Data stored on drives in servers, workstations, external storage devices, or on removable media (e.g., USB drive, CD, tape) must be permanently removed from the drive prior to transfer, decommission, or disposal of the drive/media to prevent unauthorized disclosure of the data. The tools you use depend on the type of drive:
- Encrypted SSDs (solid-state drive), use the secure erase function on the device. Remember to empty the trash. Check with the SSD vendor for their version of Secure Erase to use.
- Encrypted hard drives that spin, use reformat.
- Unencrypted hard drives that spin, use a media santization tool (e.g., DBAN).
MacIntosh computers come with encrypted SSDs by default, the secure erase is built in. Remember to empty the trash.
Sounds simple, but not all methods remove or erase the data.
- Delete key does not equal erase
- Format command does not equal erase
Some methods to delete data from a computer's hard drive (e.g., highlighting a file and pressing the Delete key, or emptying a recycle bin or trash folder, using system utilities to reformat the disk). Depending on the type of drive, these methods may not remove the data, they simply remove the pointers to the file. The data remains on the disk. Readily available software tools can be used to restore the data.
There are disk wiping utilities and programs available that will greatly improve the chances that your data cannot be recovered. Some programs erase the entire disk, while others allow you to select which files or folders to erase/shred. It is important that the utility or program provide an option to erase free space (temporary files).
Consult with your local technical support staff.
The following are tools to remove data from unencrypted hard drives (not SSD) in servers or workstation, external drives and for USB drives.
Recommended: Darik's Boot & Nuke (DBAN)
|Not for SSD drives|
Full disk wiping. http://dban.sourceforge.net/
Free trial, purchase
R-Wipe & Clean*
Free trial, purchase
* For R-Wipe & Clean, all users should select Tools and Customize and uncheck "event logs" and "firewall logs" under the System heading so that these important logs are always left alone. Also, some users may want to uncheck "recent documents" or they can uncheck each time they use the program.
Other methods of destroying data include degaussing and destruction. Degaussing is a process by which the storage media is subjected to a powerful magnetic field to remove the data on the media. Degaussing may make the media inoperable; therefore use this method if the media does not need to be reused.
Destruction is recommended for media (CD-ROMS, diskettes, tapes) containing highly sensitive data that cannot be wiped using the utilities and products described above. This is done by shredding disk platters, grinding the surfaces off of CD's, incinerating tapes, or cracking/cutting the media.
Dynamic Recycling is the University Contracted provider for physical media destruction for all hard drives, including hard drives from computers, printers, copiers, and multi-function devices. See the recycling program at the U.
Note: The University of Minnesota has no business relationship and makes no endorsement of any product or service listed.