1.1 Erasing Confidential Data 

Modern methods of data encryption are deterring network attackers from extracting sensitive data from stored database files.

Attackers who want to retrieve confidential data are becoming more resourceful by looking into places where data might be stored temporarily. For example, the Windows DELETE command merely changes the files attributes and location so that the operating system will not look for the file. The situation with NTFS is similar.

One avenue of attack is the recovery of data from residual data on a discarded hard drive. When deleting confidential data from hard drives, removable disks or USB devices, it is important to extract all traces of the data so that recovery is not possible.

Most official guidelines regarding the disposal of confidential magnetic data do not take into account the depth of today's recording densities, nor the methods used by the operating system when removing data. For example, the Windows DELETE command merely changes the file name so that the operating system will not look for the file. The situation with NTFS is similar.

Removal of confidential personal information or company trade secrets in the past might have been performed using the FORMAT command or the FDISK command. Ordinarily, using these procedures gives users a sense of confidence that the data has been completely removed.

When using the FORMAT command, Windows displays a message like this:

killdisk note

Important: Formatting a disk removes all information from the disk.

The FORMAT utility actually creates new FAT and ROOT tables, leaving all previous data on the disk untouched. Moreover, an image of the replaced FAT and ROOT tables is stored, so that the UNFORMAT command can be used to restore them.

FDISK merely cleans the Partition Table (located in the drive's first sector) and does not touch anything else.

Erase/Wipe Methods

One Pass Zeros or One Pass Random

When using One Pass Zeros or One Pass Random, the number of passes is fixed and cannot be changed. When the write head passes through a sector, it writes only zeros or a series of random characters.

User Defined

You indicate the number of times the write head passes over each sector and pattern to be written.

US DoD 5220.22-M

The write head passes over each sector three times. The first time with zeros (0x00), second time with 0xFF and the third time with random characters. There is one final pass to verify random characters by reading.

US DoD 5220.22-M (ECE)

The write head passes over each sector seven times. The first time with zeros (0x00), second time with 0xFF and the third time with random characters, the fourth time with 0x96, and then first three passes repeated again. There is one final pass to verify random characters by reading.

German VSITR

The write head passes over each sector seven times, each pass writing the following characters: 0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, 0xAA.

Russian GOST p50739-95

The write head passes over each sector two times, first pass is zeroes (0x00), the second pass is random characters.

Canadian OPS-II

The write head passes over each sector seven times, each pass writing the following characters: 0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, Random.

HMG IS5 Baseline

The write head passes over each sector once, writing zeroes (0x00).

HMG IS5 Enhanced

The write head passes over each sector three times, writing zeroes (0x00), then 0xFF, and finally random characters.

US Army AR380-19

The write head passes over each sector three times, first pass writing random characters, then zeroes (0x00), and finally 0xFF.

US Air Force 5020

The write head passes over each sector three times, first pass writing 0xFF, then zeroes (0x00), and finally random characters.

Navso P-5329-26 RL

The write head passes over each sector three times, first pass writing 0x01, then 0x27FFFFFF, and finally random characters.

Navso P-5329-26 MFM

The write head passes over each sector three times, first pass writing 0x01, then 0x7FFFFFFF, and finally random characters.

NCSC-TG-025

The write head passes over each sector three times, first pass writing zeroes 0x00, then 0xFF, and finally random characters.

Bruce Schneier

The write head passes over each sector seven times, each pass writing the following characters: 0xFF, zeroes (0x00), then five passes with random character.

Gutmann

The write head passes over each sector 35 times

NSA 130-2

The write head passes over each sector two times (Random, Random). There is one final pass to verify random characters by reading.

NIST 800-88 (3 standards)

Supported three NIST 800-88 media sanitization standards:

1. The write head passes over each sector one time (0x00).

2. The write head passes over each sector one time (Random).

3. The write head passes over each sector three times (0x00, 0xFF, Random).

For details about this,the most secure data clearing standard, you can read the original article at the link below: http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf

Open Contents

  1. Product Overview
    1. Erasing Confidential Data
      1. Advanced Data Recovery Systems
      2. International Standards in Data Removal
    2. Wiping Confidential Data from Unoccupied Drive Space
      1. Wiping NTFS
      2. Wipe FAT
      3. Wipe HFS+
      4. Wiping Ext2fs/Ext3fs/Ext4fs
  2. System Requirements for DOS and Windows versions
    1. Personal Computer
    2. Drive Storage System
    3. Other Requirements
    4. Active@ KillDisk for Hard Drives Version
  3. Running Active@ KillDisk for DOS
    1. Preparing a DOS-Bootable floppy,USB
      1. System Formatting
      2. Copying Active@ KillDisk to a floppy, USB
      3. One-Step Method
    2. Preparing a Bootable CD
    3. Modes of Operation
      1. Interactive Mode
        1. Erase Data from a Device
        2. Wiping the Data
      2. DOS Command Line Mode
      3. Autoexecute Mode
    4. Erasing or Wiping Logical Drives (Partitions)
    5. Erase Operation Complete
  4. Running Active@ KillDisk for Windows
    1. Active@ Boot Disk Creator
    2. Modes of Operation
    3. Command Line Mode
    4. Erasing or Wiping Logical Drives (Partitions)
    5. Erase Data from a Logical Drive
    6. Wipe Data from a Logical Drive
    7. Erase or Wipe Operation Complete
  5. Common Questions
    1. How does the licensing work?
    2. How is the data erased?
    3. What is the difference between the Site and Enterprise license?
    4. Which operating systems are supported by Active@ KillDisk?
    5. Is Active@ KillDisk compatible with Macintosh computers?
    6. What to do if I cannot boot from a floppy (USB)?
    7. Will I be able to use my Hard Disk Drive after Active@ KillDisk erase operation?
  6. Descriptions of Erase/Wipe Parameters
    1. Erase/Wipe Methods
      1. One Pass Zeros or One Pass Random
      2. User Defined
      3. US DoD 5220.22-M
      4. US DoD 5220.22-M (ECE)
      5. German VSITR
      6. Russian GOST p50739-95
      7. Canadian OPS-II
      8. HMG IS5 Baseline
      9. HMG IS5 Enhanced
      10. US Army AR380-19
      11. US Air Force 5020
      12. Navso P-5329-26 RL
      13. Navso P-5329-26 MFM
      14. NCSC-TG-025
      15. Bruce Schneier
      16. Gutmann
      17. NSA 130-2
      18. NIST 800-88 1 standard
      19. NIST 800-88 2 standard
      20. NIST 800-88 3 standard
    2. Other Parameters
      1. Verification
      2. Retry Attempts
      3. Ignore Errors
      4. Clear Log File before Start
      5. Skip Confirmation
      6. Wipe out Deleted/Unused data
    3. Glossary of Terms
 

This document is available in PDF format, which requires Adobe® Acrobat® Reader (Free download):

hard disk eraser

USER'S GUIDE
(for DOS)

Size: 494 KB

killdisk hard disk eraser

USER'S GUIDE
(for Windows)

Size: 1,44 MB

killdisk hard disk eraser

USER'S GUIDE
(for Linux)

Size: 683 KB

hard disk eraser note

KillDisk Datasheet
Size: 2,44 MB