Sanitization Techniques


GSA Standards of Good Practices

Sanitization of Sensitive But Unclassified (SBU)

Data from Magnetic Storage Media

 3. Sanitization Techniques:  overwriting, degaussing, and destruction.


Overwriting is an effective method for clearing data from hard magnetic media (hard drives and disks, but not floppy disks or tape).  As the name implies, overwriting uses a program to write (1s, 0s, or a combination) onto the media.  Common practice is to overwrite the media three times in alternating fashion "1010101010 ..." then "0101010101 ...."  However, it is not uncommon to see overwrites of media up to eight times depending on the sensitivity level of the information.  Overwriting should not be confused with merely deleting the pointer to a file (which typically happens when a delete command is used). 

Overwriting requires that the media be in working order (ideally, a bad block map is made prior to sensitive data being introduced on the media and another map made after the overwrites).  If bad blocks develop after the initial mapping which are not corrected during the “overwrite,” then the “overwrite” is considered to have "failed" at least insofar as the data potentially resident in the bad block. Similarly if an initial bad block map was not made and bad blocks exist after the “overwrite,” we have to assume that sensitive data could potentially be on one of the bad blocks.  At the point it's a risk decision whether you accept the “overwrite” or move on to degaussing or physical destruction of the media.


Degaussing is a method to magnetically erase data from magnetic media.  Two types of degausser exist: strong permanent magnets and electric degaussers.  Degaussers come in a variety of strengths, and are generally categorized as Type I (weakest magnetic field) to Type III (strongest magnetic field).  Type I degaussers are not particularly useful given the proliferation of high density media -- they're just not strong enough.  Type II's are generally used for floppy disks, but are generally not strong enough for the high density hard disks which typically require the Type III degaussers.


The final method of sanitization is destruction of the media by shredding, burning, sanding, or chemical decomposition. For hard disks, typically that means sanding to physically remove the top coated layers of the hard disk. Floppy disks and tape can sometimes be shredded. Burning and chemical decomposition generally pose some environmental hazards, and should be avoided if possible.

