2.8 Given a scenario, use common data destruction and disposal methods

  • Physical Destruction
    • Drilling
    • Shredding
    • Degaussing
    • Incineration
  • Recycling or Repurposing Best Practices
    • Erasing / Wiping
    • Low-Level Formatting
    • Standard Formatting
  • Outsourcing Concepts
    • Third-Party Vendor
    • Certificate of Destruction / Recycling

HDD Destruction

There are several ways to destroy data. 

ShredderShreds the entire drive into small fragments
Most expensive destruction method
Guaranteed to destroy the drive and data, especially when the drive is solid state and/or contains a hybrid chip  
Drill/HammerWe can use a drill to make holes through the drive
A drill can be messy and unsafe
Drilling through a solid-state drive is not effective.  It is possible to recover data from chips that are somewhat intact.  
Electromagnetic (Degaussing)Degaussing uses a magnet to erase the drive
It is not guaranteed to work, and will not work with non-magnetic drives (solid state drives)
Drive can be reused after degaussing  
IncinerationIncineration involves burning the drives
It may cause pollution, and can be complicated
It is guaranteed to destroy the drive and data, especially where the drive is solid state and/or contains a hybrid chip  

Recycling or Repurposing

If we don’t want to destroy the drive, we can simply overwrite the data using a software application.

Low-Level Format vs Standard FormatA low-level format erases all the data on the drive.  The drive is overwritten with 0s, and the file system is recreated
A standard format erases the partitions and recreates the file system but does not erase the actual data.  It’s possible to use a data recovery tool and recover files.  
OverwriteThe overwrite process write 0’s over all of the data on the hard disk drive.  Each bit is covered with a 0, which erases the data
This process could take several hours
There are different standards for erasing data.  Some require three or five overwrite passes.
A software program can overwrite the data and confirm that it was completed successfully  
Drive WipeThe drive wipe process sends a command to the hard disk drive
Upon receipt of the command, the hard drive will execute its own built-in erasing program and verify that it was completed successfully

Third Party Vendor

We might outsource our data destruction to a third party.  The third party can erase data on our hard disk drives and shred paper documents.  The third party may complete the destruction on our premises or at their warehouse.

Once the data has been erased, the third party must provide a Certificate of Destruction.  This certificate provides us with

  • A list of drives that have been wiped

  • The method that was used to wipe each drive

  • The make, model, and capacity of each drive

  • The serial number of each drive

  • The date and time that each drive was wiped