Data Removal Recommendations
1.0 Overview
2.0 Sanitizing Techniques
3.0 Suggested Software
4.0 Removal Tips
4.1 Windows
4.2 Macintosh
4.3 Unix / Linux / Solaris
5.0 Related Links
1.0 Overview
For the general user, the delete or format command appears to be the logical method of removing unwanted data files. These methods, however, are like sweeping something under the carpet: you may not be able to see it, but it's still there. All that deletion has done is remove the pointer to the files, with the data itself residing in unallocated space on the hard drive. This means that data recovery is possible using various software tools.
When sensitive information is stored on the hard drive of a machine that is to be surplussed or transferred to another individual or department, it is therefore imperative that extra measures be taken to wipe clean the hard drive before the computer leaves your area of responsibility. This document describes some common methods and software to assist you with the sanitization process. It also includes links to articles that provide detailed technical descriptions of what occurs during this process.
2.0 Sanitizing Techniques
As described in the much-referenced article Remembrance of Data Passed: A Study of Disk Sanitization Practices, the three most common techniques for properly sanitizing hard drives are:
1. Physically destroying the drive, rendering it unusable. This is a good alternative for defective hard drives or those that would be too costly to repair. For added security, the disk should be overwritten or degaussed prior to destruction.
2. Degaussing the drive to randomize the magnetic domains – most likely rendering the drive unusable in the process. Degaussing, or demagnetizing, applies a reverse magnetizing field to data stored on magnetic media, erasing the contents by returning the magnetic flux to a zero state.
3. Overwriting the drive's data so that it cannot be recovered. Overwriting replaces previously stored data on a drive or disk with a predetermined pattern of meaningless information, rendering the data unrecoverable.
The SANS white paper "Deleting Sensitive Information: Why hitting delete isn't enough"1 explains:
"...Overwriting data once is not usually good enough to prevent data recovery, instead it is recommended that
a minimum of three passes are made writing alternating zero and one patterns over the data and then further passes with random data, the more passes the better the chance that no data can ever be recovered."
NOTE: When removing sensitive information, don't forget storage devices such as thumbdrives, back-up external hardrives and CDs. Also, be sure to erase any stored names and numbers from phones and fax machines.
3.0 Suggested Software
The following chart is a collection of disk wiping software recommended by departmental computing coordinators (DCCs) or listed on a variety of other University and security sites. The inclusion of any title does not indicate an endorsement by Brown University or the CIS department, and has only been provided as an aide in making a decision that best matches your specific needs.
Program |
Cost |
Platform |
Comments |
| Acronis DriveCleanser 6.0 |
$61.00 | Windows XP & Vista | Deletes all the data and partitions on a hard disk. Wizard interface. Meets national data destruction standards. |
| Darik's Boot and Nuke (DBAN) |
Shareware | Windows XP, Vista & 7 | Will automatically and completely delete the contents of any hard disk it can detect, making it an appropriate utility for bulk or emergency data destruction. Can be booted from a CD, DVD, or USB flash drive. |
| DTI Disk Wipe |
$49.00 | Windows XP & Vista | |
| East-Tec Eraser 2012 | $39.95 | Windows XP, Vista & 7 | Exceeds DoD standards; for the permanent erasure of digital info, including confidential documents, evidence of online activities. Also can be used to erase online activity and clean out browsers. |
| East-Tec DisposeSecure 2012 | Free trial, $23.96 for 5 sanitizations and 1 year of updates | Intel 80386 compatible (all versions of Windows, Linux, Solaris, SCO Unix, Unixware, OS/2, BeOs, etc.) | Designed to remove all traces of data from hard disk, overwriting all data from every sector |
| Eraser |
Free (shareware) | Windows XP, Vista & 7 | Completely removes sensitive data from a hard drive by overwriting it several times with carefully selected patterns |
| KillDisk (Active@KillDisk) |
Free version, Pro versions start at $39.95 | Windows XP, Vista & 7, Linux, Mac OS, Unix | Conforms to DoD sanitizing standards and uses Gutmann's data destruction method |
| Norton SystemWorks |
$49.99 | Windows XP, Vista & 7 | Permanently removes sensitive files, rootkits and internet activity |
| Paragon Disk Wiper |
$29.95 (personal) $149.95 (professional) |
Windows XP, Vista & 7 | Disk Wiper Pro meets DoD sanitizing standards; includes 10 different disk sanitization methods |
| ShredIt | Free trial, $24.95 (download version) | Windows XP, Vista & 7 Mac OS X or later |
Easy interface, configurable overwrite pattern and number of overwrites |
| Wipe (2009) |
Shareware | Linux, Unix | Uses Gutmann's erase patterns, erasing single files and accompanying metadata or entire disks |
| WipeDrive / Wipe Drive with System Saver |
$19.95 / $39.95 | Bootable PC disk, for all Windows and Mac computers | DoD approved; securely erases IDE and SCSI drives; unlimited wiping of 5 unique hard drives |
4.0 Removal Tips
4.1 Windows
Each of the software products listed above comes with specific instructions, some with an easy-to-use wizard interface. KillDisk (recommended by some DCCs) is the software of choice at Northern Illinois University. Their support for this product includes detailed instructions on its use.
Dell offers an overview document Erasing Data from Your Hard Drive and a link to CNET's (download.com) listing of rated disk wiping software.
4.2 Macintosh
In addition to the software offered above, Mac computer hard drives can be cleared by zeroing their data. Note that zeroing data (aka "low level" format) may take a long time and depends on the hard disk size. It is recommended to use the "8-way random" feature in conjunction with the "zero all data" option.
- Mac OS X: How to Zero All Data on a Disk (http://support.apple.com/kb/HT1820)
- Mac OS X Disk Utility: Securely Erasing a Disk (docs.info.apple.com/article.html?path=DiskUtility/11.5/en/7090.html)
4.3 Unix / Linux / Solaris
5.0 Related Links
Compendium of disk wiping software:
- Acronis DriveCleanser 6.0: www.acronis.com/products/drivecleanser/
- Darik's Boot and Nuke (DBAN): http://www.dban.org/download
- DTI Disk Wipe: www.dtidata.com/products_disk_wipe.asp
- East-Tec Eraser 2008: www.east-tec.com/eraser/
- East-Tec DisposeSecure 2008 Enterprise: www.east-tec.com/sanitizer/
- Eraser: http://sourceforge.net/projects/eraser
- KillDisk (Active@KillDisk): killdisk.com/
- Norton SystemWorks: www.symantec.com/norton/systemworks
- Paragon Disk Wiper: www.disk-wiper.com/
- ShredIt: www.mireth.com/shredit.html
- Wipe: sourceforge.net/projects/wipe/
- WipeDrive: www.whitecanyon.com/wipedrive-erase-hard-drive.php
Further Reading:
- Special Publication 800-88: Guidelines for Media Sanitization by the National
Institute of Standards and Technology (NIST)
(http://csrc.nist.gov/publications/nistpubs/#sp800-88)
- 1 Deleting Sensitive Information:Why Hitting Delete Isn't Enough by Hans Zetterstrom (www.sans.org/rr/papers/index.php?id=691)
- Remembrance of Data Passed: A Study of Disk Sanitization Practices by Simson L. Garfinkel and Abhi Shelat, MIT (IEEE Computer Society, Security & Privacy, vol. 1, no. 1, 2003) (http://ieeexplore.ieee.org/search/wrapper.jsp?arnumber=1176992)
- Precautions When Selling, Trading, or Sending a PC to Salvage or to a Repair Shop by H. D. Knoble, Penn State
(ftp.aset.psu.edu/pub/ger/documents/SecureFixedDiskWiping.html) - Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann, University of Auckland
(www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html) - What You Don't See On Your Hard Drive (SANS - www.sans.org/reading_room/whitepapers/incident/dont-hard-drive_653)
- Secure File Deletion, Fact or Fiction? (SANS - www.sans.org/reading_room/whitepapers/incident/secure-file-deletion-fact-fiction_631)
- Securely Deleting Files (SANS - www.giac.org/paper/gsec/377/securely-deleting-files/100985 )
Related sites at other universities:
- Indiana University Information Security Office: Securely Removing Data (protect.iu.edu/cybersecurity/data/secure-removal )
- Univ. of Georgia Office of Information Security: Secure Deletion & Sanitizing Data (infosec.uga.edu/sate/sanitizing_data.php)
- Univ. of Minnesota OIT Security: Destroying Data (www.oit.umn.edu/security/tools/destroying-data/)
- Univ. of Pennsylvania Information Security: Cleaning Out Old Computers (www.upenn.edu/computing/security/advisories/old_computers.html)
Internally Reviewed and Updated: March 2, 2012