Browse > Home / Data Security / Data Destruction: Is One Pass Overwriting Enough?

| Subcribe via RSS

Data Destruction: Is One Pass Overwriting Enough?

March 13th, 2009 | Brian Wahoff | Posted in Data Security
Bookmark and Share

There is some controversy regarding data destruction in the IT industry, some vendors claim that no software writing solution is secure, and only firmware level erasing, like Secure Erase, is certifiable. Others go further and say that only physical destruction is enough. The DoD spec calls for either a 3 pass or a 7 pass wipe, and NIST has stated:

Studies have shown that most of today’s media can be effectively cleared by one overwrite.

Popular TV shows like Numb3rs show scientists able to recover data from drives even after they have been wiped. There are probably as many standards to wipe data from hard drives as there are companies providing solutions. When is it enough? EPC as a company has standardized on the 3 pass DoD wipe as it is well recognized in the IT industry and it is a relatively fast process.

Back in January, SANS Forensics blog published an article entitled “Overwriting Hard Drive Data”. SANS paper is noteworthy because it concludes that a single pass of zeros is enough to make the drive forensically unrecoverable:

Although there is a good chance of recovery for any individual bit from a drive, the chances of recovery of any amount of data from a drive using an electron microscope are negligible..

What does this mean?

Basically the SANS study said that unless you could guarantee where on the drive a particular set of data was stored, it was virtually impossible to rebuild that data from a wiped drive. Even if you could recover an individual bit, you would not have enough information to make usable data.

This study, filled with probability charts and bayesian confidence scores, probably won’t change your mind if you are really paranoid. However for those people, I recommend a certified drive shredding program like EPC’s DDRV.

Related posts:

  1. 5 Questions to ask your Data Destruction Company When you replace your computers, what happens to the data...
  2. Buy a used hard drive on eBay, get government secrets for free! Imagine it, you purchased a computer on eBay, plug it...
  3. Stimulus Bill significantly modifies HIPAA regulations Buried within the huge American Recovery and Reinvestment Act (a.k.a,...
  4. 10 Tips for Protecting Business Data How do you protect confidential business data? Here are 10...
  5. Links of the Week: Data Security Edition There were some great articles on CIO.com this week relating...

Tags: , , , , ,
This entry was posted on Friday, March 13th, 2009 at 1:15 pm and is filed under Data Security. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.
EPC is a provider of IT asset recovery, data destruction, computer recycling, hard drive shredding, used computer sales, website hosting, and more throughout the US and Canada. EPC is a member of the Basel Action Network and its data destruction processes have been certified by NAID. EPC has been in business for over 25 years and is a wholly owned subsidiary of CSI Leasing, Inc. To learn more about the services we offer, see our home page.

Comments are closed.