556:
704:
wipe of a given drive and then copying many small, easily identifiable "junk" files or files containing other nonsensitive data to fill as much of that drive as possible, leaving only the amount of free space necessary for satisfactory operation of system hardware and software. As storage and system demands grow, the "junk data" files can be deleted as necessary to free up space; even if the deletion of "junk data" files is not secure, their initial nonsensitivity reduces to near zero the consequences of recovery of data remanent from them.
778:), but it can also produce copies of the data that are invisible to the user and that a sophisticated attacker could recover. For sanitizing entire disks, sanitize commands built into the SSD hardware have been found to be effective when implemented correctly, and software-only techniques for sanitizing entire disks have been found to work most, but not all, of the time. In testing, none of the software techniques were effective for sanitizing individual files. These included well-known algorithms such as the
821:(DRAM). Modern DRAM chips have a built-in self-refresh module, as they not only require a power supply to retain data, but must also be periodically refreshed to prevent their data contents from fading away from the capacitors in their integrated circuits. A study found data remanence in DRAM with data retention of seconds to minutes at room temperature and "a full week without refresh when cooled with liquid nitrogen." The study authors were able to use a
548:
2143:
768:
First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. Second, overwriting the entire visible address space of an SSD twice is usually, but not always, sufficient to sanitize the drive. Third, none of the existing hard drive-oriented techniques for individual
353:
There are specialized machines and software that are capable of doing overwriting. The software can sometimes be a standalone operating system specifically designed for data destruction. There are also machines specifically designed to wipe hard drives to the department of defense specifications DOD
703:
can also defeat data erasure, by relocating blocks between the time when they are originally written and the time when they are overwritten. For this reason, some security protocols tailored to operating systems or other software featuring automatic wear leveling recommend conducting a free-space
462:
that is only done at the factory during manufacturing. In some cases, it is possible to return the drive to a functional state by having it serviced at the manufacturer. However, some modern degaussers use such a strong magnetic pulse that the motor that spins the platters may be destroyed in the
249:
is the physical rewrite of sensitive data from a system or storage device done with the specific intent of rendering the data unrecoverable at a later time. Purging, proportional to the sensitivity of the data, is generally done before releasing media beyond control, such as before discarding old
435:
media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data." An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also
258:
The storage media is made unusable for conventional equipment. Effectiveness of destroying the media varies by medium and method. Depending on recording density of the media, and/or the destruction technique, this may leave data recoverable by laboratory methods. Conversely, destruction using
773:
Solid-state drives, which are flash-based, differ from hard-disk drives in two ways: first, in the way data is stored; and second, in the way the algorithms are used to manage and access that data. These differences can be exploited to recover previously erased data. SSDs maintain a layer of
76:
Effective application of countermeasures can be complicated by several factors, including media that are inaccessible, media that cannot effectively be erased, advanced storage systems that maintain histories of data throughout the data's life cycle, and persistence of data in memory that is
190:
Finally, even when the storage media is overwritten, physical properties of the media may permit recovery of the previous contents. In most cases however, this recovery is not possible by just reading from the storage device in the usual way, but requires using laboratory techniques such as
793:
feature in many SSD devices, if properly implemented, will eventually erase data after it is deleted, but the process can take some time, typically several minutes. Many older operating systems do not support this feature, and not all combinations of drives and operating systems work.
224:
is the removal of sensitive data from storage devices in such a way that there is assurance that the data may not be reconstructed using normal system functions or software file/data recovery utilities. The data may still be recoverable, but not without special laboratory techniques.
563:
Thorough destruction of the underlying storage media is the most certain way to counter data remanence. However, the process is generally time-consuming, cumbersome, and may require extremely thorough methods, as even a small fragment of the media may contain large amounts of data.
774:
indirection between the logical addresses used by computer systems to access data and the internal addresses that identify physical storage. This layer of indirection hides idiosyncratic media interfaces and enhances SSD performance, reliability, and lifespan (see
121:
Even when an explicit deleted file retention facility is not provided or when the user does not use it, operating systems do not actually remove the contents of a file when it is deleted unless they are aware that explicit erasure commands are required, like on a
112:(i.e. the "trash"), making it easy for the user to undo a mistake. Similarly, many software products automatically create backup copies of files that are being edited, to allow the user to restore the original version, or to recover from a possible crash (
300:
In an attempt to counter more advanced data recovery techniques, specific overwrite patterns and multiple passes have often been prescribed. These may be generic patterns intended to eradicate any trace signatures; an example is the seven-pass pattern
436:
concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organizations ignore the issue – resulting in data leaks and loss."
296:
The simplest overwrite technique writes the same data everywhere—often just a pattern of all zeros. At a minimum, this will prevent the data from being retrieved simply by reading from the media again using standard system functions.
292:
alone, and may be able to selectively target only part of the media, it is a popular, low-cost option for some applications. Overwriting is generally an acceptable method of clearing, as long as the media is writable and not damaged.
340:, due to media degradation or other errors. Software overwrite may also be problematic in high-security environments, which require stronger controls on data commingling than can be provided by the software in use. The use of
1005:
inserted after
Section 8-306. The DSS still provides this matrix and it continues to specify methods. As of the Nov 2007 edition of the matrix, overwriting is no longer acceptable for sanitization of magnetic media. Only
860:" state, when not in physical control of the owner. In some cases, such as certain modes of the software program BitLocker, the authors recommend that a boot password or a key on a removable USB device be used.
1001:
Although the NISPOM text itself never described any specific methods for sanitization, past editions (1995 and 1997) did contain explicit sanitization methods within the
Defense Security Service (DSS)
187:
a system is unlikely to write to every area of the disk, though all will cause the disk to appear empty or, in the case of reimaging, empty except for the files present in the image, to most software.
852:
Despite some memory degradation, authors of the above described study were able to take advantage of redundancy in the way keys are stored after they have been expanded for efficient use, such as in
875:
on RAM by ensuring that encryption keys are not accessible from user space and are stored in the CPU rather than system RAM whenever possible. Newer versions of the disk encryption software
748:
or abrading the metallic data layer, shredding, incinerating, destructive electrical arcing (as by exposure to microwave energy), and submersion in a polycarbonate solvent (e.g.,
493:
is strong and carefully controlled, it may effectively make any data on the media unrecoverable. Even if the key is stored on the media, it may prove easier or quicker to
369:
may be able to recover such data, and developed specific patterns, for specific drive technologies, designed to counter such. These patterns have come to be known as the
409:. Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.
1985:
607:
For many electric/electronic volatile and non-volatile storage media, exposure to electromagnetic fields greatly exceeding safe operational specifications (e.g., high-
447:
is the removal or reduction of a magnetic field of a disk or drive, using a device called a degausser that has been designed for the media being erased. Applied to
539:) may offer a greater chance of success, but do not rely on weaknesses in the cryptographic method employed. As such, their relevance for this article is minor.
998:
Current editions no longer contain any references to specific sanitization methods. Standards for sanitization are left up to the
Cognizant Security Authority.
1717:
760:
Research from the Center for
Magnetic Recording and Research, University of California, San Diego has uncovered problems inherent in erasing data stored on
2047:
677:-like semantics; on such systems, data remnants may exist in locations "outside" the nominal file storage location. Some file systems also implement
1486:
962:
1398:
1184:
978:
26:
that remains even after attempts have been made to remove or erase the data. This residue may result from data being left intact by a nominal
2125:
30:
operation, by reformatting of storage media that does not remove data previously written to the media, or through physical properties of the
1745:
416:
considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only
380:, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend". He also points to the "
1847:
1812:
946:
936:
137:
UNMAP command to let the drive know to no longer maintain the deleted data.) Instead, they simply remove the file's entry from the
1941:
470:
In some high-security environments, one may be required to use a degausser that has been approved for the task. For example, in
2075:
228:
Clearing is typically an administrative protection against accidental disclosure within an organization. For example, before a
1882:
1773:
2005:
1777:
1470:
1216:
1144:
920:
245:
988:
783:
377:
520:
method, as there is no possibility of storing the plain text key in an unencrypted section of the medium. See the section
413:
232:
is re-used within an organization, its contents may be cleared to prevent their accidental disclosure to the next user.
164:. Even when undelete has become impossible, the data, until it has been overwritten, can be read by software that reads
1023:
786:, RCMP TSSIT OPS-II, Schneier 7 Pass, and Secure Empty Trash on macOS (a feature included in versions OS X 10.3-10.9).
362:
2028:
1667:
272:
A common method used to counter data remanence is to overwrite the storage media with new data. This is often called
144:
because this requires less work and is therefore faster, and the contents of the file—the actual data—remain on the
1728:
1558:
1365:
1724:
893:
2146:
2130:
1752:
1177:
1127:
910:
657:
may not be successful in such situations, as data remnants may persist in such nominally inaccessible areas.
1805:
818:
685:, with the intent that writing to a file never overwrites data in-place. Furthermore, technologies such as
2095:
1986:"IEEE 2883 Standard On Data Sanitization Is A Path To Storage Reuse And Recycling as published on Forbes"
803:
505:
288:, although the mechanism bears no similarity to these. Because such a method can often be implemented in
1490:
2165:
2068:
1240:
834:
653:(SSDs) that rely on relatively large relocated bad block tables. Attempts to counter data remanence by
1826:
555:
34:
that allow previously written data to be recovered. Data remanence may make inadvertent disclosure of
1457:. Lecture Notes in Computer Science. Vol. 5352. Springer Berlin / Heidelberg. pp. 243–257.
1453:; Shyaam, Sundhar R.S. (December 2008). "Overwriting Hard Drive Data: The Great Wiping Controversy".
865:
690:
536:
366:
45:
Various techniques have been developed to counter data remanence. These techniques are classified as
1858:
1691:
1644:
1579:
1543:
1435:
1348:
1306:
1263:
1905:
1854:
1372:
475:
141:
1593:
1394:
1102:
1029:
673:
increase the integrity of data by recording write operations in multiple locations, and applying
109:
35:
1756:
1519:
1258:
674:
670:
1321:
1279:
693:
techniques may result in file data being written to multiple locations, either by design (for
2170:
2061:
2050:
Gordon Hughes, UCSD Center for
Magnetic Recording Research, Tom Coughlin, Coughlin Associates
1678:
1631:
1566:
1530:
1422:
1335:
1293:
694:
463:
degaussing process, and servicing may not be cost-effective. Degaussed computer tape such as
830:
721:
365:
investigated data recovery from nominally overwritten media in the mid-1990s. He suggested
1615:
1211:. Tilborg, Henk C. A. van, 1947-, Jajodia, Sushil. ( ed.). New York: Springer. 2011.
8:
1517:
528:
489:
data before it is stored on the media may mitigate concerns about data remanence. If the
464:
145:
31:
1234:
1067:
1039:
1015:
826:
616:
490:
474:
government and military jurisdictions, one may be required to use a degausser from the
406:
344:
may also make file-based overwrite ineffective (see the related discussion below under
169:
645:
often feature reallocation of marginal sectors or tracks, automated in a way that the
1938:
1663:
1466:
1393:
Kissel, Richard; Regenscheid, Andrew; Scholl, Matthew; Stine, Kevin (December 2014).
1222:
1212:
1112:
761:
650:
633:
Storage media may have areas which become inaccessible by normal means. For example,
180:
123:
1024:
https://armypubs.army.mil/epubs/DR_pubs/DR_a/pdf/web/ARN17503_AR25_2_Admin_FINAL.pdf
381:
1889:
1781:
1704:
1619:
1458:
1402:
1149:
1087:
872:
868:
857:
822:
790:
682:
646:
634:
595:
513:
498:
448:
161:
149:
130:
93:
856:. The authors recommend that computers be powered down, rather than be left in a "
2022:
1957:
1945:
1922:
1518:
Michael Wei; Laura M. Grupp; Frederick E. Spada; Steven
Swanson (February 2011).
1462:
577:
571:
517:
509:
398:
285:
176:
732:, etc.) also cannot be purged by overwriting. Rewritable optical media, such as
38:
possible should the storage media be released into an uncontrolled environment (
2120:
2041:
1122:
1107:
853:
811:
779:
431:
Special
Publication 800-88 Rev. 1 (p. 7): "For storage devices containing
370:
1971:
1255:
Manual reissues DoD 5220.22-M, "National
Industrial Security Program Operating
580:
the media into a non-readable, non-reverse-constructible state (e.g., through
2159:
2115:
2110:
2100:
1407:
1226:
1097:
1082:
775:
700:
678:
559:
Hard drive mechanically broken by a data destroying device (after degaussing)
471:
402:
330:
191:
disassembling the device and directly accessing/reading from its components.
105:
101:
27:
84:
exist for the secure removal of data and the elimination of data remanence.
2084:
1594:"Digital Evidence Extraction Software for Computer Forensic Investigations"
1450:
1077:
1072:
745:
713:
581:
250:
media, or moving media to a computer with different security requirements.
208:
97:
23:
1206:
259:
appropriate techniques is the most secure method of preventing retrieval.
1154:
764:(SSDs). Researchers discovered three problems with file storage on SSDs:
649:
would not need to work with it. The problem is especially significant in
641:
after data has been written, and tapes require inter-record gaps. Modern
602:
467:
can generally be reformatted and reused with standard consumer hardware.
459:
444:
213:
There are three levels commonly recognized for eliminating remnant data:
165:
138:
2024:
A Guide to
Understanding Data Remanence in Automated Information Systems
451:, degaussing may purge an entire media element quickly and effectively.
1448:
1117:
1092:
1010:(with an NSA approved degausser) or physical destruction is acceptable.
638:
585:
547:
532:
486:
229:
184:
157:
127:
1395:"Special Publication 800-88 Rev. 1: Guidelines for Media Sanitization"
1178:"Special Publication 800-88: Guidelines for Media Sanitization Rev. 1"
1138:
1132:
876:
846:
838:
642:
612:
589:
455:
336:
One challenge with overwriting is that some areas of the disk may be
1623:
108:
when the user requests that action. Instead, the file is moved to a
842:
810:, the contents degrade with loss of external power). In one study,
289:
153:
114:
535:, acquisition of a written note containing the decryption key, or
152:
reuses the space for new data. In some systems, enough filesystem
749:
608:
281:
2053:
1990:
861:
737:
665:
Data storage systems with more sophisticated features may make
199:
below gives further explanations for causes of data remanence.
1280:"Secure Deletion of Data from Magnetic and Solid-State Memory"
733:
729:
497:
just the key, versus the entire disk. This process is called
357:
1774:"Clearing and Declassifying Electronic Data Storage Devices"
1392:
744:. Methods for successfully sanitizing optical discs include
2006:"IEEE P2883™ Draft Standard for Sanitizing Storage on SNIA"
1827:"ADISA: ASSET DISPOSAL & INFORMATION SECURITY ALLIANCE"
1520:"Reliably Erasing Data From Flash-Based Solid State Drives"
1049:
725:
686:
428:
134:
1830:
924:
669:
ineffective, especially on a per-file basis. For example,
879:
can encrypt in-RAM keys and passwords on 64-bit Windows.
1668:"Lest We Remember: Cold Boot Attacks on Encryption Keys"
1848:"National Industrial Security Program Operating Manual"
716:
are not magnetic, they are not erased by conventional
601:
For magnetic media, raising its temperature above the
126:. (In such cases, the operating system will issue the
1322:"Can Intelligence Agencies Recover Overwritten Data?"
993:
National Industrial Security Program Operating Manual
551:
The pieces of a physically destroyed hard disk drive.
516:
are one of the few possible methods for subverting a
598:(e.g., liquefaction or vaporization of a solid disk)
1613:
1718:"Australia Government Information Security Manual"
329:, sometimes erroneously attributed to US standard
1662:
1559:"Data Remanence: Secure Deletion of Data in SSDs"
898:Australian Government Information Security Manual
2157:
1705:https://www.veracrypt.fr/en/Release%20Notes.html
1618:. University of Cambridge, Computer Laboratory.
963:Asset Disposal and Information Security Alliance
806:(SRAM), which is typically considered volatile (
574:the media apart (e.g., by grinding or shredding)
100:, and other software provide a facility where a
1806:"New Zealand Information Security Manual v2.5"
1746:"IT Media Overwrite and Secure Erase Products"
1616:"Low temperature data remanence in static RAM"
2069:
1277:
755:
376:Daniel Feenberg, an economist at the private
341:
337:
1658:
1656:
1654:
1607:
941:New Zealand Information Security Manual v2.5
915:IT Media Overwrite and Secure Erase Products
1360:
1358:
1319:
871:for Linux specifically intended to prevent
660:
628:
2142:
2076:
2062:
1172:
1170:
358:Feasibility of recovering overwritten data
1875:
1842:
1840:
1813:Government Communications Security Bureau
1651:
1406:
1262:
1208:Encyclopedia of cryptography and security
967:ADISA IT Asset Disposal Security Standard
817:Data remanence has also been observed in
769:file sanitization are effective on SSDs.
567:Specific destruction techniques include:
427:On the other hand, according to the 2014
421:
2048:Tutorial on Disk Drive Data Sanitization
1366:"DSS Clearing & Sanitization Matrix"
1355:
554:
546:
1556:
1167:
814:was observed even at room temperature.
148:. The data will remain there until the
42:, thrown in the bin (trash) or lost).
2158:
1972:"IEEE Standard for Sanitizing Storage"
1837:
1596:. Forensic.belkasoft.com. October 2012
1513:
1511:
1509:
1507:
1271:
70:
2057:
1778:Communications Security Establishment
1707:VeraCrypt release notes, version 1.24
1479:
1145:Sanitization (classified information)
1022:, February 1998 replaced by AR 25-2
921:Communications Security Establishment
1054:IEEE Standard for Sanitizing Storage
802:Data remanence has been observed in
542:
378:National Bureau of Economic Research
156:are also left behind to enable easy
1912:; includes Change 1, July 31, 1997.
1504:
1026:(Army Publishing Directorate, 2009)
611:electric current or high-amplitude
458:inoperable, as it erases low-level
414:United States Department of Defense
262:
16:Data that remains after deleting it
13:
2015:
521:
346:
202:
195:
22:is the residual representation of
14:
2182:
2029:National Computer Security Center
1614:Sergei Skorobogatov (June 2002).
983:Guidelines for Media Sanitization
2141:
2083:
1910:Clearing and Sanitization Matrix
1003:Clearing and Sanitization Matrix
741:
707:
666:
654:
623:
494:
58:
54:
1998:
1978:
1964:
1950:
1932:
1915:
1857:. February 2006. Archived from
1819:
1798:
1766:
1738:
1710:
1698:
1586:
1550:
1007:
717:
417:
77:typically considered volatile.
66:
62:
1958:"Remanence Security Guidebook"
1923:"Information Systems Security"
1888:. January 1995. Archived from
1725:Australian Signals Directorate
1442:
1386:
1313:
1247:
1199:
797:
478:'s "Evaluated Products List".
424:is acceptable for the latter.
267:
253:
81:
1:
2147:List of data-erasing software
2131:Physical information security
1753:Royal Canadian Mounted Police
1161:
1128:Physical information security
833:systems, including Microsoft
481:
439:
342:advanced storage technologies
172:often employs such software.
46:
1487:"Media Destruction Guidance"
1463:10.1007/978-3-540-89862-7_21
1455:Information Systems Security
1020:Information Systems Security
981:Special Publication 800-88,
882:
819:dynamic random-access memory
504:Encryption may be done on a
50:
7:
1780:. July 2006. Archived from
1666:; et al. (July 2008).
1278:Peter Gutmann (July 1996).
1060:
804:static random-access memory
345:
216:
57:. Specific methods include
10:
2187:
1755:. May 2009. Archived from
951:Protective Security Manual
756:Data on solid-state drives
522:Complications: Data in RAM
235:
206:
2139:
2091:
1557:Homaidi, Omar Al (2009).
995:(NISPOM), February 2006
825:to recover cryptographic
537:rubber-hose cryptanalysis
454:Degaussing often renders
412:As of November 2007, the
367:magnetic force microscopy
87:
1906:Defense Security Service
1408:10.6028/NIST.SP.800-88r1
697:), or as data remnants.
661:Advanced storage systems
629:Inaccessible media areas
524:for further discussion.
2096:Anti–computer forensics
1103:Forensic identification
671:journaling file systems
1727:. 2014. Archived from
1686:Cite journal requires
1639:Cite journal requires
1574:Cite journal requires
1538:Cite journal requires
1430:Cite journal requires
1343:Cite journal requires
1301:Cite journal requires
1239:: CS1 maint: others (
1141:(magnetic retentivity)
771:
740:, may be receptive to
560:
552:
286:destroying print media
160:by commonly available
2044:"Forrest Green Book")
1489:. NSA. Archived from
1135:(security discussion)
766:
558:
550:
401:created on a tape of
284:to common methods of
36:sensitive information
831:full disk encryption
829:for several popular
529:side-channel attacks
518:full-disk encryption
422:physical destruction
347:§ Complications
196:§ Complications
578:Chemically altering
572:Physically breaking
327:<random byte>
315:<random byte>
280:a disk or file, by
104:is not immediately
1944:2012-10-22 at the
1187:. 6 September 2012
1068:Computer forensics
1044:Remanence Security
1036:, 17 November 2008
1034:Remanence Security
762:solid-state drives
691:anti-fragmentation
651:solid-state drives
561:
553:
407:Watergate break-in
170:Computer forensics
51:purging/sanitizing
2166:Computer security
2153:
2152:
1960:. September 1993.
1883:"Obsolete NISPOM"
1664:J. Alex Halderman
1472:978-3-540-89861-0
1320:Daniel Feenberg.
1218:978-1-4419-5906-5
1113:Memory scrambling
1046:, September 1993
985:, September 2006
873:cold boot attacks
543:Media destruction
514:Cold boot attacks
508:basis, or on the
124:solid-state drive
94:operating systems
71:media destruction
2178:
2145:
2144:
2078:
2071:
2064:
2055:
2054:
2039:
2037:
2036:
2031:. September 1991
2010:
2009:
2002:
1996:
1995:
1982:
1976:
1975:
1968:
1962:
1961:
1954:
1948:
1936:
1930:
1929:
1928:. February 1998.
1927:
1919:
1913:
1903:
1901:
1900:
1894:
1887:
1879:
1873:
1872:
1870:
1869:
1863:
1852:
1844:
1835:
1834:
1829:. Archived from
1823:
1817:
1816:
1810:
1802:
1796:
1795:
1793:
1792:
1786:
1770:
1764:
1763:
1761:
1750:
1742:
1736:
1735:
1733:
1722:
1714:
1708:
1702:
1696:
1695:
1689:
1684:
1682:
1674:
1672:
1660:
1649:
1648:
1642:
1637:
1635:
1627:
1611:
1605:
1604:
1602:
1601:
1590:
1584:
1583:
1577:
1572:
1570:
1562:
1554:
1548:
1547:
1541:
1536:
1534:
1526:
1524:
1515:
1502:
1501:
1499:
1498:
1483:
1477:
1476:
1446:
1440:
1439:
1433:
1428:
1426:
1418:
1416:
1415:
1410:
1390:
1384:
1383:
1381:
1380:
1370:
1362:
1353:
1352:
1346:
1341:
1339:
1331:
1329:
1328:
1317:
1311:
1310:
1304:
1299:
1297:
1289:
1287:
1286:
1275:
1269:
1268:
1266:
1251:
1245:
1244:
1238:
1230:
1203:
1197:
1195:
1193:
1192:
1182:
1174:
1150:Secure USB drive
1088:Electronic waste
1056:, August 2022
1042:NAVSO P5239-26,
823:cold boot attack
784:US DoD 5220.22-M
683:revision control
647:operating system
637:may develop new
596:Phase transition
499:crypto-shredding
394:
393:
389:
386:
349:
263:Specific methods
162:utility software
150:operating system
2186:
2185:
2181:
2180:
2179:
2177:
2176:
2175:
2156:
2155:
2154:
2149:
2135:
2087:
2082:
2034:
2032:
2021:
2018:
2016:Further reading
2013:
2004:
2003:
1999:
1984:
1983:
1979:
1970:
1969:
1965:
1956:
1955:
1951:
1946:Wayback Machine
1937:
1933:
1925:
1921:
1920:
1916:
1898:
1896:
1892:
1885:
1881:
1880:
1876:
1867:
1865:
1861:
1850:
1846:
1845:
1838:
1825:
1824:
1820:
1808:
1804:
1803:
1799:
1790:
1788:
1784:
1772:
1771:
1767:
1759:
1748:
1744:
1743:
1739:
1731:
1720:
1716:
1715:
1711:
1703:
1699:
1687:
1685:
1676:
1675:
1670:
1661:
1652:
1640:
1638:
1629:
1628:
1624:10.48456/tr-536
1612:
1608:
1599:
1597:
1592:
1591:
1587:
1575:
1573:
1564:
1563:
1555:
1551:
1539:
1537:
1528:
1527:
1522:
1516:
1505:
1496:
1494:
1485:
1484:
1480:
1473:
1449:Wright, Craig;
1447:
1443:
1431:
1429:
1420:
1419:
1413:
1411:
1391:
1387:
1378:
1376:
1368:
1364:
1363:
1356:
1344:
1342:
1333:
1332:
1326:
1324:
1318:
1314:
1302:
1300:
1291:
1290:
1284:
1282:
1276:
1272:
1264:10.1.1.180.8813
1253:
1252:
1248:
1232:
1231:
1219:
1205:
1204:
1200:
1190:
1188:
1180:
1176:
1175:
1168:
1164:
1159:
1063:
885:
845:for Linux, and
800:
758:
724:optical media (
710:
695:fault tolerance
663:
631:
626:
584:or exposure to
545:
484:
442:
405:discussing the
399:Rose Mary Woods
391:
387:
384:
382:
360:
270:
265:
256:
238:
219:
211:
205:
203:Countermeasures
133:command or the
90:
17:
12:
11:
5:
2184:
2174:
2173:
2168:
2151:
2150:
2140:
2137:
2136:
2134:
2133:
2128:
2123:
2121:Gutmann method
2118:
2113:
2108:
2106:Data remanence
2103:
2098:
2092:
2089:
2088:
2081:
2080:
2073:
2066:
2058:
2052:
2051:
2045:
2042:Rainbow Series
2017:
2014:
2012:
2011:
1997:
1977:
1963:
1949:
1931:
1914:
1874:
1836:
1833:on 2010-11-01.
1818:
1797:
1765:
1762:on 2011-06-15.
1737:
1734:on 2014-03-27.
1709:
1697:
1688:|journal=
1650:
1641:|journal=
1606:
1585:
1576:|journal=
1549:
1540:|journal=
1503:
1478:
1471:
1441:
1432:|journal=
1385:
1354:
1345:|journal=
1312:
1303:|journal=
1270:
1246:
1217:
1198:
1165:
1163:
1160:
1158:
1157:
1152:
1147:
1142:
1136:
1130:
1125:
1123:Paper shredder
1120:
1115:
1110:
1108:Gutmann method
1105:
1100:
1095:
1090:
1085:
1080:
1075:
1070:
1064:
1062:
1059:
1058:
1057:
1047:
1037:
1027:
1013:
1012:
1011:
999:
986:
975:
974:
970:
969:
959:
958:
957:United Kingdom
954:
953:
944:
933:
932:
928:
927:
918:
907:
906:
902:
901:
890:
889:
884:
881:
854:key scheduling
812:data retention
799:
796:
780:Gutmann method
757:
754:
709:
706:
662:
659:
635:magnetic disks
630:
627:
625:
622:
621:
620:
605:
599:
593:
575:
544:
541:
491:decryption key
483:
480:
449:magnetic media
441:
438:
371:Gutmann method
359:
356:
328:
324:
320:
316:
312:
308:
304:
269:
266:
264:
261:
255:
252:
237:
234:
218:
215:
207:Main article:
204:
201:
198:
181:repartitioning
146:storage medium
89:
86:
20:Data remanence
15:
9:
6:
4:
3:
2:
2183:
2172:
2169:
2167:
2164:
2163:
2161:
2148:
2138:
2132:
2129:
2127:
2126:DoD 5220.22-M
2124:
2122:
2119:
2117:
2116:File deletion
2114:
2112:
2111:Factory reset
2109:
2107:
2104:
2102:
2101:Data recovery
2099:
2097:
2094:
2093:
2090:
2086:
2079:
2074:
2072:
2067:
2065:
2060:
2059:
2056:
2049:
2046:
2043:
2030:
2026:
2025:
2020:
2019:
2007:
2001:
1993:
1992:
1987:
1981:
1973:
1967:
1959:
1953:
1947:
1943:
1940:
1935:
1924:
1918:
1911:
1907:
1895:on 2003-11-18
1891:
1884:
1878:
1864:on 2011-05-24
1860:
1856:
1849:
1843:
1841:
1832:
1828:
1822:
1814:
1807:
1801:
1787:on 2014-08-07
1783:
1779:
1775:
1769:
1758:
1754:
1747:
1741:
1730:
1726:
1719:
1713:
1706:
1701:
1693:
1680:
1669:
1665:
1659:
1657:
1655:
1646:
1633:
1625:
1621:
1617:
1610:
1595:
1589:
1581:
1568:
1560:
1553:
1545:
1532:
1521:
1514:
1512:
1510:
1508:
1493:on 2012-09-28
1492:
1488:
1482:
1474:
1468:
1464:
1460:
1456:
1452:
1451:Kleiman, Dave
1445:
1437:
1424:
1409:
1404:
1400:
1396:
1389:
1374:
1367:
1361:
1359:
1350:
1337:
1323:
1316:
1308:
1295:
1281:
1274:
1265:
1260:
1256:
1250:
1242:
1236:
1228:
1224:
1220:
1214:
1210:
1209:
1202:
1186:
1179:
1173:
1171:
1166:
1156:
1153:
1151:
1148:
1146:
1143:
1140:
1137:
1134:
1131:
1129:
1126:
1124:
1121:
1119:
1116:
1114:
1111:
1109:
1106:
1104:
1101:
1099:
1098:File deletion
1096:
1094:
1091:
1089:
1086:
1084:
1083:Data recovery
1081:
1079:
1076:
1074:
1071:
1069:
1066:
1065:
1055:
1051:
1048:
1045:
1041:
1038:
1035:
1031:
1028:
1025:
1021:
1017:
1014:
1009:
1004:
1000:
997:
996:
994:
990:
989:DoD 5220.22-M
987:
984:
980:
977:
976:
973:United States
972:
971:
968:
964:
961:
960:
956:
955:
952:
948:
945:
942:
938:
935:
934:
930:
929:
925:
922:
919:
916:
912:
909:
908:
904:
903:
899:
895:
892:
891:
887:
886:
880:
878:
874:
870:
867:
863:
859:
855:
850:
848:
844:
840:
836:
832:
828:
824:
820:
815:
813:
809:
805:
795:
792:
787:
785:
781:
777:
776:wear leveling
770:
765:
763:
753:
751:
747:
743:
739:
735:
731:
727:
723:
719:
715:
714:optical media
708:Optical media
705:
702:
701:Wear leveling
698:
696:
692:
688:
684:
680:
679:copy-on-write
676:
672:
668:
658:
656:
652:
648:
644:
640:
636:
624:Complications
618:
614:
610:
606:
604:
600:
597:
594:
591:
587:
583:
579:
576:
573:
570:
569:
568:
565:
557:
549:
540:
538:
534:
530:
525:
523:
519:
515:
511:
507:
502:
500:
496:
492:
488:
479:
477:
473:
468:
466:
461:
457:
452:
450:
446:
437:
434:
430:
425:
423:
419:
415:
410:
408:
404:
403:Richard Nixon
400:
396:
379:
374:
372:
368:
364:
363:Peter Gutmann
355:
351:
348:
343:
339:
334:
332:
331:DOD 5220.22-M
326:
322:
318:
314:
310:
306:
302:
298:
294:
291:
287:
283:
279:
275:
260:
251:
248:
247:
242:
233:
231:
226:
223:
214:
210:
200:
197:
194:
192:
188:
186:
182:
178:
173:
171:
167:
163:
159:
155:
151:
147:
143:
140:
136:
132:
129:
125:
119:
117:
116:
111:
107:
103:
99:
98:file managers
95:
85:
83:
78:
74:
72:
68:
64:
60:
56:
52:
48:
43:
41:
37:
33:
32:storage media
29:
28:file deletion
25:
21:
2171:Data erasure
2105:
2085:Data erasure
2033:. Retrieved
2023:
2000:
1989:
1980:
1966:
1952:
1934:
1917:
1909:
1897:. Retrieved
1890:the original
1877:
1866:. Retrieved
1859:the original
1831:the original
1821:
1815:. July 2016.
1800:
1789:. Retrieved
1782:the original
1768:
1757:the original
1740:
1729:the original
1712:
1700:
1679:cite journal
1632:cite journal
1609:
1598:. Retrieved
1588:
1567:cite journal
1552:
1531:cite journal
1495:. Retrieved
1491:the original
1481:
1454:
1444:
1423:cite journal
1412:. Retrieved
1388:
1377:. Retrieved
1375:. 2007-06-28
1336:cite journal
1325:. Retrieved
1315:
1294:cite journal
1283:. Retrieved
1273:
1254:
1249:
1207:
1201:
1189:. Retrieved
1078:Data erasure
1073:Cryptography
1053:
1043:
1033:
1032:AFSSI 8580,
1019:
1002:
992:
982:
966:
950:
943:, July 2016
940:
939:NZISM 2016,
926:, July 2006
923:
914:
897:
851:
816:
807:
801:
788:
772:
767:
759:
746:delaminating
711:
699:
681:or built-in
664:
632:
582:incineration
566:
562:
526:
506:file-by-file
503:
485:
469:
453:
443:
432:
426:
411:
375:
361:
352:
338:inaccessible
335:
299:
295:
277:
273:
271:
257:
244:
240:
239:
227:
221:
220:
212:
209:Data erasure
193:
189:
177:reformatting
174:
166:disk sectors
120:
113:
110:holding area
91:
79:
75:
44:
39:
24:digital data
19:
18:
1155:Zeroisation
931:New Zealand
917:, May 2009
798:Data in RAM
742:overwriting
675:transaction
655:overwriting
639:bad sectors
603:Curie point
395:-minute gap
354:5220.22-M.
268:Overwriting
254:Destruction
139:file system
59:overwriting
55:destruction
2160:Categories
2035:2007-12-10
1939:AFI 33-106
1899:2007-12-07
1868:2010-09-22
1791:2016-10-09
1600:2014-04-01
1497:2009-03-01
1414:2018-06-26
1379:2010-11-04
1327:2007-12-10
1285:2007-12-10
1191:2014-06-23
1162:References
1118:Palimpsest
1093:Encryption
1018:AR380-19,
1008:degaussing
949:PSM 2009,
896:ISM 2014,
722:Write-once
718:degaussing
643:hard disks
619:radiation)
592:chemicals)
533:keyloggers
510:whole disk
487:Encrypting
482:Encryption
460:formatting
456:hard disks
445:Degaussing
440:Degaussing
418:degaussing
246:sanitizing
230:hard drive
175:Likewise,
168:directly.
158:undeletion
128:Serial ATA
118:feature).
67:encryption
63:degaussing
1904:with the
1259:CiteSeerX
1235:cite book
1227:759924624
1139:Remanence
1133:Plaintext
1030:Air Force
965:(ADISA),
888:Australia
883:Standards
877:VeraCrypt
847:TrueCrypt
839:FileVault
835:BitLocker
667:overwrite
613:microwave
590:corrosive
531:(such as
495:overwrite
278:shredding
185:reimaging
142:directory
82:standards
1942:Archived
1257:. 2006.
1196:(542 KB)
1061:See also
913:B2-002,
843:dm-crypt
837:, Apple
617:ionizing
433:magnetic
290:software
222:Clearing
217:Clearing
154:metadata
115:autosave
80:Several
47:clearing
900:, 2014
750:acetone
609:voltage
586:caustic
390:⁄
282:analogy
241:Purging
236:Purging
106:deleted
1991:Forbes
1908:(DSS)
1469:
1261:
1225:
1215:
1052:2883,
905:Canada
866:kernel
862:TRESOR
738:DVD-RW
527:Other
274:wiping
88:Causes
69:, and
1926:(PDF)
1893:(PDF)
1886:(PDF)
1862:(PDF)
1851:(PDF)
1809:(PDF)
1785:(PDF)
1760:(PDF)
1749:(PDF)
1732:(PDF)
1721:(PDF)
1671:(PDF)
1523:(PDF)
1369:(PDF)
1181:(PDF)
947:NZSIS
869:patch
864:is a
858:sleep
734:CD-RW
730:DVD-R
183:, or
92:Many
53:, or
1692:help
1645:help
1580:help
1544:help
1467:ISBN
1436:help
1399:NIST
1349:help
1307:help
1241:link
1223:OCLC
1213:ISBN
1185:NIST
1050:IEEE
1040:Navy
1016:Army
979:NIST
937:GCSB
911:RCMP
827:keys
808:i.e.
791:TRIM
789:The
736:and
726:CD-R
689:and
687:RAID
429:NIST
323:0xFF
319:0x00
311:0xFF
307:0x00
303:0xF6
135:SCSI
131:TRIM
102:file
40:e.g.
1855:DSS
1620:doi
1459:doi
1403:doi
1373:DSS
894:ASD
752:).
712:As
615:or
476:NSA
465:DLT
420:or
350:).
276:or
243:or
2162::
2027:.
1988:.
1853:.
1839:^
1811:.
1776:.
1751:.
1723:.
1683::
1681:}}
1677:{{
1653:^
1636::
1634:}}
1630:{{
1571::
1569:}}
1565:{{
1535::
1533:}}
1529:{{
1506:^
1465:.
1427::
1425:}}
1421:{{
1401:.
1397:.
1371:.
1357:^
1340::
1338:}}
1334:{{
1298::
1296:}}
1292:{{
1237:}}
1233:{{
1221:.
1183:.
1169:^
991:,
849:.
841:,
782:,
728:,
720:.
512:.
501:.
472:US
397:"
383:18
373:.
333:.
325:,
321:,
317:,
313:,
309:,
305:,
179:,
96:,
73:.
65:,
61:,
49:,
2077:e
2070:t
2063:v
2040:(
2038:.
2008:.
1994:.
1974:.
1902:.
1871:.
1794:.
1694:)
1690:(
1673:.
1647:)
1643:(
1626:.
1622::
1603:.
1582:)
1578:(
1561:.
1546:)
1542:(
1525:.
1500:.
1475:.
1461::
1438:)
1434:(
1417:.
1405::
1382:.
1351:)
1347:(
1330:.
1309:)
1305:(
1288:.
1267:.
1243:)
1229:.
1194:.
588:/
392:2
388:1
385:+
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.