ATTENTION: The new home of the Digital Forensics Wiki is at Yeah, it's a silly name, but it was cheap.
This wiki will be going offline permanently in the near future. An exact date will be announced soon. Thank you for being a part of this community.
If you wish to work on the new forensicswiki, please join the Google Group forensicswiki-reborn

Media Sanitizing

From ForensicsWiki
Revision as of 22:08, 22 September 2007 by Daveb (Talk | contribs) (starting an entry. Needs to pull together the other recovering and tools)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Media Sanitizing is the process of removing data (or removing the ability to extract data) from the media on which it is stored. The two main methods used are Clearing or Purging and Destruction. The method chosen will depend largly on whether the media is required to be reused or recycled. However, care should be taken even with some purging methods, degausing for example can destroy the equipment.

Gutmann's 1996 paper on Recovering Overwritten Data suggested that media sanitization (at least by overwriting) was futile as it was always possible to recover the data, although he acknowledged that overwriting multiple times made the recovery difficult, and perhaps prohibitivly expensive. Later he advised that overwriting twice would suffice for most situations. The need to overwrite multiple times is regarded as a myth by some who point out that this is only possible with extremly expensive laboratory equipment and that there is no software recovery technique which will recover data overwritten even once (if it is in fact overwritten). Joukov Papaxenopoulos & Zadok (2006) [1] on "Secure deletion myths, issues, and solutions" is worth reading.

Detailed instructions on media sanitization have been published by NIST as Special Publication 800-88 (2006) [2]