|
|
 |
|
|
Understanding Disk CleanUp Process
Disk cleanup process can be briefly described as going through all addressable locations in disk's free space,
filling them up with a random data.
It overwrites remains of previously removed files and folders. When no free space is left,
there is no space to store any kind of data except non-deleted files or folders.
It can be accomplished:
- Create temporary file on a drive you want to clean up.
- Write to the newly created file random data until operating system allows to, i.e. while free space exists.
- Perform file system specific cleaning up procedures, for example, NTFS can store small files inside MFT
(see NTFS topics), in this case we need to make sure that
nothing free is left not only in free space but in MFT as well.
- Remove all temporary files that were created while
wiping process.
US Department of Defense in the clearing and
sanitizing standard DoD 5220.22-M recommends the approach "Overwrite all addressable locations with a character, its complement, then
a random character and verify" (see table with comments) for clearing and sanitizing information on a
writable media.
To conform
this security standard Active@ Disk Wiper implemented this approach, i.e. triple
data overwriting for the destruction of remains of sensitive data.
US Department of Defense
5220.22-M Clearing and Sanitization Matrix
Media |
Clear |
Sanitize |
Magnetic Tape1 |
Type I |
a or b |
a, b, or m |
Type II |
a or b |
b or m |
Type III |
a or b |
m |
Magnetic Disk |
Bernoullis |
a, b, or c |
m |
Floppies |
a, b, or c |
m |
Non-Removable Rigid Disk |
c |
a, b, d , or m |
Removabel Rigid Disk |
a, b, or c |
a, b, d , or m |
Optical Disk |
Read Many, Write Many |
c |
m |
Read Only |
|
m, n |
Write Once, Read Many (Worm) |
|
m, n |
Memory |
Dynamic Random Access memory (DRAM) |
c or g |
c, g, or m |
Electronically Alterable PROM (EAPROM) |
i |
j or m |
Electronically Erasabel PROM (EEPROM) |
i |
h or m |
Erasable Programmable (ROM (EPROM) |
k |
l, then c, or m |
Flash EPROM (FEPROM) |
i |
c then i, or m |
Programmable ROM (PROM) |
c |
m |
Magnetic Bubble Memory |
c |
a, b, c, or m |
Magnetic Core Memory |
c |
a, b, e, or m |
Magnetic Plated Wire |
c |
c and f, or m |
Magnetic Resistive Memory |
c |
m |
Nonvolatile RAM (NOVRAM) |
c or g |
c, g, or m |
Read Only Memory ROM |
|
m |
Static Random Access Memory (SRAM) |
c or g |
c and f, g, or m |
Equipment |
Cahtode Ray Tube (CRT) |
g |
q |
Printers |
Impact |
g |
p then g |
Laser |
g |
o then g |
US Department of Defense 5220.22-M
Clearing and Sanitization Matrix
a. Degauss with a Type I degausser
b. Degauss with a Type II degausser.
c. Overwrite all addressable locations with a single character.
d. Overwrite all addressable locations with a character, its complement, then
a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA
THAT CONTAINS TOP SECRET INFORMATION.
e. Overwrite all addressable locations with a character, its complement, then
a random character.
f. Each overwrite must reside in memory for a period longer than the
classified data resided.
g. Remove all power to include battery power.
h. Overwrite all locations with a random pattern, all locations with binary
zeros, all locations with binary ones.
i. Perform a full chip erase as per manufacturer's data sheets.
j. Perform i above, then c above, a total of three times.
k. Perform an ultraviolet erase according to manufacturer's recommendation.
l. Perform k above, but increase time by a factor of three.
m. Destroy - Disintegrate, incinerate, pulverize, shred, or melt.
n. Destruction required only if classified information is contained.
o. Run five pages of unclassified text (font test acceptable).
p. Ribbons must be destroyed. Platens must be cleaned.
q. Inspect and/or test screen surface for evidence of burned-in information.
If present, the cathode ray tube must be destroyed.
For more information regading clearing and
sanitizing security standard
DoD 5220.22-M see US Defence Security Service Web Site
(Chapter 8).
|
|
Disk
Wiper
Previous