Data destruction (with DBAN)
Recent legislation has caused the American healthcare industry to change the way it handles information. This has radiated into the IT realm in a variety of ways – network security, physical (facility) security, background checks, et cetera. In my particular job role, I am responsible to make sure that our data never leaves our property. Or more specifically, that our property never leaves the facility with data on it. In other words, I clean computers prior to disposal.
There are a variety of methods of destroying data, both digital and physical. My personal favorite would be heating the hard drive platters past the Curie point (the point at which the metal is no longer capable of maintaining a magnetic charge). However, your average IT facility does not have the means to make this happen. Another method is degaussing – to oversimplify, degaussing is magnetizing the entire disk, causing all the bits to flip the same direction and erasing all data. Encryption can also be used – not to destroy the data, but to make it effectively inaccessible.
These are proven methods which are indeed used, but they do have drawbacks – they can be expensive and can require special equipment. Most often, they are services performed by third parties (with the exception of encryption).
Our company used to sell our old hardware to a vendor, who would certify the data destruction and then resell the equipment. This is a handy solution, but due to our office’s remote location and some other recent changes, we are now wiping the disks ourselves with one of the most common methods – the software wipe.
Software wiping is most often done using a boot CD. I use a Linux-based tool called DBAN (Darik’s Boot And Nuke), which I will talk more about later.
Even within the field of software-based data destruction, there are a variety of methods and algorithms, some (such as the Gutmann wipe) taking a very long time, but considered very secure. Many people have strong opinions on this issue. Our company currently requires at least the US Department of Defense (DoD) 3-pass method. The method writes 3 passes of random data over the entire drive.
For this kind of wipe, I recommend DBAN, as mentioned earlier. DBAN allows for unattended wiping of all drives on a system (or the drives of your choice), and it has proven very easy to use when used on physically healthy disks. For damaged disks, you may be better off sending it to a data destruction company, in my opinion.
DBAN supports a variety of the standard methods, including Gutmann, DoD (3-pass or 7-pass), and others. The standard DBAN is open source software and is distributed free of charge. There is an enterprise version available which supports wiping over a network and wiping of multiple computers simultaneously. Both versions, since they run from CD, are platform independent. DBAN will wipe IDE, SATA, and SCSI drives.