Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn

 

Friday, December 19, 2014

 
  New Resources
Travel Tips for Data Security
Free Security/Privacy Training Resources
Penn+Box
Two-step verification
Combating Malware
SafeDNS
Phishing Archive
Cloud Computing and Data Outsourcing
Best Practices for Applications with Confidential University Data
 
  Security "Greatest Hits"
Managing Passwords
E-mail Harassment & Forgery
Hoaxes, frauds & scams
Spam
Phishing
Wireless Networking
Encryption & digital signatures
 
  Best Practices
Secure desktop computing
Secure servers
Secure data deletion
Securing printers
Tips for safe computing
Computing policies
 
  More in-depth information for
Local support providers
System administrators
 
  Security initiatives
Critical host compliance
Authentication & authorization
Penn Security & Privacy Assessment (SPIA)
Security Liaisons (Restricted Access)
Secure Share
Secure Space
Vulnerability Scanner
 
  Related links
Electronic privacy
PennKey
Viruses
Worms, trojans, backdoors

Secure Data Deletion

Delete a file | Wipe a device | Quick Disk Erase | Number of Overwrites | Physical Shredding

The Problem

Deleting a file by typical means (e.g. dragging it into the Trash) does not actually remove the file - it can be recovered easily using undelete functionality in the operating system or in forensic software. To delete files and other data securely, you must use some secure deletion method.It is critical to do this when handling sensitive data or disposing of unneeded electronic devices.

How do I delete a file securely?

That depends on the operating system. Below are some options for each; for more information, see http://www.upenn.edu/computing/provider/recycle/.

Windows

  • PGP Desktop: "shred" function
  • Heidi Eraser: can also delete already-deleted files securely

Mac OS X

  • Finder: Secure Empty Trash (built-in)
  • Disk Utility: can also delete already-deleted files securely (built-in)
  • PGP Desktop: "shred" function

UNIX: Wipe

How do I wipe an entire device securely?

ATA, SCSI, USB, and Zip disks: Overwrite using one of the methods below. A one-pass overwrite with random data is sufficient. Degaussing is not necessary, and in fact, will render a drive unusable. If the device will be disposed of anyway (as opposed to being recycled) degaussing is a faster option.
Windows: Secure Erase
Mac OS X: Disk Utility (built-in)
UNIX: Wipe
For a comprehensive list, see http://www.upenn.edu/computing/provider/recycle/

CDs, DVDs: Destroy by incinerating, melting, or shredding to pieces no larger than 25mm2.

Tapes: Degauss. For tapes, overwriting is impractical given the way data is written. Contact the University Records Center for assistance with secure tape disposal.

Cell phones, PDAs, Printers: Delete data, then do hard/factory reset.

Is there a faster way to securely erase a drive?

If you have an ATA drive, it may have a "fast secure erase" feature that will allow you to start the secure erase, protect it with a password, and prevent any drive access until the erase is complete. Degaussing is an option, although it will render the drive unusable.

How many overwrites are required to make the data unrecoverable?

A one-pass overwrite with random data is sufficient. Based on a report from NIST (National Institute of Standards and Technology) and research done by the UCSD Center for Magnetic Recording Research, a single overwrite is nearly as effective as multiple overwrites. Multiple overwrites take significantly more time, and do not clear the remaining electromagnetic signal significantly better than a single overwrite. For more information, see NIST Special Publication 800-88 and the Center for Magnetic Recording Research.

What about shredding a hard drive?

To securely destroy/shred a hard drive, you can ask University Archives to pick it up and have it destroyed securely. That service costs $0.52/pound. If you call them, they'll walk you through the process. You'll have to open an account with them (if you don't already have one) and fill out a form. They'll then pick up the drive (or box of drives, for that matter) and have them destroyed.

ISC's Provider Desk also provides a degausser and "disk crusher" to members of Penn's technical community free of charge. Work with your LSP to find out which option is right for you. For more info visit www.upenn.edu/computing/prodesk/services/dispose.html

Last updated: Thursday, June 7, 2012

top

Information Systems and Computing
University of Pennsylvania
Comments & Questions


Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania