...
...
1. Objective
the The objective of this document is to establish procedures for the implementation of the University’s Media Disposal, Destruction, and Redeployment Protocol. Primarily, these procedures explain the process of preparing media for redeployment (reassignment), as well as offering additional resources and tools for erasing data.
2. General Principles
2.1. Reasonable steps must be taken to ensure that all Business Information is rendered unrecoverable prior to reuse or disposal of the media on which it is stored.
...
2.3. Transfer of equipment to the Office of Equipment Management for disposal, surplus or redeployment must include a certification that the media has been appropriately sanitized.
3. Procedures
The following media transfers are common at the University and each entails different sanitization methods.
...
DOD 5220.22 Standard—Triple Overwrite of data with verification. Write all locations with a pattern; write with the compliment; write with a random pattern; verify.
3.1 Examples
Reconfiguration Only: A computer or other media is reconfigured for the same individual or set of individuals; there is no change in access.
...
- Risk: Media with data is leaving control of the University; media is accessible to laboratory attack. Last Updated May 16, 2011
- Minimum action: Unless vendor has a contractual agreement to maintain data security, media should be degaussed before returning to vendor. Note: Degaussing of hard disks will almost certainly render the standard warranty invalid unless a “retain your media” option has been purchased.
4. Additional Resources
Resources for Media Sanitization
https://cmrr.ucsd.edu/_files/data-sanitization-tutorial.pdf
http://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
Hard Disks: Windows
UCSD ATA Secure Erase Utility, https://cmrr.ucsd.edu/resources/secure-erase.html. Be sure that the proper ATA protocol has been implemented by the manufacturer.
...
Paragon Disk Wiper, http://www.disk-wiper.com/
ShredIt, http://www.mireth.com/testshredit/shredit_sp.html
SuperScrubber, http://www.jiiva.com/superscrubber/
WipeDrive, http://www.whitecanyon.com/wipedrive-erase-hard-drive.php
Hard Disks: Apple OSX
httphttps://docssupport.info.apple.com/article.html?artnum=50447httpen-us/HT2281
https://docssupport.info.apple.com/article.html?artnum=107437/en-us/HT1820
http://web.archive.org/web/20070819055520/http://docs.info.apple.com/article.html?artnum=152060152297http
https://docssupport.info.apple.com/article.html?artnum=75102kb/TA26834?locale=en_US
Unix
www.giac.org/practical/gsec/Ken_Hatfield_GSEC.pdfLinux
Solaris
http://www.sun.com/software/solaris/trustedsolaris/ts_tech_faq/purge.xml
Cell Phones
http://smallbusiness.chron.com/wipe-data-cache-android-31671.html
http://support.apple.com/kb/HT2110
PalmOS
httphttps://kbhelp.palmact.com/hc/en-us/articles/; Search for SolutionID 15574, “Performing a factory reset before your palm device changes ownership or is sent away for repair.” Or, for SolutionID 887 for older devices.360024407793; Describes all sorts of Resets.
Blackberry Devices
http://www.blackberry.com; Knowledgebase article kb-02318, “How to delete all data, or all data and applications on the BlackBerry device.”
- Enter kb-02318 in the search engine on the top right.
- Open the document. Select BlackBerry Technical Solution Center in the top left.
- In the search engine under BlackBerry Technical Solution enter kb02318;
- Select the article “How to delete all data or all data and applications on the BlackBerry Smartphone”.
- Select the Wipe Handheld option and follow the instructions.
Flash media (thumb drives, memory cards and other solid state drives)
Due to the manner in which data is written to solid state drives (SSD), a process that makes extensive use of randomization, tools that are effective in erasing fixed media will meet with varying degrees of success when used on SSDs. Given that, an SSD would require a highly sophisticated “laboratory attack” to recover lost data. All but the most sensitive data can be considered effectively erased using fixed media overwrite tools. To absolutely guarantee nonrecovery, the drive should be physically destroyed.
CD, DVD, floppy disks
Cross-cut shredding, or other means of physical destruction. AIX, SGI, SANS, NAS and tape drives Use tools recommended by the manufacturer.
Published Materials
R. Kissel, M Scholl, S Skolochenko and L Xing. Guidelines for Media Sanitization: Recommendations of the National Institutes of Standards and Technology. NIST Special Publication 800-88. DOD 5220.22 Standard: Automated Information System Security. Chapter 8, especially the Clearing and Sanitization Matrix.
...
Last Updated May 16September 23, 20112019