Best Practices: Secure Removal of Data
Best Practices for:
Securely Removing Data from Computers and Electronic Storage Devices
Computer systems and other electronic devices store information on a variety of media. It is important to ensure that all licensed software and all University confidential (e.g., classified as internal use, restricted, or restricted-health) information is securely removed from devices before ownership is transferred.
Examples of electronic storage equipment:
- Computer internal disk drive
- External disk drive
- CD-ROM
- Zip disks, diskettes
- USB Flash drives
- Memory cards
- Tapes
What is the problem?
Commands such as ‘delete’ and ‘remove’ do not erase data, they simply remove the directory pointers to the data’s location on the physical storage media. Emptying the Recycle Bin or Trash Folder also do not erase files. Similarly, ‘fdisk’ and ‘format’ commands modify the file system but do not actually remove data from the disk.
How should I remove data?
In order to securely remove data from a device, disk wiping programs have been developed. These programs repeatedly write a (usually random) series of 1’s and 0’s over the storage, in an effort to securely erase information contained on it so that it is not recoverable. Many disk wipe programs let you decide how many times to overwrite the storage. The best practice is to use from three to seven passes. For transfers within UI departments, a single pass wipe is sufficient.
You are recommended to destroy media that cannot be wiped, such as CD-ROMs, inoperable/broken disk drives, DVD’s, tapes, or other damaged media devices. University Surplus provides equipment recycling and destruction services, as well as their resale operation. Contact University Surplus (5-5001) to discuss specifics if you have media you believe is unable to be securely wiped.
Equipment transfers to University Surplus
A set of sample formats for labels/stickers to affix to devices being transferred to Surplus for sale, donation, or destruction/recycling has been developed by HCIS and shared for campus use. These documents are designed to be printed on colored (green/good & magenta/bad) 8.5" X 11" sheets of labels/stickers. Download the forms collection here.
NOTE: You must keep all equipment for University Surplus in a secure location until it's picked up. Mark all equipment with your department name, a description of the equipment, the date, what wiping was done, and by whom.
DISK WIPE PROGRAMS
A short selection of disk wipe programs is listed below. (Note: The University of Iowa has no business relationship and makes no endorsement of any vended product listed.)
Name of program: |
Support for: |
Cost: |
Eraser Secure Data Removal Tool http://www.heidi.ie/eraser/ |
Windows |
Free |
Darik's Boot and Nuke http://dban.sourceforge.net/ |
Windows, Unix |
Free |
Active@Killdisk |
DOS, Windows, Linux |
$29.95 (free version also available) |
WipeDrive & MediaWiper http://www.whitecanyon.com |
External Media Devices, Windows |
$39.95 for both programs |
Wipe |
Linux, Macintosh versions |
Free |
Symantec Ghost's gdisk utility (use with the /diskwipe /dodwipe flags), contact ITS Software Office |
Windows |
UI Licensed, $12.00 |
“Secure Empty Trash” function (from the Finder menu), or rm –p from a command line |
Mac OS X |
Free |
| Knoppix "Shred" http://www.knopper.net/knoppix/index-en.html | Linux | Free |
Click for a list of departments who have staff Certified for Disposal of computer data and media.