Media Sanitizing

From ForensicsWiki
Revision as of 18:12, 22 September 2007 by Daveb (Talk | contribs)

Jump to: navigation, search

Media Sanitizing is the process of removing data (or removing the ability to extract data) from the media on which it is stored. The two main methods used are Clearing or Purging and Destruction. The method chosen will depend largly on whether the media is required to be reused or recycled. However, care should be taken even with some purging methods, degausing for example can destroy the equipment.

Gutmann's 1996 paper on Recovering Overwritten Data suggested that media sanitization (at least by overwriting) was futile as it was always possible to recover the data, although he acknowledged that overwriting multiple times made the recovery difficult, and perhaps prohibitivly expensive. Later he advised that overwriting twice would suffice for most situations. The need to overwrite multiple times is regarded as a myth by some who point out that this is only possible with extremly expensive laboratory equipment and that there is no software recovery technique which will recover data overwritten even once (if it is in fact overwritten). Joukov Papaxenopoulos & Zadok (2006) on "Secure deletion myths, issues, and solutions" is worth reading.

Detailed instructions on media sanitization have been published by NIST as Special Publication 800-88 (2006)

See also