Re: Hard drives v. CF/Smart media/etc.

[Fred Cohen <fred.cohen () all net>]

I have extracted a few items from the data destruction checklist in  
the CISO Toolkit to help answer these questions more clearly:

Destruction of data is tuned to the media and surety requirement.
For digital data stored on disk, tape, or other digital media,  
deletion of files through standard operating systems is used only for  
low risk situations and is not relied upon.
Secure deletion based on multiple pattern-based overwrites is used in  
cases where medium or high grade threats are active.
Electromagnetic erasure with high Oersted field generators is used  
for medium risk situations.
Physical destruction of disks is used only for high risk levels.
Physical destruction of the media and its contents by burning at high  
temperatures for a long enough time or boiling in acid of the proper  
type for a long enough time is used for high risk data on digital  
storage.
...
For CD-ROMs and Fiche with high valued data, destruction is done by  
burning or emulsifying with acid.
For rapid initial destruction of CD-ROM data, a microwave oven or  
shredder is used prior to the normal disposal process.
...

FC
-- This communication is confidential to the parties it is intended  
to serve --
Security Posture            securityposture.com          tel/fax
University of New Haven               unhca.com        925-454-0171
Fred Cohen & Associates                 all.net      572 Leona Drive
Security Management Partners    policygeeks.com    Livermore, CA 94550