Data Destruction – CompTIA A+ 220-1102 – 2.8

Destroying data can be just as important as protecting data. In this video, you’ll learn about drive shredding, degaussing, quick formats, and secure erase.

It’s not unusual when an organization is upgrading their devices to donate or destroy the old devices. But when they do that, they always remove the storage component to make sure that whoever receives this device would not have access to any of the corporate data. One way to ensure that no one would ever have access to that data is to shred the storage device.

This usually involves a very large industrial shredding device. And you can take a hard drive or any other type of storage put it into the shredder and turn it into very small pieces. Obviously, once this hard drive or other component is shredded, there’s no way to retrieve the data from that device. If you don’t have a large shredder, you can create similar results by using a drill or a hammer to physically destroy the storage device.

You can very quickly drill through all of the platters of a hard drive or drill through any of the chips that might be in an SSD. Another way to destroy the drive is through electromagnetic means by using a deguasser. This removes the magnetic field that’s associated with a hard drive or an SSD and renders both of those devices unusable going forward. And if you don’t want anything remaining after this drive is destroyed, you might want to consider incineration which ensures that none of this data will ever be recovered.

Many organizations might have hundreds or even thousands of these drives that need to be destroyed every year. So you might want to contract with a third party that specializes in destroying these types of storage devices. It’s important that if you’re handing this corporate data to a third party that they really are providing that destruction. Normally, they’ll provide a certificate or verification that the destruction was indeed performed.

This allows you to keep a paper trail and know exactly what devices were submitted to the third party and what devices were ultimately destroyed. When you purchase a new drive, the manufacturer has provided a low level format on the drive. This is done at the factory and it’s a process that normally you as the end user would not be able to perform. Once we get the drive, we perform a standard format. The standard format can take one of two different forms in most operating systems.

One is a quick format. This quick format will remove the drive index but leave all of the data on the drive intact. You’re effectively erasing the table of contents in the front of the book but leaving all the pages of the book in place. This means if you have the right software, you may still be able to retrieve the data that’s on the drive after a quick format.

The other standard format you might have available is a regular format. This will override all of the data on the drive with zeros. This ensures that every part of the drive is overwritten. And once data is overwritten on a drive, there’s no way to retrieve any data that was there previously. So if you want to be sure that all of the data on that drive is unrecoverable but you’re still able to use the drive, you’ll want to perform a regular format and not a quick format.

A format will delete everything that’s in a partition. But you may not want to delete everything. You might just want to delete a single file or a folder that’s on your drive and if you want to delete that so that it cannot be recovered, you might want to use a secure delete function such as Sdelete from Windows Sysinternals. This allows you to override information but still keep everything else on the drive intact.

If you do want to delete everything that’s on that drive, you might want to perform a secure delete using a third party utility such as DBAN, which is Derrick’s Boot and Nuke. DBAN will delete everything that’s on a drive and give you options for deleting it multiple times to give you peace of mind that it really was deleted. And of course, if you want to 100% ensure that nothing on this drive could ever be recovered, you would probably want to physically damage the drive in a way that no one would be able to read it.

Obviously these cases, the physical destruction of the drive ensures that the drive would never be usable again. As an example of how important it is to make sure that your storage drives are deleted, I’ll reference this 2019 study from Blancco and Ontrack, where they purchased 159 drives from eBay and what they found was that 42% of the drives that they purchased contained sensitive data. 66 of those drives had some type of data on them and 25 of the drives contain personally identifiable information.

It’s remarkable how much information they were able to find in this study. They found email archives, shipping details, information from college students, videos, audio files, and other information that normally should never be in the hands of a third party.