Media vs. Data: Media is the physical mechanism on which information is stored, while data is the information itself.

Data Destruction (R2: Data Sanitization): The process of eradicating the data found on storage media of any kind, whether through means of destroying the storage media itself, or by rendering the data inaccessible.

Media Destruction (R2: Physical Sanitization/Destruction): The process of destroying storage media in order to destroy the data it contains.

Data wiping / overwriting (R2: Logical Sanitization/Erasure): The process of eradicating data from electronic storage media by writing meaningless data to the entirety of the storage area. This process leaves the media fully functional.

HDD: Hard Disk drive, with spinning storage platters

SSD: Solid State Drive containing no moving parts Flash Media: Simple storage media using chips instead of spinning platters Magnetic Tape: Cartridge or spool-style tapes used to store data, often used as backup storage in today’s storage environments.

Hybrid Drive: HDDs with a small amount of SSD storage; a “hybrid” between an HDD and an SSD. This media is effective for improving boot times (as with an SSD), while also providing significant data storage at a cost similar to that of HDDs (much less expensive than a similar-capacity full SSD).

NAND chip: A non-volatile memory chip on which data is data is stored

Physical Destruction (R2: Physical Sanitization/Destruction)

Degaussing

Subjects Media to intense magnetic field with the intent of eradicating the data. Typically destroys the media (with the exception of some magnetic tape). 􀁸

Advantages: Clean, leaves media physically intact, simple to execute, most tools are portable. Disadvantages: No visual feedback (material separation challenges), reporting limited, QC requires forensic analysis, some equipment requires periodic calibration (see manufacturer’s specs) 􀁸

Common Examples: Garner-Products, Data Security, Inc. (DSI), Secure Engineered Machinery (SEM), Proton.

Crushing

Physically crushes the media, typically with a bending wedge or conical punch, in order to render the media unusable, thereby preventing access to the data it may contain. 􀁸

Advantages: Portable, simple to execute, visual confirmation, surprisingly secure despite perception, minimal employee safety risk. 􀁸

Disadvantages: Limited throughput, marginal reliability, material recovery sometimes difficult Common Examples: Phiston (MediaVise), Garner-Products, Secure Engineered Machinery

(SEM) Shredding & Disintegrating

Shreds media using strip-cut or cross-cut shredder, or with hammermill-style disintegrator to a specified particle size. 􀁸

Advantages: Simple to execute, strong visual confirmation, widely accepted 􀁸

Disadvantages: Dirty, less-portable 􀁸

Common Examples: Ameri-Shred, Alleghany, HSM, and Intimus along with Untha, SSI (these are less media specific)

Data Wiping / Overwriting (R2: Logical Sanitization/Erasure): 􀁸

Popular Algorithms

• NIST Clear / Purge (US National Institute of Standards and Technology Special Publication 800-88 rev. 1)

• DoD (NISPOM DoD 5220.22-M)

• RCMP TSSIT OPS-II 7-pass 􀁸

Common Examples: Blancco, White Canyon (WipeDrive), BitRaser (Stellar), XERASE (EPS), FutureDial, Pervacio

Note: Random character passes are typically implemented as a repeating pattern (sector-to-sector) or repeating character (byte-to-byte) in order to allow non-forensics quality control processes to be used to measure performance of the process.

File Deletion, Disk Formatting and/or OS Reinstallation as a data destruction process

These should never, under any circumstances, be considered a viable, legitimate method for destroying data. Data recovery is possible with very simple, highly accessible utilities, even by a marginally savvy operator.

This compatibility chart is an effective quick-reference for determining whether a properly-executed data destruction method is patently effective (thumbs up) or ineffective (thumbs down) on certain media types, or whether there are additional considerations (“if…”) for determining efficacy.

This compatibility chart is an effective quick-reference for determining whether a properly-executed data destruction method is patently effective (thumbs up) or ineffective (thumbs down) on certain media types, or whether there are additional considerations (“if…”) for determining efficacy.

Degaussing

While often effective on HDD’s and tape media, degaussing simply does not work on SSDs or Flash Media (and by extension, Hybrid Drives) on any level, and should be considered incompatible. Any degausser must be rated for use on HDD’s in order to be sufficient for use on such media. Tape and wand-style degaussers that are not expressly rated for HDD’s will not effectively eradicate data on hard drives. Most wand-style degaussers require drive and platter disassembly for use, and failing to complete this step prior to using a wand-style degausser on a hard disk drive renders the process ineffective.

Crushing

NAND chips must be destroyed, so bending or punching media alone is unacceptable for SSDs, despite efficacy for HDDs. Crushing on SSD’s and any other media containing data storage chips (such as flash media and hybrid drives) will not destroy all storage chips unless a specially-designed crushing plate is used. Process must demonstrate destruction of 100% of NAND chips on SSDs. Crushing Magnetic Tape is not effective at destroying data.

Shredding / Disintegrating

NAND chips should be destroyed, so commonly accepted particle sizes for HDDs (1.5” – 0.75”, or ~38 - 20mm) are not fully effective for SSDs, Flash Media, and Hybrid Drives, as chips can survive the data destruction process. This is possible because they’re smaller than the shred width and can slip through the cutters intact. Effective physical destruction of any storage media using data storage chips requires destruction on each such chip. Large material separate shredders may not shred to a particle size acceptable for SSD, or even HDD destruction. Simply because the media is being damaged does not mean the data has been destroyed, especially in the case of SSDs and Flash Media. High speed shredders and especially disintegrators may be “gummed up” by magnetic tape. Shredding can be an effective way of destroying tape media, but it may not be scalable.

Overwriting Some flash media (thumb drive, CF/SD cards, etc.) may not report serial numbers, making the audit trail difficult to automate. Overwriting tape media can be challenging and unscalable, due to the inaccessibility of host connectivity for the overwriting software tools. If done properly, however, it is an effective method for this type of media. Flash Translation Layer Basics Data wiping on SSDs creates a slight challenge due to “wear-leveling” reducing access to the entire disk. SSDs have areas of the physical storage areas that, at any given time, are inaccessible to the user, but may contain data. This is due to the “Flash Translation Layer” that seamlessly directs the storage controller to physical areas of the drive Accessing these areas is extremely difficult, and even simple, properly executed overwriting methods provide effective risk mitigation from data recovery outside of forensic environments, but it is reasonable to expect that certain organizations may require that different methods are employed, or additional steps are taken with regard to data destruction on SSDs. There are examples of ATA Security Erase (“Secure Erase”) bypassing the FTL and destroying data on areas of the drive that are not accessible through the FTL, but there are also examples of this process performing in the same way as a standard block overwrite.