This Article 
 Bibliographic References 
 Add to: 
Disposal of Disk and Tape Data by Secure Sanitization
July/August 2009 (vol. 7 no. 4)
pp. 29-34
Gordon F. Hughes, University of California, San Diego
Tom Coughlin, Coughlin Associates
Daniel M. Commins, Western Digital
User data is often unprotected on disk and tape drives or not erased when no longer needed, creating data security vulnerabilities that many computer users are unaware of. Federal and state laws require data sanitization, which comprises a variety of data eradication methods. Secure sanitization refers to methods meeting those federal and state laws. Companies that fail to meet these laws can be subject to fines of $5 million, and individuals can be imprisoned for up to 10 years. Physical destruction of storage devices offers the highest security. But executing the disk drive internal secure-erase command also offers a higher security level than external-block-overwrite software, according to federal guideline NIST 800-88. Recent disk drives with internal full disk encryption now implement an enhanced secure-erase command that takes only milliseconds to complete.

1. S. Garfinkel and A. Shelat, "A Study of Disk Sanitization Practices," IEEE Security &Privacy, vol. 1, no. 1, 2003, pp. 17–27.
2. Guidelines for Media Sanitization, Special Publication 800-88, Computer Security Division, Information Technology Lab., National Inst. of Standards and Technology, Sept. 2006; 800-88NISTSP800-88_rev1.pdf.
3. Industrial Security Regulation, DoD 5220.22R, US Dept. of Defense, Dec. 1985.
4. S. Bauer and N.B. Priyantha, "Secure Data Deletion for Linux File Systems," Proc. 10th Conf. Usenix Security Symp., Usenix Assoc., 2001, pp. 153–164.
5. G.F. Hughes and T.M. Coughlin, "Secure Erase of Disk Drive Data," IDEMA Insight, Summer 2002, pp. 22–25.
6. D. Mayergoyz et al., "Spin-Stand Imaging of Overwritten Data and Its Comparison with Magnetic Force Microscopy," J. Applied Physics,1 June 2001, pp. 6772–6774.
7. C. Tse et al., "Whole-Track Imaging and Diagnostics of Hard Disk Data Using the Spin-Stand Imaging Technique," J. Applied Physics,17 May 2005, article 10P104.
8. P. Gutmann, "Secure Deletion of Data from Magnetic and Solid-State Memory," Proc. 6th Usenix Security Symp., Usenix Assoc., 1996, pp. 8–24.
9. M. Geiger and L. Cantor, Counter-Forensic Privacy Tools: A Forensic Evaluation, tech. report CMU-ISRI-05-119, Inst. for Software Research, School of Computer Science, Carnegie Mellon Univ., 2005.
10. C.H. Sobey, L. Orto, and G. Sakaguchi, "Drive–Independent Data Recovery: The Current State-of-the-Art," IEEE Trans. Magnetics, Feb. 2006, pp. 188–193.
11. Degausser Evaluated Products List, Nat'l Security Agency, Central Security Service, 4 Dec. 2007; .
12. S. Foskett, "Best Practices," Storage, Oct. 2006; 0,296887,sid5_yea2006,00.html .
13. G. Hughes, "Wise Drives," IEEE Spectrum, Aug. 2002, pp. 37–41.
14. R. Thibadeau, "Trusted Computing for Disk Drives and Other Peripherals," IEEE Security &Privacy, vol. 4, no. 5, 2006, pp. 26–33.
15. Security Requirements for Cryptographic Modules, Federal Information Processing Standards Publication 140-2, Information Technology Laboratory, National Inst. of Standards and Technology, 25 May 2001; fips1402.pdf.

Index Terms:
mass storage, storage management, security and privacy protection, degaussing, data encryption, information resource management, data sanitization, secure erase, enhanced secure erase, Trusted Computing Group, ANSI, NIST 800-88, FIPS 140, legal
Gordon F. Hughes, Tom Coughlin, Daniel M. Commins, "Disposal of Disk and Tape Data by Secure Sanitization," IEEE Security & Privacy, vol. 7, no. 4, pp. 29-34, July-Aug. 2009, doi:10.1109/MSP.2009.89
Usage of this product signifies your acceptance of the Terms of Use.