drive wipe

Gary Thornock gthornock at yahoo.com
Thu Oct 23 16:04:43 MDT 2008


--- Aaron Toponce <aaron.toponce at gmail.com> wrote:
> Zeroing a drive is just as effective on ATA disks as any other
> "secure" data deletion utility. There is no left over charge,
> which means data recovery is extremely and highly improbable,
> if not near impossible.  There is no evidince that I can find,
> educational or otherwise, that after an ATA drive has been
> zeroed, its data was recovered.

Zeroing the drive is more than likely sufficient for practical
purposes.  It may not be sufficient to satisfy HIPAA, though:
if "industry standards" or "best practices" call for a 7-pass
overwrite, then a court or regulatory agency will want to see a
7-pass overwrite, even if a single pass of zeros is sufficient to
prevent recovery by any real-world service.

It may be worth noting that, while some data sanitizing software
refers to the 7-pass method as "DoD 5220.22-M", the actual DoD
5220.22-M document does not specify any particular method for
sanitzing data, and the Defense Security Service "Clearing
and Santization Matrix" no longer (as of June 2007) accepts
overwriting as a method of sanitizing hard drives.  Only
degaussing or physical destruction are acceptable.  But,
of course, the data in question isn't defense data, so DoD
requirements don't apply :)

Naturally the standard "I am not a lawyer" and "This is not
legal advice" disclaimers apply.




More information about the PLUG mailing list