Modern methods of data encryption are deterring network attackers from extracting sensitive data from stored database files.
Attackers who want to retrieve confidential data are becoming more resourceful by looking into places where data might be stored temporarily. For example, the Windows DELETE command merely changes the files attributes and location so that the operating system will not look for the file. The situation with NTFS is similar.
One avenue of attack is the recovery of data from residual data on a discarded hard drive. When deleting confidential data from hard drives, removable disks or USB devices, it is important to extract all traces of the data so that recovery is not possible.
Most official guidelines regarding the disposal of confidential magnetic data do not take into account the depth of today's recording densities, nor the methods used by the operating system when removing data. For example, the Windows DELETE command merely changes the file name so that the operating system will not look for the file. The situation with NTFS is similar.
Removal of confidential personal information or company trade secrets in the past might have been performed using the FORMAT command or the FDISK command. Ordinarily, using these procedures gives users a sense of confidence that the data has been completely removed.
When using the FORMAT command, Windows displays a message like this:
Important: Formatting a disk removes all information from the disk.
The FORMAT utility actually creates new FAT and ROOT tables, leaving all previous data on the disk untouched. Moreover, an image of the replaced FAT and ROOT tables is stored, so that the UNFORMAT command can be used to restore them.
FDISK merely cleans the Partition Table (located in the drive's first sector) and does not touch anything else.
This document is available in PDF format,
|
One Pass Zeros or One Pass Random |
When using One Pass Zeros or One Pass Random, the number of passes is fixed and cannot be changed. When the write head passes through a sector, it writes only zeros or a series of random characters. |
User Defined |
You indicate the number of times the write head passes over each sector and pattern to be written. |
US DoD 5220.22-M |
The write head passes over each sector three times. The first time with zeros (0x00), second time with 0xFF and the third time with random characters. There is one final pass to verify random characters by reading. |
US DoD 5220.22-M (ECE) |
The write head passes over each sector seven times. The first time with zeros (0x00), second time with 0xFF and the third time with random characters, the fourth time with 0x96, and then first three passes repeated again. There is one final pass to verify random characters by reading. |
German VSITR |
The write head passes over each sector seven times, each pass writing the following characters: 0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, 0xAA. |
Russian GOST p50739-95 |
The write head passes over each sector two times, first pass is zeroes (0x00), the second pass is random characters. |
Canadian OPS-II |
The write head passes over each sector seven times, each pass writing the following characters: 0x00, 0xFF, 0x00, 0xFF, 0x00, 0xFF, Random. |
HMG IS5 Baseline |
The write head passes over each sector once, writing zeroes (0x00). |
HMG IS5 Enhanced |
The write head passes over each sector three times, writing zeroes (0x00), then 0xFF, and finally random characters. |
US Army AR380-19 |
The write head passes over each sector three times, first pass writing random characters, then zeroes (0x00), and finally 0xFF. |
US Air Force 5020 |
The write head passes over each sector three times, first pass writing 0xFF, then zeroes (0x00), and finally random characters. |
Navso P-5329-26 RL |
The write head passes over each sector three times, first pass writing 0x01, then 0x27FFFFFF, and finally random characters. |
Navso P-5329-26 MFM |
The write head passes over each sector three times, first pass writing 0x01, then 0x7FFFFFFF, and finally random characters. |
NCSC-TG-025 |
The write head passes over each sector three times, first pass writing zeroes 0x00, then 0xFF, and finally random characters. |
Bruce Schneier |
The write head passes over each sector seven times, each pass writing the following characters: 0xFF, zeroes (0x00), then five passes with random character. |
Gutmann |
The write head passes over each sector 35 times |
New! Department of Energy erase method (DoE M 205.1-2) |
3 passes |
New! Canadian CSEC ITSG-06 erase method |
Pass 1: Writes a one or zero |
New! Erases with user defined method |
using specified number of passes and custom pattern (including hex values) for each pas |