[unisog] Wiping hard drives before computer transfer

Curtis K. Shrote shrote at arlut.utexas.edu
Mon Feb 10 14:07:33 GMT 2003

In summary, I believe the answer to your Q is that there is no universal 
SOP aside from deciding what your organization will do:

	1) Wipe the drive*
	2) Physical distruction (sledge-O-matic)
	3) do nothing

I hate to bring up the "L" word but perhaps you should consult a lawyer 
within your organization that hopefully has some technical background. 
Obviously, there is a business/economic angle to this as well. Will the 
surplusing result in a sale to the public or reuse within another part 
of the organization? Does the organization really need the revenue from 
the equipment sale/trade-in? Does the IT organization(s) have an 
efficient mechanism to deal with (sanitizing) the surplus? What are the 
regulatory exposures (HIPPA et. al.)? yada, yada, yada ...

*Do I dare bring up the question of sectors that have been marked as bad 
and the residual data that they might contain? Note also that data 
hiding has been proposed using sectors that have been marked bad but are 
not really bad at all. This subject came up in a forensics discussion 
involving attacker tool kits. Obviously this would normally not involve 
a huge % of the drive.

dknapp at calpoly.edu wrote:

> I think I'm entering this in the middle of the thread - but what then is a 
> currently accepted method of wiping every sector on a hard drive such that it 
> would take a military/intelligence agency to recover it? If I had drives that 
> were surplused and had legal or student info on it - what is the SOP for 
> removing such data?
> tia
> dknapp at calpoly.edu

More information about the unisog mailing list