Proper Disposal

Let's talk about the proper disposal of data. What actually happens when you delete a file? The underlying data actually remains on the system until something is literally saved over it. What does all of that mean? Data sort of comes in three basic flavors. There's what's called active data, there's archival data and there's latent data. I know Scott. Dude, what? Sorry. I'll translate. Active data is the stuff that's right on your system when you're using it. It's the stuff sitting on the desktop to your computer or the various files you can access easily. Archival data is kind of similar. It's just stored somewhere else. Think of it like if you're talking about physical files instead of the files sitting in your desk or in your filing cabinets, they're off in a warehouse somewhere. You can get to them. They're just not right immediately available. It's like an electronic equivalent of that. It might be stored in the cloud or on a backup drive someplace else.


Latent data is stuff that is on your system, but you can't see it or access it without specialized forensic software. That's actually what happens when stuff is deleted. Because what actually happens is it doesn't literally erase the data right away. Most systems, what they'll do is effectively, it puts a little marker next to it and gets rid of, in effect the computer's table of contents thing for you to see, which is referred to as a master file table, which is basically what's on the system. So even though you can't see it, the actual data is still there. It's like ripping the cover and index off a book, but all the pages are still in the middle. So that data can be a bit of an issue because if you throw something out and that latent data's in there and an attacker with even moderate skills gets in there, there'll be able to just hoover that stuff right up.


And that's bad. So when we're talking about what to get rid of, you want to include anything that can store data. This includes connected devices, external drives, backups, files, disks, etc. Printers and digital copiers, as we mentioned a bit earlier, they all have hard drives. You want to make sure that stuff's clean before you send it out. Now again, even if the data is actually saved over - it's called overwriting - there may be other ways to get at it. Just to explain overwriting quickly, that's if something is saved on top of something else. Like you remember like an old school VHS tape. Let's say you had a two hour movie on there and then you record a one hour, say a birthday party in the front half. That front half is overwritten with the birthday party. Get it? Okay. So, also with emails. Also a thing that doesn't delete so easily. On Windows based systems, on client computers like the one you're watching this on. They actually save deleted emails deliberately until they're deleted on purpose in something called a PST file.


Your network admin or IT people should be able to get rid of that easily enough. Just make sure it's actually done. So what are the methods for actual data destruction? And keep in mind, this is not just electronic data because dumpster diving is real. Make sure your crosscut shred any valuable records. So the thing that's relevant to this is something from NIST, the National Institute of Standards and Technology. They have a publication series called the Special Publication 800 series which relates to all things technical and security. Now the one in particular that deals with proper disposal of data is NIST SP 800-88, revision 1. I know, ooh, but that actually has the details for what they refer to as "media sanitization" which is how you basically make sure this stuff is safe to send out of your office because it can't be read. There are three different levels of media sanitization: clear, purge and destroy. Clear just means you're basically clearing it so that people can't get to it easily. Anyone who is moderately skilled can get the data back. Not enough. Purge means you've gotten rid of it and even someone with a state of the art lab will have trouble getting to the data. Much better. And finally destroy is what it sounds like. That's usually dropping a computer, hard drive, mobile phone, tablet, whatever it is into an actual metal shredder and ripping it apart. There are a lot of videos online with this usually playing to pounding heavy metal music if you want to watch. It's actually kind of entertaining in a strange way. But I digress. So there are a few methods of achieving these. For starters there's one called demagnetization or degaussing. The machine doing it is called a degausser. And that only works on magnetic storage devices like a computer hard drive, like a standard one.


Keep in mind some computers have what are called solid state or flash drives. Those will not be affected by this at all. You've got to make sure that's not what you use. So degaussing, or demagnetization, it is helpful. What you basically do is it exposes a really strong magnet to those drives. And if you remember the way those drives actually store data is they're storing ones and zeros as magnetically polarized data. So it's like pluses are all one negatives are all zero, that's how it stores it. You put a strong magnet, they're all pulled the same direction, wipes out the data. Also, because the magnets are so strong, it usually destroys the drive too, so you can't really use it. And then there's overwriting or wiping, once again, that's basically recording gibberish on top of what you have. It's again more effective with a magnetic storage system.


It's not as good with the solid state system just because of the way they store data in different places. That's sort of how they make sure they last longer. It doesn't matter for here, but... Last one, like I say, physical destruction. This doesn't mean damage, this doesn't mean break it or drill some holes in it. Keep in mind they were able to actually restore data from some of the systems from the space shuttle Columbia crash. So you actually need to really, really destroy it. Now for proper disposal of mobile devices or anything else with a solid state or flash drive, there are a couple of methods you want to use. One is what's called a factory reset, which removes all data and all downloaded applications. You can do this as a result of remote wiping or you can use this in the settings where there'll be an option to do a factory reset. You'd obviously do something very similar on, say, a laptop with a solid state drive. Regular overwriting, like I say, might not be effective because flash storage, it works in a way where it doesn't always store stuff in the same place. It's how they make the drive last longer. Regardless, don't use overwriting on a flash drive. Then you want to look at physical destruction once again, dropping it into a metal shredder. That will work. You have no more drive and nothing to worry about.

Proper disposal is a must for anything that can store data (this includes any connected devices, external drives, backup discs, printers, digital copiers, etc.).

NIST SP 800-88 rev. 1 lays out the standard.

A few handy data destruction methods:

  • Degaussing/demagnetizing
  • Overwriting
  • Physical destruction

Proper disposal methods for mobile devices include factory reset and physical destruction.