FAQ on Disposal of Computer Equipment Containing Sensitive Information
A typical "delete" command merely deletes the pointer to a file. The data will not be overwritten until the storage area is reallocated and re-used. By using commonly available utilities, it is possible to retrieve the deleted data in a computer.
The "format" command in many cases merely creates an empty root directory and a new blank indexing scheme for all allocation units on the storage media making it available for the storage of new files. There are commercially available utilities to recover lost data from storage media caused by accidental execution of the "format" command.
Commercial software and services are available in the market to perform secure data deletion by means of writing over the storage media a number of times and with different patterns. Those software packages which overwrite the data space with a character, the complement of that character, then a random character can be considered as reliable and follow current industry best practice for secure data deletion. However, you may need to evaluate the capability and features of such products and consult their respective product vendors for details to see if they fulfil your specific requirements. Also, besides technical solution, necessary checks and balances should be in place to ensure that the secure deletion process is performed and is successful. Some of the possible measures which you may consider include proper approval/logging of the whole process, sample check/verification of erase hard disks, etc.
Yes, commercial tools are available for data recovery. However, the prime objective of those tools is to address the disaster recovery need, e.g. when the data or its media is deleted or damaged by accident or natural disaster such as fire rather than after the application of the secure deletion procedures.
To recover or reconstruct data that has been deliberately overwritten usually requires specialised devices and/or environment. Data recovery and/or guessing would likely be uneconomical and hence impractical after the secure deletion procedures that follow the industry best practices are adopted.
In fact, Secure data deletion is one form of security risk management, similar to other information security topics. The security risk level associated with data deletion and recovery would be related to the value of the data being protected, the resources required to delete/undelete the data, and the cost of the equipment to be reused.
According to international/industry practices, degaussing is considered an acceptable technical solution for secure data deletion for magnetic media such as hard disks, floppy disks and magnetic tapes if properly employed. During the degaussing process, the magnetic flux of the media is reduced to virtually zero by applying a reversing magnetising field. Properly applied, degaussing renders any previously stored data on the media unrecoverable by keyboard or laboratory attack.
With reference to current international/industry best practices, the following are some major considerations/practices when using degaussers for secure data deletion:
Typical Media Coercivity Figures
|Magnetic Storage Media||Coercivity (Oe)|
|1/2" magnetic tape||300|
|1/4" QIC tape||550|
|8 mm metallic particle tape||1500|
|DAT metallic particle tape||1500|
|4mm DDS-1 tape||1550|
|4mm DDS-2 tape||1650|
|4mm DDS-3 tape||2300|
|4mm DDS-4 tape||2350|
|Hard disks (1980 to 1989)||900-1400|
|Hard disks (1990 to 1999)||1400-3000|
|Hard disks (2000 to 2009)||3000-5000|