How to Choose the Right Cybersecurity Solution REGISTER >
When disposing of a data storage device, dont forget to wipe!
As a matter of cosmic history, its always been easier to destroy than to create. -- Mr. Spock, discussing the effects of the Genesis torpedo in Star Trek II: The Wrath of Kahn.
True enough, but when it comes to destroying computer data, the task isnt quite as easy as it seems. Simply deleting files, emptying a Trash/Recycle Bin, removing partitions or even formatting a hard disk, flash memory drive, or other storage device doesnt actually erase previously stored data. At best, all it does is purge the information in a file systems directory that points to the datas location on the drive and then mark the space as available for re-use, which means that deleted data remains intact, waiting for someone with the right experience--and the right software to come along and recover it days, weeks, or even years later.
This obviously presents a major problem when you need to dispose of PCs via sale, donation, or recycling, send equipment in for service or return leased hardware to a vendor (dont forget printers and copiers), or just when reallocating systems within a company. Even if a system isnt going anywhere, the persistence of deleted data, especially if of a sensitive nature, represents a real security risk.
Whatever the scenario, the only way to have any assurance that data you intend to erase is really gone is to overwrite it or wipe it. Wiping storage devices before they leave your custody is essential for data security, and if youre governed by any of the myriad data privacy regulations, you may be legally compelled to do so.
Fortunately, there are plenty of software tools available to do the job; here are some things to consider when looking for data wiping software and within, a dozen candidates you should check out.
Theres more than one way to wipe a disk, and while most programs, such as O&O SafeErase ($30), offer a choice of several different methods, not all tools have the same wiping methods on the menu. At a bare minimum, wiping tools will overwrite data once with a stream of zeros, ones, or random characters, but there are also a host of standardized wiping protocols, named for the various governmental/military agencies or security organizations/experts that devised them, which aim to thwart even the most sophisticated forms of data recovery. These protocols use complex algorithms to generate overwrite data, dictate how many times data will be overwritten, and specify whether or not a final round of verification for good measure is required. (One of the most popular is DoD 5220.22M, which specifies three passes with mandatory verification.)
Some wiping programs, like Disk Wiper($30), include proprietary wiping methods or let you create your own. Which wiping method to chose may be a matter of personal preference and comfort level, or may be dictated by your organizations security policy or by other regulations. (Be aware that wiping large disks (1 GB+) can take a very long time, particularly when using multiple-pass methods; in these cases, wipe times of 24 hours or longer arent unusual.)
Know your targets
The data wiping software you need will depend a lot on what and where you need to wipe, including what drive interface (e.g. ATA, SATA, SCSI) and OS/file system youre dealing with. (Not surprisingly, Windows is widely supported; Mac and Linux, somewhat less so.)
Some wiping programs, such as BCWipe ($40) and UltraSentry ($50) specialize in wiping selected data (such as specified folders, swap files, Web browser history or only a drives free space) from within an operating system on a PC thats in use and meant to stay that way.
Others, such as WipeDrive from White Canyon Software ($20) use a sickle rather than scalpel approach and wipe data only from entire drives or partitions, which is ideal if you need to wipe external drives or a stack of drives removed from previously disposed-of systems. (A USB to SATA/ATA adapter or dock can come in especially handy in the latter scenario.)
If youre looking to wipe an entire PC hard drive--operating system and all-- without having to remove the drive, youll want a wiping tool that that can create boot media (usually a CD/DVD disc, sometimes a floppy or USB drive) such as cyberCide ($30) or BCWipe Total WipeOut ($50). Some products, such as Active@KillDisk offer some combination of targeted and wholesale data wiping features.
Scalability and licensing
If you have a large number of disks and/or systems to wipe, consider how a program handles multiple drives. Many wiping products will wipe multiple discs connected to a PC, but not necessarily wipe all at the same time. Similarly, some products require multi-disc RAID arrays to be broken up before they can be wiped.
Licensing is also a factor for heavy volume wiping. Products may be licensed per PC for a small fixed number of drives, or on a per-location basis for a larger or unlimited number of drives. Many of the wiping products cited here, including the aforementioned BC Wipe and Disk Wiper, come in both personal/home and less restrictive professional/enterprise editions (with the latter, of course, carrying commensurately higher price tags).
In cases where you want--or are required--to maintain an audit trail of your data wiping activity, youll want to make sure software provides a report detailing when and how disks were wiped and if any sectors couldnt be wiped because they were bad or otherwise inaccessible. (Various editions of Blancco secure data erasure products offer this capability.)
Consider free tools
There are a number of free data wiping utilities available, and though their features are often limited compared to commercial options, they may be suitable depending on your needs. For example, the popular Dariks Boot and Nuke (DBAN) downloads as an ISO file that burns to a bootable CD or DVD and wipes a system from outside the OS. (Theres also a free version of Active@ KillDisk, but its limited to one pass wipes with zeros.)
Disk Wipe is a portable app that runs off a USB drive and wipes individual storage devices from within Windows, while Eraser is a Windows utility that wont tackle an entire drive, but will wipe selected files/folders, free space, or the Recycle Bin manually or via a built-in scheduler.
Joseph Moran is a veteran technology writer and co-author of Getting StartED with Windows 7 from Friends of Ed.
Keep up-to-date on the latest security products; follow eSecurityPlanet on Twitter @eSecurityP.