Data Destruction and Disposal for CompTIA A+ 220-1102

Data on storage media remains recoverable even after normal deletion and formatting. Quick format: marks sectors as available but does not erase data — easily recovered with forensic tools. Standard delete: removes file table entry but leaves data intact. Even full format writes zeros only once — some forensic methods claim to recover overwritten data. Failed or decommissioned equipment containing unwiped drives is a major source of data breaches. Organizations must have documented procedures for sanitizing media at end-of-life. Data at risk: SSDs, HDDs, USB drives, SD cards, optical media, smartphones, tape media, and even printers with internal storage. Regulatory requirements: HIPAA, PCI-DSS, GDPR, and other regulations mandate proper data destruction and may require documented proof of destruction.

Overwriting replaces existing data with zeros, ones, or random patterns. Effective for magnetic media (HDDs) — multiple passes increase security. Single pass of zeros is sufficient for most organizational purposes. DoD 5220.22-M standard: historically specified 7-pass overwrite pattern (now deprecated — single pass is considered sufficient for HDDs). Gutmann method: 35-pass overwrite — used for older MFM/RLL encoding, overkill for modern drives. Tools: DBAN (Darik's Boot and Nuke): free, bootable tool for wiping hard drives. Eraser: Windows application for overwriting specific files or free space. Windows: `cipher /w:C:` overwrites free space on NTFS volumes. SSD limitation: overwriting is less effective on SSDs due to wear leveling — use ATA Secure Erase or manufacturer tools instead. Overwriting does not physically damage the media — the drive can be reused after wiping.

SSDs use wear leveling that distributes writes across all cells — software overwriting may miss cells. ATA Secure Erase: a built-in command in SSD firmware that wipes all cells simultaneously, including over-provisioned space. More effective than software overwriting for SSDs. Tools: HDParm (Linux), Parted Magic, manufacturer utilities (Samsung Magician, WD Dashboard). NVMe Secure Erase: NVMe SSDs support similar sanitization via manufacturer tools or nvme-cli (Linux). Encryption-based erasure: if the SSD is encrypted (self-encrypting drive — SED), destroying the encryption key makes all data permanently unreadable — effectively instantaneous. Full-disk encryption + key destruction is the fastest and most reliable method for SSDs.

Degaussing exposes magnetic media to a strong magnetic field that randomly realigns magnetic domains, destroying all data. Effective for: HDDs (magnetic platters), magnetic tapes, floppy disks. Not effective for: SSDs, USB flash drives, optical media (CDs, DVDs) — these do not use magnetic storage. After degaussing, a HDD is no longer functional — the drive cannot be reused (servo information also destroyed). Advantages: fast, effective, no need to boot to the drive. Disadvantages: expensive equipment, only works on magnetic media, destroys the drive. NSA-approved degausser: high-field degaussers approved by the NSA for classified media destruction. Degaussing alone is usually considered sufficient for most classified data, but physical destruction is added for the highest classification levels.

Physical destruction makes data recovery physically impossible. Methods: Shredding: industrial shredders reduce HDDs, SSDs, and other media to small pieces. NIST recommends shredding to particles ≤2mm for SSDs. Drilling: drilling holes through hard drive platters destroys data in the drilled areas (less thorough than shredding). Disintegration: reduces media to powder — used for highly classified material. Incineration: burning drives at high temperature (requires proper disposal to avoid toxic fumes). Pulverizing / crushing: industrial crusher destroys the entire drive. Certificate of destruction: third-party disposal services provide documentation that media was destroyed — important for compliance and audit. Physical destruction is the most certain method — combine with shredding for maximum assurance. Used when media cannot be wiped (damaged drives, unresponsive SSDs).

Shredding: cross-cut (confetti) shredders provide the best security — strip shredders can be reassembled. Microcut shredders: finest particles, highest security level. DIN 66399 standard: P-1 through P-7 security levels (P-4 is recommended minimum for sensitive data). Burn bags: documents placed in marked bags for incineration — used in government/military. Secure shredding services: third-party companies collect and shred on-site or transport to shredding facility; provide certificate. Never put unshredded sensitive documents in recycling or regular trash — dumpster diving is a real threat. Sensitive documents include: financial records, HR files, customer data, medical records, proprietary business information, passwords written on paper.