Security: use common data destruction and disposal methods. Flashcards
CompTIA A+ 220-1102 Exam Criteria
What options can you consider in a physical destruction of data?
Drilling
Shredding
Incinerating
Degaussing - Degaussing completely removes all data from the hard drive and rearranges the magnetic field, so the hard drive will not work after the degaussing process. Remember that you cannot reverse the degaussing process, so there is no way to make the hard drive usable again.
What is a low-level Format?
Low-level format works differently than the high-level format. A low-level format erases the disk entirely. It removes everything from the hard drive, including the address table. It is virtually impossible to recover data from a low-level formatted hard drive. In a low-level format, each sector on the hard drive is re-initialized. At the end of the low-level format, the hard drive is fresh for use. Typically, low-level formatting can only be done by the drive manufacturer.
Task 1 - Perform a High-Level Format
When performing a high-level format of a hard drive, it does not entirely remove all the data from the hard drive. It only erases the indexing information referencing where the files are located. Data recovery software can be used to recover the data, if it has been accidentally removed.
In this task, a high-level format of a hard drive will be performed.
Step 1
What is a HIgh-level Format?
Most users tend to format disks using the Disk Management utility and consider that the information has been erased. A normal format, also called a “high-level format”, does not really erase the data from the disk. It only erases some of the indexing information. The data is still available on the disk, but the removal of parts of the index prevents typical end users from seeing or accessing the data files. A user may believe that the files are gone for good. However, the internal address table is still available after a high-level format. The job of the internal address table is to keep track of the information being stored on the hard drive.
When a high-level format is used, it is possible to use a third-party tool to recover the index information that the format partially deleted. On the other hand, if you have written new files to the hard drive since the index deletion, then there is a chance that you will not get some of the old data files back.
How can you perform a High-Level format?
Start> Disk Management >
In the Disk Management window, right-click ISO (D:), under the Volume section and select Format.
In the Format D: pop-up window, click OK. >Select OK in the Format D: warning message box. > Click Yes on the Disk Management message box.
Note: A high-level data format does not take very long to complete depending on the size of the hard disk. This type of format only removes the links referencing to the files, not the actual data. The data can be recovered using data recovery software.
How can you perform a low-level Format?
Click on the Start charm and type:
command prompt
The Administrator: Command Prompt window is displayed.
Type the following command to delete the data on an NTFS drive:
cipher /w:E:\cipher
The data wiping process starts.
Note: A low-level data wipe takes much longer than a high-level data format as it overwrites the hard drive with 0 and 1 to ensure the data cannot be recovered. This process can take a while to complete.
What is Data overwrite?
Data overwrite, also known as “data wipe”, removes the old data by writing new data to the magnetic hard drive. The new data keeps overwriting the locations where the old data had been stored, thereby deleting the old data.
Data wipe overwrites the magnetic hard drive with a series of zeroes, followed by a series of ones. This ensures that the data cannot be recovered. The Department of Defense standard for wiping a magnetic drive (DoD 5220.22-M) uses a three-pass method, in which Pass 1 overwrites data with zeros, Pass 2 overwrites data with ones and Pass 3 overwrites data with random characters.
What is Deguassing?
For magnetic media, another method of wiping data can also be used. This method involves degaussing. The degaussing tool applies a magnetic field that demagnetizes the magnetic media. When applied to magnetic hard drives, degaussing not only destroys the data it also renders the magnetic drive permanently unusable.
Before you consider upgrading, replacing, or giving away a magnetic hard drive, the information on the drive should be destroyed. The data stored on the magnetic hard drive should be rendered completely unreadable, so that even with the use of a specialized tool, data cannot be recovered.
Why cant you degausse SSD?
Degaussing does not work on solid-state hard drives (SSD). Due to the wear leveling technology (aka TRIM technology) used in an SSD, standard drive wipe commands, such as the one we are about to demonstrate, are not recommended. Standard tools may not actually erase all data on the SSD. To securely erase an SSD, use the ATA Secure Erase tool supplied by the SSD manufacturer.
What Other outsourcing concepts can you consider when wiping magnetic hard drives?
For magnetic hard drives, CDs, DVDs or SSDs that contain sensitive data that must be verifiably destroyed, it is best to contract with a third-party vendor who can shred, or better yet, incinerate, your media and provide you with a legal Certificate of Destruction. The company should guarantee that the certificate you receive records all the information required by National Institute of Standards and Technology (NIST) standards for data and drive destruction.
