Information Disposal Procedure

Your organization bought computers, used them and now it's time to discard them. Most old hardware is donated to schools or is simply auctioned off. However, all that data contains a lot of confidential information, and it is essential that such data is properly erased so it cannot be recovered.

Any organization should have a simple and brief procedure that will treat information carriers of systems that are to be discarded. Here is a brief summary of the Information disposal procedure elements.

1. Functional systems that are to be donated
These are realistically functional computers, from which data should be properly erased.

  1. Empty all CD-ROM drives - you'll be surprised how many CD's are forgotten in discarded systems
  2. Use Darik's Boot and Nuke to destroy the information on the system.
  3. For medium security systems (standard employee system with limited access to information) use the DoD short method - 3 passes
  4. For high security systems (systems used by managers, auditors and similar which have access to significant amounts of information) use the Gutmann method - minimum of 25 passes

2. Non-functional systems whose hard drive is functional
While such systems are not directly useable, the users can attach the disks to other computers and attempt information recovery.
  1. Empty all CD-ROM drives - you'll be surprised how many CD's are forgotten in discarded systems
  2. Attach the disk drive from the discarded system to another system
  3. Use Darik's Boot and Nuke to destroy the information on the attached disk.
  4. For medium security systems (standard employee system with limited access to information) use the DoD short method - 3 passes
  5. For high security systems (systems used by managers, auditors and similar which have access to significant amounts of information) use the Gutmann method - minimum of 25 passes

3. Non-functional systems whose hard drive is not functional
In case of non-functioning drives, it shouldn't be assumed that all data on it is lost. A lot of disk drives can be revived with a replaced logic board, and there are companies which perform data recovery by direct magnetic analysis of the disk plates
  1. Empty all CD-ROM drives - you'll be surprised how many CD's are forgotten in discarded systems
  2. Remove the disk drive from the system
  3. Use a degausser to physically destroy any possible information on the disk - this will in effect also destroy the disk geometry rendering the disk unuseable
  4. In case a degausser in not available, dismantle the magnetic plates of the disk, and use a large hammer on them


Talkback and comments are most welcome

Related posts
6 steps to securing your backup media
Be Aware of Security Risks of USB Flash Drives
Tutorial - A Poor Man's Secure USB

7 comments:

Snip said...

Interesting post.
The Darik's boot and nuke tool can be, in emergency, a powerwul antiforensics tool too.

regards.

Daniele

Bozidar Spirovski said...

Indeed DBAN can be used to destroy evidence. But on the other hand, for the destruction to be successful, you need to let DBAN make at least 1 pass over the entire partition, which takes time. On a 80GB IDE drive it took 40 minutes, so it can't be a real emergency information destructor

Snip said...

Sure, not good if someone is yet knokcking at the door.

Jan said...

Good tips and advice. My favorite part of the post is your advice to use a large hammer. How's that for impact. :)

Stephen said...

Very useful post. Keep it up. Well done.

denisejmorris said...

Right here's how you can download Aptoide for PC if you are one of them. aptoide lite in addition to android phone. You could download.

exam said...

playbox hd apk

Designed by Posicionamiento Web