Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
Already have an account? Sign In »
4 hours 25 minutes
Hi. Welcome to module to lessen 6.6. In this lesson, we're going to discuss data disposal.
There's basically two main questions when we're talking about data disposal.
When should we get rid of data
and how should we get rid of that data
now? When we should get rid of the data is there's no single answer. It's gonna be based on a lot of different factors. Sometimes regulation is involved. You know, we may be in an industry where we required to keep data for a certain amount of time based on the regulation that we fall under.
Sometimes it's a certain business need. Maybe when we want to keep tax records or financial records back for a certain amount of time because we want. We want to see how we've done over the years and we want to shape our future financials based on some retort historical stuff. So it could be some business need that we want to keep it.
It could be customer requirements. Maybe we're a managed service provider for a customer, and that customer dictates that we keep data for a certain amount of time.
Or maybe there's legal requirements that could be liability issues may be in the structural engineering world. You're liable for structures that you designed for up to 10 years. So maybe you have to keep your data for 10 years and that that Rick in that field for legal reasons in case your case, there's a lawsuit. So there's many different
reasons why we have to keep data for different
varying leaks of time. So there's no one standard answer, and there's likely gonna be multiple answers in your environment, depending on the type of data that it is
now. How should we dispose of the data? Gets very interesting. There's There's two basic ways to do it. One is destruction. We can physically destroy the hard drives that the data resides on. Weaken Put him in industrial shredder, so there's nothing but millions of pieces left. We could put him an incinerator, so it just melts him. There's nothing left.
We conduce um, de gauze ing, which has met a strong magnetic force that destroys the disc.
So physical destruction of the disk is one way that we can that we can dispose of the data. But what if we want to keep the physical drive What if we want to reuse the drive? Well, in that case, really, disk wiping is the is the best answer for that
now. SSD I'll say. Hard disk drives and SSD solid state drives are different. They require different mechanisms for eraser, so SSD requires specialized software to be able to completely toe y por to completely securely erase data.
Dis wiping is sufficient for HDD or hard disk drives.
So now deletion doesn't really delete the files. And this is why disk wiping is necessary. So when you take a file and you move it on a Windows machine, let's say you move it to the recycle bin. That doesn't do anything. All that's really doing is moving it to a folder called Recycle Bin Right. The file still exists.
We're still a pointer that's pointing to the file. It's still there. There's really nothing that's changed except its location.
When you empty the recycle bin. All that does is removes the pointers that were referencing the file
right. So there was. There were some pointers that said where the file was, it removed those pointers. It marks the space where the file exists as free space, but it doesn't actually remove the file that the data still remains on the disk. That space is just marked as free. So the next time
the operating system needs to write something to that space, it can. It's freed up,
but it's not erased. It's still there.
Even formatting doesn't completely erase the data. It does something very similar to emptying the recycle bin. It just marks essentially the whole disk as free space. But the data still remains, and there is software out there very easily available software out there that you can get to recover files and recover data
that has been removed from the recycle bin or even after formatting has occurred.
So how does hard distillation work that's killed this? This will give you a better idea of how disk wiping in a hard disk drive works.
Let's say we've got these files right the way a drive an HDD hard disk drive, writes data to the disk is a desert in sectors that writes data to these different sectors. This is just a very rudimentary example. It's not an actual example, just a visual representation of it. But let's say we've got a hard driving we've got this pointer called my picture
that points to some data
data is written in one sector that my pictures written in another sector. We've got, you know, other data. We've got bank statements and work documents and tax records and other things. And those all have pointers that point to the actual data
when we go in and we delete. If we've removed the file from the Recycle Mint, we empty the recycle bin. We essentially were just removing those pointers right, the point that the data still exists. But we removed the pointers, and it's pretty easy to recover that data. It may be a little bit of chaos. We might have to search for it a little bit,
but it's pretty easy to recover it
so it can do what's called disk wiping and disk Wiping is the only real way to really, truly erase that data. It never really erases the data, but what it does is it rights over those spaces that have been marked free? So when we remove the data from the Recycle bin way into the recycle bin in the windows environment, it marked that sector is free even though the data still there.
What disquieting does essentially is, writes random characters,
toothy sectors, but it takes multiple passes to do so because it only writes random characters here and there to try to break the data up.
So the first past, maybe it writes a few characters in, and it breaks some of the data up. We still got to completely intact files and a couple of more files here that maybe we could still deduce what they were because only parts of them have been over written
Second pass would get a little bit better. It overwrites it a little bit more third pass and so on and so forth. It takes about seven passes. The inter. There's some debate in the industry, but it takes about seven passes to fully securely wipe ah, hard drive Some organizations that have very sensitive data.
Some of the government organizations use up to 35 passes
to completely wipe drives that have sensitive data on them.
That brings us to the end of our data disposal section. Next up, we're gonna talk about security monitoring