Most modern SSDs and HDD’s have built-in commands. These instruct on-board firmware to run a sanitization standard protocol to remove all data. This is most likely the ATA Secure Erase Command, the DOD 5220.22-M 3 pass sanitization method, or some support Secure Erasure Command otherwise known as the Crypto Erase Command. Since the manufacturer has “full knowledge” of the drive’s design, these techniques should be reliable. But researchers found many of the implementations were flawed.
DOD 5220.22-M 3 Pass Overwrite Methodology
Overwriting sanitizing is the removal of sensitive data from a system or storage device with the intent that the data cannot be reconstructed by any known technique. This is known as a DOD 5220.22-m Erasure for data residing on hard drives and solid-state drives (SSD). DoD 5220.22-m is a software based data sanitization method used in various file shredder and data destruction programs. This overwrites existing information on a SSD or magnetic hard drive or other storage device.
Erasing a hard drive or solid state device using the DoD 5220.22-M data sanitization method will possibly prevent all software based file recovery methods from lifting information from the drive. Additionally, it should prevent most if not all hardware based recovery methods. There are also other issues deleting data in Host Protected Areas (HPA) and Device Configuration Overlays (DCO). These areas can be problematic for computer forensic investigators. This is because many of the common industry tools cannot detect the presence of the HPA and DCO. A review of the ATA specifications and recent white papers indicate that these areas can be accessed, modified, and written to by end users using specific open source and freely available tools, allowing data to be stored and/or hidden in these areas.
The DoD 5220.22-M method is often incorrectly referenced as DoD 5220.2-M (.2-M instead of .22-M).
DoD 5220.22-M Wipe Method
The DoD 5220.22-M data sanitization method is usually implemented in the following way:
Pass 1: Writes a zero and verifies the write
Pass 2: Writes a one and verifies the write
Pass 3: Writes a random character and verifies the write
Many claims of “Department of Defense approval” echo through the software wiping industry as means to ensure customers of securely sanitized media. However, the Department of Defense and all other affiliated government entities no longer approve of software overwriting as a method to securely erase data. Why is this exactly? Because overwritten data can still be recovered from a hard drive even after running the program several times.
Your sensitive information can still be recovered even after a hard drive is “erased” via software wiping programs. As of June, of 2007, the Defense Security Service (DSS) no longer approves of any overwriting procedures “for sanitization or downgrading of Information Systems (IS) storage devices used for classified processing.” Furthermore, in the NSA/CSS storage device declassification manual, software overwriting or software wiping are not mentioned anywhere as means to reliably destroy data.
What is approved now for classified material is Degaussing HDD’s via an approved Degaussing Device. Also the Shredding the HDD’s to 2mm particles, then mixing said media with other fillers for final destruction.
ATA SECURE ERASE
ATA Secure Erase is part of the ANSI ATA specification and when it is implemented correctly. It wipes the entire contents of a drive at the hardware level instead of through software tools. Software tools over-write data on hard drives and SSDs, often through multiple passes; over-writing the problem with SSDs, is that such software tools cannot access all the storage areas on an SSD, leaving behind blocks of data in the service regions of the drive (examples: Bad Blocks, Wear-Leveling Blocks, Garbage Collection).
When an ATA Secure Erase (SE) command is issued against a SSD’s built-in controller that properly supports it, the SSD controller resets all its storage cells as empty (releasing stored electrons) – restoring the SSD to factory default settings and write performance. When Implemented properly, SE will process all regions Including the protected storage service regions. This includes any System Area Data, Metadata, HPA and DCO’s. Secure Erase is recognized by the US National Institute for Standards and Technology (NIST), as an effective and secure way to meet legal requirements data sanitization attacks against up to laboratory level.
There are Numerous state and federal regulations that contain provisions related to the sanitization and disposal of data. For example, at least 10 states enacted laws have that requires destruction of “personal information” when it is no longer needed for business.
The Health Insurance Portability and Accountability Act (“HIPAA”) requires disposal at a formal documentation of procedures to Ensure health information is properly sanitized prior to Being discarded.
The Payment Card Industry Data Security Standard (PCI DSS) 9.10 that requirement stipulates storage media be destroyed when it is no longer needed for business or legal reasons. PCI-DSS is setup to verify that cardholder data on electronic media is rendered unrecoverable via a secure wipe program in accordance with industry-accepted standards for secure deletion, or otherwise physically destroying the media.
Additionally, many large private companies are now requiring that data on all electronic storage media be sanitized prior to the media’s sale, donation, transfer of ownership and disposal.
For more information on how Data Destroyers can securely erase your solid state drives, please contact us.