Deletion is never secure. Deleting a file only removes the entry of the file (pointer) from the file index in a file system. Thus, the actual data still remains on the drive and can be easily recovered with the help of a basic data recovery tool. Therefore, it’s important that you completely destroy the data from your storage devices by using a data erasure tool before disposing them off, discarding them or else donating them to someone.
Why Data Erasure Tool?
The data erasure tool such as Stellar File Eraser offers multiple erasure algorithms that ensure data is destroyed beyond the scope of recovery. Erasure algorithms are a set of rules and instructions or in other words – a formula to destroy the data from a memory device by overwriting it with random bits (values/characters) of data either once, twice, or several times and verifying it at the same time.
There are several data erasure algorithms that are used across the globe to completely destroy the confidential, private, and sensitive data from the memory devices such as hard drives, SSDs, SD cards, Flash drives, etc. – beyond the scope of recovery. Some of these erasure algorithms are designed by the world’s most renowned military organizations like U.S. Department of Defense, governments, and private organizations around the world. These algorithms are designed to ensure that their confidential and private files/data does not leak or land into the hands of any unauthorized entity or enemy and can’t be recovered with any commercially available process.
So here are some of the most effective data erasure algorithms & standards that you as an individual or organization can use to sanitize the data and ensure privacy & data security.
1. U.S. Department of Defense (DoD 5220.22-M)
Defined by the US National Industrial Security Program (NISP), the DOD 5220.22-M is also referred to as DOD 5220.2-M (note .22-M replaced by .2-M). It was developed by the Defense Security Service (DSS) as a solution for secure data sanitization. It’s also one of the most enhanced, secure, and common erasure standard used for data sanitization which is implemented in 3 passes & 7 passes with varying verification frequencies.
Below are few other popular versions of the DoD 5220.2-M:
- DoD 5220.22-M (ECE) – Overwrites data 7 times (7passes)
- DoD 5220.22-M (E) – Overwrites data 3 times (3 passes)
- DoD 5220.28-M -STD – Overwrites data 7 times (7 passes)
The difference between them is that each one uses a character and its’ complement in different verification frequencies and number of passes.
3 Passes
- Pass 1: Writes zero and verify
- Pass 2: Write one (compliment of value of first run) and verify
- Pass 3: Write pseudo¬random values and verify
7 Passes
- Pass 1-3: Overwrite data with DoD 5220.22-M (E)
- Pass 4: Overwrite with pseudo-random values
- Pass 5: Overwrite data with DoD 5220.22-M (E) Standard
2. US Army AR 380-19
The US Army AR 380-19 data erasure method is defined & published by the US Army in the Army Regulation 380-19. This data erasure algorithm destroys the data in 3 passes as mentioned below:
- Pass 1: It writes random character
- Pass 2: Writes specified character on the drive (E.g. One)
- Pass 3: Overwrites the complement of specified character i.e. Zero and then it verifies overwrites
3. US Air Force AFSSI-5020
The AFSSI-5020 was defined by the United States Air Force (USAF) in the Air Force System Security Instruction 5020. This data sanitization method uses zeros, ones, and pseudo-random values but in a different order and number of passes. It’s similar to the DoD 5220.22-M.
- Pass 1: Overwrites Zero
- Pass 2: Overwrites One
- Pass 3: Overwrites a pseudo-random value and then verifies it
4. Canadian RCMP TSSIT OPS-II
This data sanitization algorithm was defined by the Royal Canadian Mounted Police (RCMP). It uses 6 passes of complementary repeated values and ends by overwriting a pseudo-random character with verification in 7th pass.
- Pass 1: overwrites a fixed value (e.g. zero)
- Pass 2: Overwrites complement of Pass 1 (i.e. one)
- Pass 3: Overwrites complement of Pass 2 (zero)
- Pass 4: Overwrites complement of Pass 3 (one)
- Pass 5: Overwrites complement of Pass 4 (zero)
- Pass 6: Overwrites complement of Pass 5 (one)
- Pass 7: Overwrites a pseudo-random value and verifies the write
Unlike DoD 5220.22-M that verifies overwrite after each overwrite, this algorithm verifies overwrite in the 7th pass only.
5. British HMG IS5
The British HMG IS5 erasure standard uses 2 passes or 3 passes where it writes combination of Zero, One, & Random data with verification. British HMG IS5 3 pass is much more enhanced than the 2 passes.
2 pass British HMG IS5:
- Pass 1: Writes Zero
- Pass 2: Writes Random data and verifies it
3 Pass British HMG IS5
- Pass 1: Writes Zero
- Pass 2: Writes One
- Pass 3: Writes Random data and verifies it
6. Peter Gutmann
The Gutmann data sanitization algorithm was developed by Peter Gutmann in 1996. It’s one of several software-based data sanitization standard used in data erasure tools for overwriting existing data on a hard drive & other storage media.
The Peter Gutmann algorithm works by overwriting some pseudo-random values 35 times (35 passes). The important thing to note here is that the Gutmann algorithm uses random values for the first & last 4 passes, and then from pass 5 to pass 31, it uses a complex pattern.
- Pass 1-35: Overwrites pseudo-random values
Since this was designed in the late 1900’s, most of the passes might not be relevant to the modern drives. Also, erasing single file 35 time can take several minutes to hours or days depending on the file size and write speed of the memory device. Yet, this algorithm is one of the most effective one in destroying every trace of data from the storage drives.
7. Russian Standard – GOST-R-50739-95
The GOST-R-50739-95 is a set of data erasure standards outlined by Russians to protect against unauthorized access to information. This data sanitization algorithm is implemented in the following ways:
Method 1:
- Pass 1: Overwrites Zero
- Pass 2: Overwrites random characters
Method 2:
- Pass 1: Overwrites random characters
All data erasure methods are quite similar apart from the number of passes and what or how the character is written over existing data. They all are equally capable of destroying the data from a storage media. But with a tool such as Stellar File Eraser, you can choose your desired data erasure algorithm to accomplish the data sanitization. Unlike other erasure tools, the Stellar File Eraser also generates a certificate of erasure that gives you complete peace of mind and guarantees that the data is destroyed permanently beyond the scope of recovery.
Conclusion:
We discussed the data security and 7 effective data erasure algorithms that an individual or organization can use for data sanitization. Before erasing a memory device, ensure that there are no important files that you might need later. Once you use an erasure algorithm to destroy data, it can’t be recovered by any means, not even with available forensic tools. Thus, take utmost care before proceeding to data sanitization. Small organizations and individuals alike can take help of
Stellar File Eraser which is an excellent data erasure tool equipped with 17 International data erasure algorithms including all of the above-mentioned ones.
6 min read
