2.8 Given a scenario, use common data destruction and disposal methods
- Physical Destruction
- Drilling
- Shredding
- Degaussing
- Incineration
- Recycling or Repurposing Best Practices
- Erasing / Wiping
- Low-Level Formatting
- Standard Formatting
- Outsourcing Concepts
- Third-Party Vendor
- Certificate of Destruction / Recycling
HDD Destruction
There are several ways to destroy data.
| Shredder | Shreds the entire drive into small fragments Most expensive destruction method Guaranteed to destroy the drive and data, especially when the drive is solid state and/or contains a hybrid chip |
| Drill/Hammer | We can use a drill to make holes through the drive A drill can be messy and unsafe Drilling through a solid-state drive is not effective. It is possible to recover data from chips that are somewhat intact. |
| Electromagnetic (Degaussing) | Degaussing uses a magnet to erase the drive It is not guaranteed to work, and will not work with non-magnetic drives (solid state drives) Drive can be reused after degaussing |
| Incineration | Incineration involves burning the drives It may cause pollution, and can be complicated It is guaranteed to destroy the drive and data, especially where the drive is solid state and/or contains a hybrid chip |
Recycling or Repurposing
If we don’t want to destroy the drive, we can simply overwrite the data using a software application.
| Low-Level Format vs Standard Format | A low-level format erases all the data on the drive. The drive is overwritten with 0s, and the file system is recreated A standard format erases the partitions and recreates the file system but does not erase the actual data. It’s possible to use a data recovery tool and recover files. |
| Overwrite | The overwrite process write 0’s over all of the data on the hard disk drive. Each bit is covered with a 0, which erases the data This process could take several hours There are different standards for erasing data. Some require three or five overwrite passes. A software program can overwrite the data and confirm that it was completed successfully |
| Drive Wipe | The drive wipe process sends a command to the hard disk drive Upon receipt of the command, the hard drive will execute its own built-in erasing program and verify that it was completed successfully |
Third Party Vendor
We might outsource our data destruction to a third party. The third party can erase data on our hard disk drives and shred paper documents. The third party may complete the destruction on our premises or at their warehouse.
Once the data has been erased, the third party must provide a Certificate of Destruction. This certificate provides us with
- A list of drives that have been wiped
- The method that was used to wipe each drive
- The make, model, and capacity of each drive
- The serial number of each drive
- The date and time that each drive was wiped