IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.167 Secure deletion of data media
Initiation responsibility: Head of IT Section
Implementation responsibility: IT Procedures Officer
A regulated procedure for the deletion or destruction of data media will
prevent misuse of stored data. Before data media can be reused, the stored
data must be fully deleted, for example by being completely overwritten or by
formatting the media. This is especially important when data media are to be
passed on to third parties. After receiving the data medium, the recipient must
also check whether the protection requirements of the data require the data
medium to be erased immediately after the data has been transferred to
another IT system.
There are various different methods of deleting information from data media,
for example with deletion commands, by formatting, by overwriting or by
destroying the data medium. The method that should be chosen is dependent
in this case, too, on the protection requirements of the data to be deleted;
protection against the restoration of residual data increases in the order shown
below.
Deletion commands
When deletion commands are used, especially in DOS-based operating
systems it should be noted that the file information is not in fact deleted at the
same time, only the reference to that information in the table of contents on
the data medium. The file remains available. There are a large number of
programs which can be used to restore the information that is believed to have
been deleted (such as UNDELETE in DOS).
To delete files irrevocably, all entries on the data medium must be
overwritten. Programs such as PC Tools ("Overwrite" option to overwrite data
media or WIPE program to overwrite individual files) or Norton Utilities
(WIPEINFO program) can be used for this purpose.
Formatting
To return data media to their original state and therefore also to erase any
information that they may contain, they can be formatted. How reliably the old
data is deleted by this, however, is heavily dependent on the underlying
operating system. Whatever the case, overwriting the old data is more reliable.
When DOS data media are being formatted, care should be taken for example
that the parameter /U (e.g. as in DOS 6.2 format a: /U) is used so that the
formatting process cannot be reversed by the unformat command. For the
same reason, formatting under Windows 95 and Windows NT must be
executed with the parameter complete, and not quick-format.
Overwriting
Physical erasure sufficient for medium-level protection can be achieved by
overwriting the entire data medium or at least the used sectors with a certain
pattern. Certain commercially available products even allow the physical
erasure of individual files.
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000