2.8 Given a scenario, use common data destruction and disposal methods
- Physical Destruction
- Recycling or Repurposing Best Practices
- Erasing / Wiping
- Low-Level Formatting
- Standard Formatting
- Outsourcing Concepts
- Third-Party Vendor
- Certificate of Destruction / Recycling
There are several ways to destroy data.
|Shreds the entire drive into small fragments
Most expensive destruction method
Guaranteed to destroy the drive and data, especially when the drive is solid state and/or contains a hybrid chip
|We can use a drill to make holes through the drive
A drill can be messy and unsafe
Drilling through a solid-state drive is not effective. It is possible to recover data from chips that are somewhat intact.
|Degaussing uses a magnet to erase the drive
It is not guaranteed to work, and will not work with non-magnetic drives (solid state drives)
Drive can be reused after degaussing
|Incineration involves burning the drives
It may cause pollution, and can be complicated
It is guaranteed to destroy the drive and data, especially where the drive is solid state and/or contains a hybrid chip
Recycling or Repurposing
If we don’t want to destroy the drive, we can simply overwrite the data using a software application.
|Low-Level Format vs Standard Format
|A low-level format erases all the data on the drive. The drive is overwritten with 0s, and the file system is recreated
A standard format erases the partitions and recreates the file system but does not erase the actual data. It’s possible to use a data recovery tool and recover files.
|The overwrite process write 0’s over all of the data on the hard disk drive. Each bit is covered with a 0, which erases the data
This process could take several hours
There are different standards for erasing data. Some require three or five overwrite passes.
A software program can overwrite the data and confirm that it was completed successfully
|The drive wipe process sends a command to the hard disk drive
Upon receipt of the command, the hard drive will execute its own built-in erasing program and verify that it was completed successfully
Third Party Vendor
We might outsource our data destruction to a third party. The third party can erase data on our hard disk drives and shred paper documents. The third party may complete the destruction on our premises or at their warehouse.
Once the data has been erased, the third party must provide a Certificate of Destruction. This certificate provides us with
- A list of drives that have been wiped
- The method that was used to wipe each drive
- The make, model, and capacity of each drive
- The serial number of each drive
- The date and time that each drive was wiped