done is remove the pointer to the files, with the data itself residing in unallocated space on the hard drive. This means that data recovery is possible using various software tools.
When sensitive information is stored on the hard drive of a machine that is to be surplussed or transferred to another individual or department, it is therefore imperative that extra measures be taken to wipe clean the hard drive before the computer leaves your area of responsibility. This document describes some common methods and software to assist you with the sanitization process. It also includes links to articles that provide detailed technical descriptions of what occurs during this process.
2.0 Sanitizing Techniques
As described in the much-referenced article Remembrance of Data Passed: A Study of Disk Sanitization Practices, the three most common techniques for properly sanitizing hard drives are:
- Physically destroying the drive, rendering it unusable. This is a good alternative for defective hard drives or those that would be too costly to repair. For added security, the disk should be overwritten or degaussed prior to destruction.
N.B. Hard drives, cell phones, and PDAs that are no longer needed and contain data covered under the Brown Restricted Information Policy can be brought to the offices of ISG for crushing and disposal. Please contact ISG to schedule an appointment.
- Degaussing the drive to randomize the magnetic domains – most likely rendering the drive unusable in the process. Degaussing, or demagnetizing, applies a reverse magnetizing field to data stored on magnetic media, erasing the contents by returning the magnetic flux to a zero state.
- Overwriting the drive's data so that it cannot be recovered. Overwriting replaces previously stored data on a drive or disk with a predetermined pattern of meaningless information, rendering the data unrecoverable.
The SANS white paper "Deleting Sensitive Information: Why hitting delete isn't enough"1 explains: "...Overwriting data once is not usually good enough to prevent data recovery, instead it is recommended that a minimum of three passes are made writing alternating zero and one patterns over the data and then further passes with random data, the more passes the better the chance that no data can ever be recovered."
Note that when removing sensitive information, don't forget storage devices such as thumbdrives, back-up external hard drives and CDs. Also, be sure to erase any stored names and numbers from phones and fax machines.
EXTRA: CIS has a hard drive crusher used for crushing no-longer needed drives containing data covered under the Brown Restricted Information Policy. Contact the IT Service Center for more details and to arrange an appointment.
3.0 Suggested Software
The following chart is a collection of disk wiping software recommended by departmental computing coordinators (DCCs) or listed on a variety of other University and security sites. The inclusion of any title does not indicate an endorsement by Brown University or the CIS department, and has only been provided as an aide in making a decision that best matches your specific needs.
|Blancco 4 (PC Edition)||$24.95||Windows||Certified data sanitization. Permanently removes data from IT assets such as PCs, servers, data center equipment and smartphones (data cannot be recovered with any existing technology).|
|Blancco Mobile||Contact vendor for quote||Supports iOS, Android, BlackBerry, Symbian & Windows Mobile. App runs on Windows 7||Securely erases smartphone’s internal and external memory. All user data such as emails, contacts and text messages are permanently erased. Also works with tablet computers.|
|Darik's Boot and Nuke (DBAN)
||Shareware||Windows 8, 7, Vista & XP||Self-contained boot disk that automatically deletes the contents of any hard disk that it can detect; prevents all known techniques of hard disk forensic analysis. Designed for consumer use. Professional data erasure tools, such as Blancco, are recommended for company and organizational users. (Does not provide a proof of erasure, such as an audit-ready erasure report.)|
|Disk Utility||Free||Mac OS X||Securely erases data as well as disk’s empty space (latter prevents the recovery of erased files without erasing the entire disk).|
|DTI Disk Wipe||$49.00||Windows 7, Vista & XP||Permanently erases and destroys all existing data on a hard disk.|
|East-Tec Eraser 2014||$34.95||Windows 8, 7, Vista & XP||Meets and exceeds government and industry standards for the permanent erasure of digital information. For the permanent erasure of digital info, including confidential documents, evidence of online activities. Also can be used to erase online activity and clean out browsers.|
|East-Tec DisposeSecure 5||$24.95 (includes one sanitization plus one year of updates and support)||For computer to create boot disk: Windows 8, 7, Vista & XP
For computer to be sanitized: Intel 80386 compatible (Windows, Linux, Solaris, SCO Unix, Unixware, OS/2, BeOs, etc.)
|Designed to remove all traces of data from hard disk, overwriting all data from every sector.|
|Eraser||Free (shareware)||Windows 8, 7, Vista & XP||Completely removes sensitive data from a hard drive by overwriting it several times with carefully selected patterns.|
|KillDisk (Active@KillDisk)||Free version, Pro versions start at $29.95||For computer to create boot disk: Windows 8, 7, Vista & XP
For computer to be sanitized: Intel-compatible systems (Windows, Linux, FreeBSD, OpenSolaris Unix, Mac OS X, and others)
|Powerful and compact software allowing you to destroy all data on hard disks, USB drives and floppy disks completely, excluding any possibility of future recovery of deleted files and folders; a hard drive and partition eraser utility.|
|Linux||Free||Linux||Use built-in dd, wipe and shred tools|
|Norton Utilities||$29.99||Windows 8, 7, Vista & XP||Includes Disk Cleaner (with "bleach" feature) to permanently erase all unwanted files|
|Paragon Disk Wiper 12 Professional
||$39.95||Windows 8, 7, Vista & XP||Disk Wiper Pro meets DoD sanitizing standards; includes 10 different disk sanitization methods|
|sDelete||Free||Windows XP & higher||A command line utility that allows for secure overwriting of sensitive files and cleansing free space of previously deleted files. sDelete is a DoD-compliant secure delete program.|
|secure rm||Free (shareware, MIT license)||Unix & Windows command line program||Secure file removal utility for Unix and Unix-like computer systems; command-line compatible rm overwrites file contents|
|ShredIt||Free trial, $24.95 (download version)||Windows 7 & earlier / Mac OS X & earlier||Easy interface, configurable overwrite pattern and number of overwrites|
|Wipe (2009)||Shareware||Linux, Unix||Uses Gutmann's erase patterns, erasing single files and accompanying metadata or entire disks|
|WipeDrive (Consumer Ed.)||$29.95||Bootable PC disk, for all Windows and Mac computers, PC-based Linux/Unix||DoD approved; securely erases IDE and SCSI drives; unlimited wiping of up to 3 different hard drives|
|WipeDrive (enterprise Ed.)||Contact vendor for details (licensed per client)||All computers with x86 architecture, all versions of Microsoft Windows, all recent versions of Mac (starting with OS X v10.6), all flavors of Linux||Flexible licensing permits wiping desktops, laptops, networked computers, servers, individual drives, or RAID arrays with one product and one block of licenses. Erase hard drives remotely.|
4.0 Removal Tips
Each of the software products listed above comes with specific instructions, some with an easy-to-use wizard interface. KillDisk (recommended by some DCCs) is the software of choice at Northern Illinois University. Their support for this product includes detailed instructions on its use. Dell offers an overview document How Do I Erase Data from My Hard Drive?.
In addition to the software offered above, Mac computer hard drives can be cleared by zeroing their data. Note that zeroing data (aka "low level" format) may take a long time and depends on the hard disk size. It is recommended to use the "8-way random" feature in conjunction with the "zero all data" option. See the section "Securely erase a disk" in the article Disk Utility 12.x: Erase a Disk, CD or DVD for details.
4.3 Solaris / Linux / Unix
- Secure Erase in Unix / Linux / Solaris (2006)
- Solaris: Erasing Disks Securely (2011) | Explicit ZFS Data Scrubbing (2011)
- Linux: How to Delete Files Permanently and Securely in Linux (2009) | How to Delete Files Securely (2005)
- Unix: DOD compliant disk / file wiping (2007) | Secure File Deletions (SANS GIAC paper, 2001)
5.0 Related Links
Compendium of disk wiping software:
- Darik's Boot and Nuke (DBAN): sourceforge.net/projects/dban/
- Disk Utility: support.apple.com/kb/PH5849
- DTI Disk Wipe: dtidata.com/products_disk_wipe.asp
- East-Tec Eraser 2013: east-tec.com/eraser/
- East-Tec DisposeSecure 5: east-tec.com/disposesecure/
- Eraser: sourceforge.net/projects/eraser/
- KillDisk (Active@KillDisk): killdisk.com/
- Linux: linux.com/learn/tutorials/442455-wiping-your-disk-drive-clean
- Norton Utilities: us.norton.com/norton-utilities/
- Paragon Disk Wiper: disk-wiper.com/
- sDelete: technet.microsoft.com/en-us/sysinternals/bb897443.aspx
- secure rm: sourceforge.net/projects/srm/
- ShredIt: mireth.com/shredit.html
- THC-Secure Delete: linux.softpedia.com/get/Security/THC-SecureDelete-10390.shtml
- Wipe: sourceforge.net/projects/wipe/
- WipeDrive: whitecanyon.com/wipedrive-erase-hard-drive.php
- Securely Disposing of Computers and Other Storage Devices by Rob Lee, SANS' OUCH! newsletter (January 2011)
- Sanitizing Media (The Linux Method) by Hal Pomeranz, SANS Computer Forensics blog (June 2010)
- Guidelines for Information Media Sanitization EDUCAUSE, Information Security Guide Toolkit (September 2009)
- Precautions When Selling, Trading, or Sending a PC to Salvage or to a Repair Shop by H. D. Knoble, Penn State (May 2007)
- Special Publication 800-88: Guidelines for Media Sanitization by the National Institute of Standards and Technology, NIST (September 2006)
- Secure File Deletion, Fact or Fiction? by John R. Mallery, SANS Institute (June 2006)
- Remembrance of Data Passed: A Study of Disk Sanitization by Simson L. Garfinkel and Abhi Shelat, MIT, IEEE Computer Society, Security & Privacy, vol. 1, no. 1 (2003)
- 1 Deleting Sensitive Information:Why Hitting Delete Isn't Enough by Hans Zetterstrom (2002)
- What You Don't See On Your Hard Drive by Brian Kuepper, SANS Institute (April 2002)
- Securely Deleting Files by John Kinney, SANS Institute (2002)
Related sites at other universities:
- Carnegie Mellon: Data Sanitization and Disposal Tools
- Indiana University Information Security Office: Securely Removing Data
- Michigan State University: How to Sanitize Data for Disposal
- Stanford University: Disk and Data Sanitization Policy and Guidelines
- Syracuse University: Data Sanitizing Policies
- Univ. of Minnesota OIT Security: Destroying Data
- Univ. of Pennsylvania Information Security: Computer Recycling and Disposal Options | Cleaning Out Old Computers | Secure Data Deletion
Internally Reviewed and Updated: March, 2014
Next Scheduled Review: March, 2016