A "One-Pass" Methodology for Sensitive Data Disk Wipes

A "One-Pass" Methodology for Sensitive Data Disk Wipes

Doug White (Roger Williams University, USA) and Alan Rea (Western Michigan University, USA)
Copyright: © 2009 |Pages: 9
DOI: 10.4018/978-1-59904-855-0.ch016
OnDemand PDF Download:


Hard disk wipes are a crucial component of computing security. However, more often than not, hard drives are not adequately processed before either disposing or reusing them within an environment. When an organization does not follow a standard disk wipe procedure, the opportunity to expose sensitive data occurs. More often than not, most organizations do not wipe drives because of the intense time and resource commitment of a highly-secure seven-pass DOD wipe. However, we posit that our one-pass methodology, verified with a zero checksum, is more than adequate for organizations wishing to protect against the loss of sensitive hard drive data.
Chapter Preview


There have always been concerns that data existent on magnetic media could interfere with new data or create problems. Early ANS standards advocate wiping the entire width of the tape to ensure no residual data remained (Kerpelman, 1970). Moreover, there is a long-standing myth that in order to protect sensitive data from recovery, it is necessary to overwrite the data many times (Joukov, Papaxenopoulos, & Zadok, 2006). A common hacker term is the “DOD 99 wipe” that advocates up to 99 overwrites for media to ensure it is unrecoverable.

Many other papers have been written examining this type of practice for effectiveness (Garfinkel & Shelat, 2003; Joukov et al., 2006). In particular, Gutmann (1996) demonstrated that the use of special equipment, such as Magnetic Force Microscopy (Rugar, Mamin, Guenther, Lambert, Stern, McFadyen, & Yogi, 1990) and other Microscopic techniques (Gomez, Adly, Mayergoyz, Burke, 1992; Gomez, Burke, Adly, Mayergoyz, Gorczyca, 1993; Rice & Moreland, 1991), enabled the recovery from wiped media (wiped in the traditional sense), even with multiple passes.

Gutmann (1996 ) went on to demonstrate techniques to fully ensure the destruction of data using repeated writing along the lines of the DOD 99 wipe. Related works advocate physical techniques such as degaussing (NSA, 1985) or even physical destruction of the media. The seminal work for this type of approach is the NIST Special publication 800-88 which provides guidelines for media sanitization. This work advocates multiple passes—the DOD seven-pass wipe— only for the most critical data (Kissel, Scholl, Skolochenko, & Li, 2006).

Key Terms in this Chapter

IDE Write Blocker: Most operating systems automatically write some information to a disk when it is connected and the computer is turned on. This hardware device sits between an IDE drive and the computer and does not allow this information to be written to the drive. In forensic investigations, it is crucial to maintain disk image integrity including preventing any data being written from the operating system onto the disk.

One-Pass Methodology: A process by which all zeroes are written to a hard drive or other media in order to sufficiently sanitize the media for reuse within an organization. The one-pass methodology allows for an efficient and effective use of resources (time, personnel, and equipment) so that organizations can safely reuse media that once contained sensitive information.

Bitwise Forensic Image: An exact copy of every bit of data found on a disk image. This image is used in forensic investigations to track changes—no matter how minute—in the disk image.

Slack Space: The unused space in a particular file system cluster.

Disk Artifacts: In forensic investigations, this refers to leftover information that remains on media even after a wipe has been performed.

Hard Drive Sanitization: The process of securely wiping all data from a hard disk. With a properly sanitized drive it is impossible to recover any data.

Computer Forensics: A discipline that uses analytical and investigative techniques to identify, collect, examine, and preserve evidence or information found on computers or other devices.

Data Carving: An examination of the slack space and free space on a drive. A forensic investigator used tools to “carve” out these sections on a drive and look for data.

Disk Clusters: A group of sectors on a disk. The operating system assigns designations to each cluster and uses them to store and access data.

Chksum: This command performs a checksum of the data on a piece of media. The checksum returns a numerical equivalent based on the number of bits present.

Gutmann Wipe: A 35-pass wipe consisting of particular patterns of data which remove risk from examination by magnetic microscopy techniques which can be used to reveal previous bit patterns on magnetic media.

Disk Wiping Tool: Any software used to remove and/or overwrite data on a disk for security purposes. Wipes can simply write zeroes to a disk (e.g., Wiper) or perform complex writes for increased security (e.g., DOD wipes).

Hex Editor: Computer software that allows a forensics investigator to see the exact contents of a file instead of the data being interpreted by software (e.g., an operating system).

Unpartitioned Space: The unused portions of a disk that are not yet formatted for use.

DOD Wipe: The seven-pass Department of Defense disk wipe is the standard used for highly sensitive data. In the first pass, all zeroes are written to the disk. In the second pass, all ones are written. In subsequent passes a pseudo-random zero or one is written.

Disk Cache: A portion of RAM used to speed up access times. The cache stores the most recently accessed data. When more data is requested, the cache is first checked before accessing the disk again.

Forensics Workstation: A computer specifically designed for forensic investigations. The forensic workstation includes tools to create pristine disk images, as well as a variety of analysis tools. Most workstations allow for multiple types of media to be connected so that information can be analyzed off of a variety of media, such as floppy drives, SCSI, or IDE drives, and so on.

Hash: An algorithm or function that translates data into a number. By “hashing” data, one can create a digital fingerprint of the data that can then be compared to see if the data matches. This digital fingerprint is often called a hash value.

Health Insurance Portability and Accountability Act of 1996: HIPAA provide several guidelines and regulations designed to protect individuals and their medical information. Not only does it cover privacy issues, but also a person’s right access to all of his or her medical information. Most important to this discussion is the need for organizations to meet the Privacy Rule stipulations in regards to protecting data.

Sarbanes Oxley Act of 2002: A United States federal law designed to make organizations accountable for their actions. It includes stipulations regarding external audits, governance, and financial disclosures. Most important to this discussion is the need for organizations to meet stipulations in regards to protecting employee, partner, and customer data.

Free Space: The unused portions of a disk that are already partitioned and ready for use.

Complete Chapter List

Search this Book:
Editorial Advisory Board
Table of Contents
Jatinder N. D. Gupta, Sushil Sharma
Jatinder N. D. Gupta, Sushil Sharma
Chapter 1
Xin Luo, Qinyu Liao
In computer virology, advanced encryption algorithms, on the bright side, can be utilized to effectively protect valuable information assets of... Sample PDF
Ransomware: A New Cyber Hijacking Threat to Enterprises
Chapter 2
Joon S. Park
E-commerce has grown immensely with the increase in activity on the Internet, and this increase in activity, while immeasurable, has also presented... Sample PDF
E-Commerce: The Benefits, Security Risks, and Countermeasures
Chapter 3
Pamela Ajoku
Even though weapons and money are considered important factors for running a modern world, at the end of the day, it is all about controlling and... Sample PDF
Information Warfare: Survival of the Fittest
Chapter 4
Gaeil An, Joon S. Park
In this chapter, we discuss the evolution of the enterprise security federation, including why the framework should be evolved and how it has been... Sample PDF
Evolution of Enterprise Security Federation
Chapter 5
Roy Ng
The hypergrowth of computing and communications technologies increases security vulnerabilities to organizations. The lack of resources training... Sample PDF
A Holistic Approach to Information Security Assurance and Risk Management in an Enterprise
Chapter 6
John D’Arcy, Anat Hovav
A number of academic studies that focus on various aspects of information security management (ISM) have emerged in recent years. This body of work... Sample PDF
An Integrative Framework for the Study of Information Security Management Research
Chapter 7
Aditya Ponnam
Organizations worldwide recognize the importance of a comprehensive, continuously evolving risk assessment process, built around a solid risk... Sample PDF
Information Systems Risk Management: An Audit and Control Approach
Chapter 8
Udaya Kiran Tupakula
In this chapter we discuss Distributed Denial of Service (DDoS) attacks in networks such as the Internet, which have become significantly prevalent... Sample PDF
Distributed Denial of Service Attacks in Networks
Chapter 9
Andy Luse
This chapter describes various firewall conventions, and how these technologies operate when deployed on a corporate network. Terms associated with... Sample PDF
Firewalls as Continuing Solutions for Network Security
Chapter 10
Jamie Twycross
The immune system provides a rich metaphor for computer security: anomaly detection that works in nature should work for machines. However, early... Sample PDF
An Immune-Inspired Approach to Anomaly Detection
Chapter 11
Wasim A. Al-Hamdani
This chapter introduces cryptography from information security phase rather than from deep mathematical and theoretical aspects, along with... Sample PDF
Cryptography for Information Security
Chapter 12
Carlo Belletini
The chapter introduces and describes representative defense mechanisms to protect from both basic and advanced exploitation of low-level coding... Sample PDF
Memory Corruption Attacks, Defenses, and Evasions
Chapter 13
Dalila Boughaci, Brahim Oubeka, Abdelkader Aissioui, Habiba Drias, Belaïd Benhamou
This chapter presents the design and the implementation of a decentralized firewall. The latter uses autonomous agents to coordinately control the... Sample PDF
Design and Implementation of a Distributed Firewall
Chapter 14
Tom Coffey
This chapter concerns the correct and reliable design of modern security protocols. It discusses the importance of formal verification of security... Sample PDF
A Formal Verification Centred Development Process for Security Protocols
Chapter 15
Ahsan Habib
This chapter develops a distributed monitoring scheme that uses edge-to-edge measurements to identify congested links and capture the misbehaving... Sample PDF
Edge-to-Edge Network Monitoring to Detect Service Violations and DoS Attacks
Chapter 16
Doug White, Alan Rea
Hard disk wipes are a crucial component of computing security. However, more often than not, hard drives are not adequately processed before either... Sample PDF
A "One-Pass" Methodology for Sensitive Data Disk Wipes
Chapter 17
Lijun Liao
This chapter deals with the issues concerning e-mail communication security. We analyze the most popular security mechanisms and standards related... Sample PDF
Securing E-Mail Communication with XML Technology
Chapter 18
Li Yang, Raimund K. Ege, Lin Luo
This chapter describes our approach to handle security in a complex Distributed Virtual Environment (DVE). The modules of such an environment all... Sample PDF
Aspect-Oriented Analysis of Security in Distributed Virtual Environment
Chapter 19
Information Availability  (pages 230-239)
Deepak Khazanchi
This chapter describes the concept of information availability (IAV) which is considered an important element of information security. IAV is... Sample PDF
Information Availability
Chapter 20
Siraj Ahmed Shaikh
The purpose of this chapter is to introduce the reader to the research area of formal analysis of authentication protocols. It briefly introduces... Sample PDF
Formal Analysis and Design of Authentication Protocols
Chapter 21
Rajeev R. Raje, Alex Crespi, Omkar J. Tilak, Andrew M. Olson
Component-based software development offers a promising technique for creating distributed systems. It does require a framework for specifying... Sample PDF
Access Control Frameworks for a Distributed System
Chapter 22
Manish Gupta, JinKyu Lee, H. R. Rao
The Internet has emerged as the dominant medium in enabling banking transactions. Adoption of e-banking has witnessed an unprecedented increase over... Sample PDF
Implications of FFIEC Guidance on Authentication in Electronic Banking
Chapter 23
Sue Conger
Historically, companies have automated a security model that analogizes the concept of a “guardian” who monitors incoming and outgoing activities... Sample PDF
Disruptive Technology Impacts on Security
Chapter 24
Sushma Mishra
Internal auditing has become increasingly important in current business environments. In this era of the Sarbanes- Oxley Act and other similar... Sample PDF
Internal Auditing for Information Assurance
Chapter 25
William H. Friedman
This chapter is management oriented. It first proposes a general theoretical context for IT disasters within the wider class of all types of... Sample PDF
IT Continuity in the Face of Mishaps
Chapter 26
Yvette Ghormley
This chapter describes the tools that businesses can use to create a Business Continuity and Disaster Recovery Plan. Utilizing business modeling... Sample PDF
Business Continuity and Disaster Recovery Plans
Chapter 27
Yvette Ghormley
The number and severity of attacks on computer and information systems in the last two decades has steadily risen and mandates the use of security... Sample PDF
Security Policies and Procedures
Chapter 28
Arjmand Samuel
This chapter outlines the overall access control policy engineering framework in general and discusses the subject of validation of access control... Sample PDF
Enterprise Access Control Policy Engineering Framework
Chapter 29
Sushil K. Sharma, Jatinder N.D. Gupta
The purpose of the information security policy is to establish an organization-wide approach to prescribe mechanisms that help identify and prevent... Sample PDF
Information Security Policies: Precepts and Practices
Chapter 30
Paul D. Witman
This chapter provides a set of guidelines to assist information assurance and security researchers in creating, negotiating, and reviewing... Sample PDF
A Guide to Non-Disclosure Agreements for Researchers
Chapter 31
Omkar J. Tilak
Software realization of a large-scale Distributed Computing System (DCS) is achieved through the Componentbased Software Development (CBSD)... Sample PDF
Assurance for Temporal Compatibility Using Contracts
Chapter 32
Arjan Durresi
The latest estimates suggest that there are over two billion cell phone users worldwide. The massive worldwide usage has prompted technological... Sample PDF
Spatial Authentication Using Cell Phones
Chapter 33
Sushil K. Sharma, Jatinder N.D. Gupta, Ajay K. Gupta
The ability to perform E-Commerce over the Internet has become the driver of the new digital economy. As it has opened up opportunities for... Sample PDF
Plugging Security Holes in Online Environment
Chapter 34
Erik Graham, Paul John Steinbart
This chapter presents a step-by-step approach to improving the security of wireless networks. It describes the basic threats to achieving the... Sample PDF
Six Keys to Improving Wireless Security
Chapter 35
Robert W. Proctor, E. Eugene Schultz, Kim-Phuong L. Vu
Many measures that enhance information security and privacy exist. Because these measures involve humans in various ways, their effectiveness... Sample PDF
Human Factors in Information Security and Privacy
Chapter 36
Wm. Arthur Conklin
Software defects lead to security vulnerabilities, which cost businesses millions of dollars each year and threaten the security of both individuals... Sample PDF
Threat Modeling and Secure Software Engineering Process
Chapter 37
Christopher M. Botelho, Joseph A. Cazier
The threat of social engineering attacks is prevalent in today’s society. Even with the pervasiveness of mass media’s coverage of hackers and... Sample PDF
Guarding Corporate Data from Social Engineering Attacks
Chapter 38
Tom Clark
Data storage is playing an increasingly visible role in securing application data in the data center. Today virtually all large enterprises and... Sample PDF
Data Security for Storage Area Networks
Chapter 39
Edgar Weippl
This chapter outlines advanced options for security training. It builds on previous publications (Weippl 2005, 2006) and expands them by including... Sample PDF
Security Awareness: Virtual Environments and E-Learning
Chapter 40
Manish Gupta
Enterprises are increasingly interested in new and cost effective technologies to leverage existing investments in IT and extend capabilities to... Sample PDF
Security-Efficient Identity Management Using Service Provisioning (Markup Language)
Chapter 41
Dwayne Stevens, David T. Green
Voice over Internet Protocol (VoIP) networks signal an evolution in telecommunications that is accelerating the convergence of the Internet and the... Sample PDF
A Strategy for Enterprise VoIP Security
Chapter 42
Jose M. Torres
This chapter presents an Information Systems Security Management Framework (ISSMF) which encapsulates eleven Critical Success Factors (CSFs) along... Sample PDF
Critical Success Factors and Indicators to Improve Information Systems Security Management Actions
Chapter 43
Rebecca H. Rutherfoord
This chapter will deal with issues of privacy, societal, and ethical concerns in enterprise security. Security for a company is defined as... Sample PDF
Privacy, Societal, and Ethical Concerns in Security
Chapter 44
Rodolfo Villarroel, Eduardo Fernández-Medina, Juan Trujillo, Mario Piattini
This chapter presents an approach for designing secure Data Warehouses (DWs) that accomplish the conceptual modeling of secure DWs independently... Sample PDF
An MDA Compliant Approach for Designing Secure Data Warehouses
Chapter 45
Hai Wang
This chapter introduces the survivability evaluation, especially on the corresponding evaluation criteria and modeling techniques. The content of... Sample PDF
Survivability Evaluation Modeling Techniques and Measures
Chapter 46
Art Taylor
With the rise of the Internet, computer systems appear to be more vulnerable than ever from security attacks. Much attention has been focused on the... Sample PDF
The Last Line of Defense: A Comparison of Windows and Linux Authentication and Authorization Features
Chapter 47
M. Pradhan
Information Technology can be used at all levels to counter attack bioterrorism. This article gives an overview of use of Information Technology for... Sample PDF
Bioterrorism and Biosecurity
About the Contributors