Topics Map > University of Chicago > IT Services > Accounts, Identity, & Security

Data Security - Electronic Media Sanitization

This article explains procedures to securely erase electronic media.

Good procedures to sanitize your devices or standalone storage devices are specific to the type of device and storage medium, so look below for the section(s) pertinent for you. These procedures are designed to make it impractical for information to be retrieved from a sanitized device.

Magnetic Hard Disk or USB Drive on a Macintosh

Use the Disk Utility and select the “7-Pass Erase” option. This will overwrite the entire contents of the hard disk or external USB drive 7 times, which can take a long time depending on disk size and speed. This option does not appear if the Mac has a Solid State Drive. See below for how to proceed.

Magnetic Hard Disk or USB Drive Using DBAN

Most types of computer can run the freely available version of DBAN. This is an “ISO image”, which means that it can be used to create a bootable DVD, CD-ROM, or USB drive. This procedure is fairly technical – Tip Top Security has full details.

Solid State Drives (SSDs) Using Cryptographic Erasure

The methods used to securely wipe magnetic hard drives do not work for SSD drives. The recommended method to sanitize an SSD is to use “cryptographic erasure”, as follows.

  1. Encrypt the SSD, if it is not already encrypted with one of the following methods.
    • For Windows, use Bitlocker.
    • For Macintosh, use Filevault 2.
    • If neither is available, use the freely available Veracrypt.

  2. Remove ability for someone else to recover the encrypted contents.
    • For Bitlocker
      1. Open “Command Prompt (Admin)” from the Start menu and issue the command manage-bde -forcerecovery c:
      2. Shut it down.
  3. For Filevault 2, reformat by
    1. Restart
    2. Hold down the Command and R keys when the grey startup screen appears.
    3. Click on Disk Utility
    4. Highlight internal drive and go to the Erase tab.
    5. Press Erase, accepting the defaults.

  4. For Veracrypt, reformat using the host operating system’s native disk formatting utility.

USB Drive on Windows

Either of two approaches will suffice. The first is recommended by UChicago IT Security if you have already enabled Bitlocker, while the second is the conventional recommendation.

  • Method 1: Cryptographic Erasure
    1. Encrypt the USB drive using Bitlocker
      1. Right-click the drive icon in the Explorer.
      2. Select Turn On Bitlocker and follow prompts.
      3. Right-click the drive icon in the Explorer again.
      4. Select Format and uncheck the Quick Format option, and press Start.
  • Method 2: Conventional Method
    1. Download and install the freely available CCleaner program.
    2. Insert the USB drive.
    3. Start CCleaner. Select Tools. Select Drive Wiper.
    4. Select the USB drive (be very careful here!).
    5. Under “Wipe” select “Entire Drive (all data will be erased).”
    6. Under “Security” select “Complex Overwrite (7 passes).”
    7. Click “Wipe.”

Smartphones and Tablets

If the device supports it, use built-in settings to encrypt the device. Then use the built-in settings to do a factory reset.

Disposing of Computer and Storage Devices

IT Services provides a device recycling service that properly sanitizes devices of all types before they are recycled. Contact computerrecyling@uchicago.edu for information and to make arrangements.

Servers

When a server or disk array is to be retired, dispose of it using the IT Services device recycling program. Contact computerrecyling@uchicago.edu for information and to make arrangements.

Further Resources

The following resources may be useful for those who must address a sanitization need not covered above.

http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

https://spaces.internet2.edu/display/2014infosecurityguide/Guidelines+for+Information+Media+Sanitization

https://en.wikipedia.org/wiki/List_of_data-erasing_software




Keywords:sanitize "secure wipe" wipe "secure erasure" "cryptographic erasure" bitlocker filevault dban   Doc ID:67697
Owner:Tom B.Group:University of Chicago
Created:2016-10-10 08:40 CSTUpdated:2016-10-11 12:10 CST
Sites:University of Chicago, University of Chicago - Sandbox
Feedback:  0   0