Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security
Data Security - Electronic Media Sanitization
This article explains procedures to securely erase electronic media.
Good procedures to sanitize your devices or standalone storage devices are specific to the type of device and storage medium, so look below for the section(s) pertinent for you. These procedures are designed to make it impractical for information to be retrieved from a sanitized device.
Magnetic Hard Disk or USB Drive on a Macintosh
Use the Disk Utility and select the “7-Pass Erase” option. This will overwrite the entire contents of the hard disk or external USB drive 7 times, which can take a long time depending on disk size and speed. This option does not appear if the Mac has a Solid State Drive. See below for how to proceed.
Magnetic Hard Disk or USB Drive Using DBAN
Most types of computer can run the freely available version of DBAN. This is an “ISO image”, which means that it can be used to create a bootable DVD, CD-ROM, or USB drive. This procedure is fairly technical – Tip Top Security has full details.
Solid State Drives (SSDs) Using Cryptographic Erasure
The methods used to securely wipe magnetic hard drives do not work for SSD drives. The recommended method to sanitize an SSD is to use “cryptographic erasure”, as follows.
- Encrypt the SSD, if it is not already encrypted with one of the following methods.
- For Windows, use Bitlocker.
- For Macintosh, use Filevault 2.
- If neither is available, use the freely available Veracrypt.
- For Bitlocker
- Open “Command Prompt (Admin)” from the Start menu and issue the command manage-bde -forcerecovery c:
- Shut it down.
- Hold down the Command and R keys when the grey startup screen appears.
- Click on Disk Utility
- Highlight internal drive and go to the Erase tab.
- Press Erase, accepting the defaults.
USB Drive on Windows
Either of two approaches will suffice. The first is recommended by UChicago IT Security if you have already enabled Bitlocker, while the second is the conventional recommendation.
- Method 1: Cryptographic Erasure
- Encrypt the USB drive using Bitlocker
- Right-click the drive icon in the Explorer.
- Select Turn On Bitlocker and follow prompts.
- Right-click the drive icon in the Explorer again.
- Select Format and uncheck the Quick Format option, and press Start.
- Download and install the freely available CCleaner program.
- Insert the USB drive.
- Start CCleaner. Select Tools. Select Drive Wiper.
- Select the USB drive (be very careful here!).
- Under “Wipe” select “Entire Drive (all data will be erased).”
- Under “Security” select “Complex Overwrite (7 passes).”
- Click “Wipe.”
Smartphones and Tablets
If the device supports it, use built-in settings to encrypt the device. Then use the built-in settings to do a factory reset.
Disposing of Computer and Storage Devices
IT Services provides a device recycling service that properly sanitizes devices of all types before they are recycled. Contact firstname.lastname@example.org for information and to make arrangements.
When a server or disk array is to be retired, dispose of it using the IT Services device recycling program. Contact email@example.com for information and to make arrangements.
The following resources may be useful for those who must address a sanitization need not covered above.