Picture this.

What We Do: Select a file -> Right-click on it-> Choose Delete option
What Happens Actually: File Pointer gets deleted + File directory changes
What We Do: Select Files in Recycle Bin -> Right-click -> Click on Delete option
What Happens Actually: File Links gets deleted + Data still exist

Data Sanitization


Wondering why so? What’s wrong with our sanitization methods—Shift + Delete, Formatting, Reformatting, OS Reinstallation, etc. Why do these standard approaches not ensure complete data erasure? Why is data recovery possible after erasure?

If these or other similar queries are triggering your mind, then here is a comprehensive guide for you. It will help you identify what is wrong with your Data Sanitization method.

We have all heard of the data breaches stories abounding identity theft due to data lifting from thrown away storage devices or other ways. Shockingly, since 2015, the data breaches have enhanced. According to the latest surveys, the reported 2016 data breaches are 40% more in comparison to 2015. According to the Verizon’s 2015 Data Breach Investigations Report:

  • 50% — Caused are by organization insiders
  • 30% — Caused are by worker negligence or improper disposal
  • 20% — Caused are by misuse events
  •  

    Additionally, according to the Identity Theft Resource Center Breach Report, from 2005 to June 2017, the number of breaches have been 7,674. We can easily state that this number will certainly heighten this year and might turn into a more serious mess.

     

    Why Standard Data Sanitization Approach — Erasing/Deleting File is Not Enough?

    The simple reason is deleting does not erase the data permanently from a storage device. It just makes it invisible so unless it has been overwritten using new information there are possible chances of recovery. Furthermore, if we are talking from SSDs perspective, the erased file case is more challenging in comparison as SSDs save data in block form and deleting data from blocks is more complex. Since we use SSDs with files that are changed or deleted frequently there is a dire need of a strong data wiping tool that ensures protection against performance drop.

    How Does Data Wiping Differs from Deletion/Removal?

    Both the processes are very dissimilar. While Deletion/Removal provides the space for reuse by simply marking space as available, the data wiping overwrites the data and replaces it with garbage data. So, there is no scope of recovery with Data Wiping approach.

    Let’s delve deeper and look at different sanitization methods used by us and try to analyze why they are insecure.

     

    Common Approaches to Dispose of Data

    File Deletion

    It is one of the most common methods. We can say it is just like the process to remove index page from the book. As a consequence, though the pages are kept well intact in the book, yet you will not be able to view them. However, using a right recovery approach, you can restore them. Similarly, File Deletion deletes the file entry from file allocation table whereas its content remains intact.

    Disk Partitions Deletion or Reformatting

    Reformatting is basically a process to rebuild a file system from scratch. That means it recreates the file allocation table. Further, deleting a partition does not guarantee that data has been erased completely; it might be possible that it is still intact on another partition. Hence, both the options do not ensure safe disposal.

    Data Encryption

    Comparatively better, but again not the fool-proof solution. The reason being, in the digitized era cracking a password or encryption key is no big deal. Once cracked or broken, data can easily be retrieved.

     

    To sum up, it will not be erroneous to state that the Deletion/Removal methods ensure no security of data removal hence is not best practice.

    As stated, the data wiping approach is a secure disposal approach on the grounds that it overwrites the data using a useless pattern. And, as a net result, even data recovery tools cannot recover data from it.

     

    In Summation

    Generally, we all believe that delete or format command is the logical approach to remove unwanted data. However, if we flip the coin and glance at the real picture, those methods are simply sweeping it under the carpet. The reason being, it removes the pointer and you will not be able to see the data because of it, even though it is still intact there. Thus, using software, data recovery is possible.

    To combat it, it is imperative to take proper measures such as Data Wiping to clean the drive prior to selling or disposing of it.

     


    Editor’s Note: This blog article was written by an outside contributor – a guest blogger – for the purpose of offering a wider variety of content for our readers. However, the opinions and recommendations expressed in this guest blog are solely those of the contributor, and do not necessarily reflect those of The Security Awareness Company, LLC. If you are interested in writing something for us, please do not hesitate to contact us: blog@thesecurityawarenesscompany.com.

    Manish Bhickta

    Product Marketer at Stellar Data Recovery
    Manish Bhickta is a product marketer who works for Stellar Data Recovery. He has been in the cybersecurity arena for the last 3 years and has raised awareness against data breaches and other online malicious activities.

    Latest posts by Manish Bhickta (see all)