A plus 1002 Sub-objective 2.9 – Given a scenario, implement appropriate data destruction and disposal methods.

Go back to A+ 220-1002 Domain 2.0 table of content

Welcome to ExamNotes by CertBlaster! This section will examine 220-1002 Objective 2.9 regarding the proper disposal of data and the media types that data is stored on. This section is pretty short but is very important so please pay attention. Let’s dig in!

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

When data security was discussed in earlier posts, the majority of the discussion was centered on protecting live or active data. Equally important is data that has been moved, is no longer in use, or is stored on various types of storage media. Shown below is a look at complete PC component destruction using an industrial shredder.

Shredded PC’s

Physical destruction

Sensitive data can be stored indefinitely on hard drives, solid state media, and tapes. Unless the data is destroyed, it is recoverable by any party. When choosing a destruction method, understand how the data is stored on the device. For example, a solid state drive stores data electronically and is not erased in the same way a hard disk or DLT tape would be. Optical media on ROM disks will always need to be physically destroyed.

Shredder

A shredder, as the name implies, reduces computer components including drives into small pieces. Specific industrial grade shredders designed for hard drives exist. Note that some digital data destruction software is also referred to as shredding. The software will leave the drive useless for general use. Digital shredding is less dramatic than the physical option.

Destroyed Hard Drive

Drill / Hammer

In the absence of a shredder, it is recommended to destroy hard drives by drilling several holes through them or by smashing them with a hammer. When drilling, be sure to drill all the way through the cover, platters, and circuit board. The goal is to render the drive unreadable or unspinnable. A hammer will bend the platters out of their surgical alignment. A hammer and nails will also prohibit spinning. The drill and/or hammered nails will create holes in the plates that will destroy the read/write heads on the drive.

Electromagnetic (Degaussing)

For hard drives and tapes, another method of ensuring complete data destruction is to wash them electromagnetically. A process called degaussing engulfs the storage device in a very high-intensity magnetic field that fluctuates between the poles, leaving the object magnetically neutral. Since the data stored on these devices is magnetic, the information is wiped out. In addition, the low-level format placed on the drive at the factory is eradicated, making the drive useless. Be advised that this method will have no effect on CD-ROMs and SD cards.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Incineration

This is a viable option when performed by professionals. Be advised that incinerating devices can generate toxic fumes such as PCBs which are quite hazardous. We are not recommending that you throw devices in the fireplace or your barbeque grill! Incineration should be performed by professionals with industrial incinerators. Companies that perform data destruction are also authorized to issue legal documentation of the destruction.

Certificate of destruction

When a storage device is destroyed by a professional service, they will issue a certificate indicating their compliance with the required privacy and data security regulations. These regulations can include but are not limited to those issued by the DoD (Department of Defense), NIST (National Institute of Standards and Technology), and HIPAA (Health Insurance Portability and Accountability Act). This document provides a high level of confidence that any sensitive information has been destroyed while insulating any organization from any legal repercussions surrounding the stored information. Some companies provide the opportunity to witness the destruction.

Sample Certificate of Destruction and Recycling

Recycling or repurposing best practices

Treatment of unused storage devices (e-waste) is an increasing problem as devices are lasting longer than their relevance. For reasons of speed or storage capacity, there are a fair amount of magnetic drives and even SSD drives that have outgrown their value to the owner. The main question to answer is whether or not to repurpose the drive or to destroy it. For both disk types, if the objective is to repurpose the drive, guarantee that all of the data has been wiped from the device.

Low level format vs. standard format

Low-level formats are performed on hard drives at the factory and contain only the information necessary to interact with a file system. This format writes the track and sector information necessary for a standard (high level) format, creating the MFT and the MBR for the disk. Simply put, the disk is unusable without the low-level format.

Utilities exist that will perform this function. It is imperative that the correct drive is being formatted as this process is irreversible. Remember that performing a low-level format comes with the risk of unintentionally destroying data. Shown below is an example of a low-level format tool.

HDD low level format tool

Overwrite and Drive wipe

A drive wipe utility, freely available from the drive’s manufacturer or from other online sources, can completely overwrite the drive with zeroes using a new low level format, eradicating the contents of all sectors (hard drive). Secure erase utilities are also available which essentially dump the electrons stored in each block of an SSD device, returning the SSD to its factory specs. Again, be absolutely sure the right target has been selected.

Click here for the A+ Practice Test Bundle for A+ Exams 220-1001 & 220-1002

Shown below is a look at a potentially confusing PC configuration in the Disk Management Console. If a low level format is being attempted, it is highly recommended that the computer configuration be reduced to a removable boot device, e.g. a USB or optical boot device that can be used to load the chosen formatting tool to work on the target drive.

Disk management

That’s all for 220-1002 objective 2.9. You are close to the end of Main Domain 2.0. One to Go! Good luck on the test!

Trust Guard Security Scanned
Share This
Real Time Web Analytics