Software-Based Data Sanitization Methods
Following up on my "Guide for Data Sanitization" post, I've decided to write up an article regarding the most common and popular data overwrite patterns, in other words, software-based sanitization methods (aka wipe methods).
Essentially, what all these methods do is overwrite the sensitive data on some form of electronic media, replacing it with gibberish. They all fall in the "Clear" type of sanitization, discussed in my previous post.
Most of these methods are freely provided by open source programs and tools such as:
And many more, all with different degrees of complexity and available methods.
DISCLAIMER : As expected, neither I or the bussinesses behind these programs can guarantee that all data is successfully erased or that it can't be recovered, either partially or in it's totality. Use them at your own risk.
On one hand, it's widely agreed upon that a single overwrite is enough to prevent any software-based recovery technique. On the other hand, it's not so agreed upon that a single overwrite is enough to prevent more advanced hardware recovery techniques.
In other words, not everyone supports the idea that a software-based sanitization method prevents all types of data extraction techniques. This doubt sparked the creation of various overwrite patterns, both by independent researchers and governmental agencies organizations, according to their own research. Some examples are listed below.
-- Secure Erase
Secure Erase is arguably the best and most effective way to delete data on a HDD. It's not really a program, but rather a set of commands available on the firmware of PATA / SATA like HDD's. It works like this:
Pass 1: Writes a binary 1 or 0
Being an operation that occurs from the drive itself, there's no need to verifiy the overwrite (the drive's own write fault detection makes sure it doesn't happen). This also makes the whole process considerably faster than other methods that involve 3rd Party software.
-- Write Zero Method
The Write Zero - aka the Single Write / zero fill Method, is rather simple. It's implemented the following way:
Pass 1: Writes a zero.
And that's it... The main problem with this method is that, originally, it doesn't verify if the 0 was actually written, making it less effective than other methods that actually do
There's also another factor to take into account when choosing to implement this method. For example, let's say you're a Detective and you're searching for your suspect in a big crowd. The first thing you should do is look for something that stands out, something that's not supposed to be there.
The same applies to Data Forensics. If you know that a storage device was only overwritten with 0's, then all you have to do you is look for something that doesn't fit the pattern. However , if you overwrite it with 1's, 0's or random characters, it makes significantly harder to search for data since you don't know what you're looking for.
-- US DoD 5220.22-M Standard
This was the standard wipe method of the US Department of Defense (and other 3 letter agencies). However, it's no longer considered a viable / authorized wipe method by the regulatory authorities.
Although there are many different version of this method, this is the most common implementation:
Pass 1: Writes a 0 and verifies the write
Pass 2: Writes a 1 and verifies the write
Pass 3: Writes a random character and verifies the write
-- Schneier Method
The Schneier Method follows this pattern:
Pass 1: Writes a 0
Pass 2: Writes a 1
Pass 3: Writes a string of random characters
Pass 4: Writes a string of random characters
Pass 5: Writes a string of random characters
Pass 6: Writes a string of random characters
Pass 7: Writes a string of random characters
-- Gutmann Method
This method was created by Peter Gutmann in 1996. I believe it's the most complex method as it runs a total of 35 passes, like so:
Pass 1 - 35: Writes a random character
From the first and last 4 passes (1 - 4; 32 - 35) it simply writes a random character, however, between Passes 5 - 31 it uses a complex overwriting pattern.
This doesn't necessarily mean that the Gutmann method is the best wipe method. It's important to understand that this was developed in the 90's, maybe even before, meaning that it was designed for past technology. Peter himself said that most of the passes in his method are useless to modern drives and that our best bet is just a random pattern overwrite.
Alternatively, some programs let you implement your own custom method by letting you choose how many passes to run and what to do in those passes.
In this post we covered the most popular software sanitization methods, but believe me when I say there are many more. As you can see, there are only slight variations from method to method - some add / remove passes, others change what to do in those passes or even just add a 'verify write' step.
I believe it all comes down to your personal preference and a good speed / security ratio, because, if you think about it, that's what originated all these different methods.
As all the methods described fall in the "Clear" type of sanitization, there's still a chance that target data can be recovered by more advanced / state of the art hardware-based recovery techniques, but you shouldn't worry about that unless you've made some pretty powerful enemies...
With that said, I believe we've reached the end of this post. As always, I hope you've enjoyed reading it and feel free to give suggestions. Thanks.