Securely Deleting Electronic Information
In today's digital age, we routinely store personal and sensitive information such as our banking and tax information, addresses and phone numbers, and photos on a variety of magnetic storage media. Traditional media includes computer hard drives, USB flash drives, CD-ROMs, DVDs, floppy disks, & magnetic tapes. "Lifestyle" devices such as personal digital assistants (PDAs), smart cell phones (Treos, Blackberrys, etc.), mobile entertainment devices (iPods and MP3 players) are extremely versatile and are also being used to send/receive email and attachments, take/store photos, keep lists of names/addresses/phone numbers – all of which can be considered personal or sensitive information. Other types of storage are Compact Flash, Memory Stick cards, Secure Digital (SD) memory cards, and Smart Media cards.
To prevent your information from being misused, care should be taken to ensure that any personal or sensitive information is securely deleted especially before recycling or disposing of any such devices or storage media. This document provides an overview on how to securely delete information from commonly used electronic devices. The first section describes methods that can be used for equipment that will be re-used or recycled (given or sold to someone else for further use). The second section describes secure deletion methods that should be used if the equipment is to be permanently disposed of (not re-used).
Why "DELETE" is not enough:
Using a computer's standard "delete" function is not sufficient to permanently erase sensitive information. When you delete a file or folder using the "Recycle Bin" or "Trash", your operating system simply flags the contents of the file/folder to be overwritten and re-used in the future. Until that space is overwritten, the contents of the file still exist on the media and can be recovered with disk/file recovery tools that are readily found on the Internet. With today's large hard drives, the contents of these "deleted" files can remain, unchanged, on the media for a very long time.
Section 1 – Equipment will be recycled:
To securely erase the information, it must be overwritten. The more times the information is overwritten, the less likely it can be recovered. However, the more times you overwrite the information, the longer the process will take. This process is called "disk wiping" or "disk shredding." It is recommended that the higher the sensitivity or confidentiality of the information, the more times the information should be overwritten.
There are commercial, shareware, and free disk wiping tools. Some tools will allow you to delete individual files or folders and others will erase an entire hard drive. While there are freeware tools that perform well, these may require a more technical understanding of computers to use them properly. Commercial products tend to be easier to use and understand. Please read the instructions thoroughly for the tool that you select. The files/folders you delete will be permanently erased and cannot be recovered. If you are unsure of how to use your selected tool or don't know which tool to use, please seek assistance from a knowledgeable source.
If you are recycling a computer or device, securely erasing the entire hard drive is recommended. Be aware that doing so will also erase the operating system requiring a complete re-installation of the operating system before the computer can be used again.
Eraser is highly rated free tool for any computer using the Windows operating system. This tool works well to delete individual files and folders that contain sensitive or personal information that you no longer need. Eraser can be downloaded from: http://www.heidi.ie/eraser/
To erase an entire hard drive, a recommended free tool is Darik's Boot and Nuke (DBAN): http://dban.sourceforge.net/
With this tool, you'll need to create a bootable floppy/USB or CD, then boot your computer. The application will launch automatically and you'll need to specify which partition or hard drive that you'd like erased.
ITS has created a guide to help you use Eraser and/or DBAN: http://www.hawaii.edu/itsdocs/win/secureerasewin.pdf
For a list of additional tools including commercial and shareware products, see C|Net's download site at: http://www.download.com/3120-20-0.html?qt=wipe&tg=dl-2001
A list of free tools is available at: http://www.thefreecountry.com/security/securedelete.shtml
Mac computer hard drives can be securely erased by zeroing their data. The Apple site provides step-by-step instructions for both Mac OS 8.x/9.x and OS X and includes a good overview of when to reformat a hard drive (see Troubleshooting Hard Drives: Reformatting: http://docs.info.apple.com/article.html?artnum=21103). Note that zeroing data (aka "low level" format) may take a long time, depending on the size of the hard drive. It is recommended to use the "8-way random" feature in conjunction with the "zero all data" option.
More detailed information for Macs can be found at the following links:
- Mac OS 9: How to Initialize or Format a Disk (http://docs.info.apple.com/article.html?artnum=50447)
- Mac OS X: How to Zero All Data on a Disk (http://docs.info.apple.com/article.html?artnum=107437)
- Mac OS X 10.3: Erasing a Disk or a Volume (http://docs.info.apple.com/article.html?artnum=152060)
- Disk First Aid 8.6.1: Software and Information (http://docs.info.apple.com/article.html?artnum=75102)
- For a general search of the the Apple Knowledge Base, go to: http://kbase.info.apple.com/.
To securely erase a file or folder on a Macintosh (10.3 or newer), use the "Secure Empty Trash" command in the Finder.
Any of the disk wiping utilities above (Windows or Macs) can be used to securely erase information from most magnetic media such as USB flash drives, floppy disks, magnetic tapes, Compact Flash, Memory Stick cards, Secure Digital (SD) memory cards, and Smart Media cards.
Section 2: Equipment will be disposed of (destroyed):
Degaussing is a permanent method to securely delete information from most magnetic storage devices. Degaussing is a process by which the storage media is subjected to a very powerful magnetic field which demagnetizes the media and renders it permanently unusable. Degaussing is most commonly used with inoperable hard drives and magnetic tapes in large enterprise environments. The price of a low-end degausser starts at approximately $3000. Working hard drives in computers should be erased with a tool such as the above mentioned DBAN before disposing of the computer.
Commercial services are available to physically shred hard disks.
3.5" floppy disks can be removed from the hard plastic case. Tapes can be unwound from the spools. The magnetic media can then be physically cut into pieces such as running it through a shredder
Write-Once Media (CDs. DVDs):
CDs and DVDs that can only be written to once (also called CD-R, or DVD-R), must be physically destroyed preferably by running it through paper shredders that are also rated for shredding CDs and credit cards.
For information on how to delete all your information from your cell phone before recycling or disposing of it, check with your cell phone manufacturer or enter your cell phone information into: http://www.securetradein.com/dataeraser/.
Check with the PDA manufacturer.