When ‘Delete' Is Not Enough

Data Destruction in the Digital World


Webroot's Window Washer scrubs selected sections of a computer to remove unnecessary files, and cleans all aspects of browser activity including Internet history, cache and cookies. D.o.D.-lete by AMEGA Security Solutions, Smart Data Scrubber by Smart PC Solutions, cyberCide by CyberScrub and DataEraser by Ontrack all perform similar tasks for individual users.

Freeware Data Deletion

In the world of freeware, Darik's Boot and Nuke (or DBAN), is a popular, bootable open-source utility for the Windows operating system (OS), offering six ways to overwrite data, as well as remove viruses and spyware. The developer, Darik Horn, claims that a single overwrite should be adequate, but recommends a minimum of four overwrites to guard against future improvements in data recovery techniques. Similar freeware data deletion tools for Windows include UltraShredder, Eraser, Nikhil's Shredder, SuperShredder and DeleteOnClick.

Deleting Apples to the Core

In Mac OS X 10.3, Apple introduced the Secure Empty Trash feature, which overwrites data according to the U.S. DoD pattern. Permanent Eraser, available with OS X 10.4, or Tiger, offers even stronger security with the Gutmann method. Permanent Eraser is a free download and the source code is provided for educational purposes. DestroyerX is recommended for wiping an entire Mac drive, as well as peripherals such as external drives and devices, including iPods.

MP3 players such as iPods are not normally considered items that may contain confidential data, but because they are, in essence, digital storage devices, they are gaining in popularity. IT professionals would do well to remember this when evaluating possible sources for data breaches at their organization. In fact , eSchool News , a publication aimed at K-20 technology decision-makers, reports that Mountain View School in Meridian, Idaho, has banned iPods and other digital media players from testing rooms after discovering students were downloading formulas and crib notes, then disguising them as song lyrics.

Smart phones such as the Palm Treo, and Research in Motion's Blackberry, which often contain sensitive information, provide remote wipe capability. Users wanting to protect a lost or stolen device can send a “poison pill” command via GoodLink software from Good Technology on the Treo or from the service provider for Blackberry users.

Remote Data Delete

Remote data deletion technology enables IT professionals to remotely delete sensitive data on target computers that have fallen outside their jurisdiction. Absolute Software's Computrace Data Protection (CDP) solution, for example, allows customers to track fixed, remote and mobile computer assets and remotely wipe data if the computer is lost, stolen or nearing the end of its lifecycle. The product is centrally managed by the IT department and gives staff the visibility to see up to 100 percent of their connected computer assets.

Remote data delete software can be an effective tool for maintaining compliance with government regulations such as the California Security Breach Information Act (CA Senate Bill 1386), which requires that organizations doing business with the state of California notify all parties that may be affected by a loss or breach of personal data — such as data that was stored on lost or stolen computers. Computrace Data Protection creates an audit log verifying which files have been deleted, which can assist with regulatory compliance.

Destroy It — Literally

On the other end of the spectrum is the category of brute force: that is, physical destruction of drives or digital media. To ensure a hard drive is rendered forever unreadable, the disk's platters can be removed and scored or ground up into bits. eDR Solutions and SEM Systems are two companies providing such a service.

Fire, acid baths and sledgehammers also work equally well, but these require greater degrees of user participation. Shredding machines also exist to destroy floppies, CDs and DVDs, while other devices poke holes in media or scratch them up. While these approaches might seem somewhat extreme, they are nevertheless effective. One downside is that they prohibit the re-use of computers or devices to donation programs for the technologically disadvantaged.

Data Destruction Can Be Criminal