When data is deleted from a magnetic disk storage device such as a hard drive, the data can often be recovered. A hard drive typically comprises many addressable data storage units known as “blocks.” A file (or other logical data storage unit) typically comprises data written to the blocks, and an entry in a file structure that includes pointers that point to the blocks storing the data. The “delete” function of many file systems only removes the pointers; the data itself remains intact. Even after a low-level formatting of a hard drive, data stored on the drive may be recoverable. In certain situations, such as when the data includes sensitive information, allowing the data to remain recoverable after it has been “deleted” may be undesirable.
Several techniques for “sanitizing” a magnetic disk exist. Generally, sanitization involves affecting a disk so that data previously stored on it is unrecoverable. One way to sanitize a hard drive is to physically destroy the drive. For example, the drive may be dismantled or otherwise physically altered. Another physical method is to degauss the disk by applying a powerful alternating magnetic field to the disk. The degaussing technique changes the orientation of the magnetic particles on the disk platter.
If the drive is to be reused, it can be sanitized by writing over the data already on the disk. This is known as “media overwrite” sanitization. Media overwrite sanitization may be as simple as writing zeros to every bit on a drive, or writing different predetermined or random patterns to the drive. Writing over the drive once is known as a “single pass” overwrite. Writing over the drive multiple times is known as “multiple pass” overwrite. Different users require different levels of sanitization. For example, a user storing sensitive information, such as confidential trade secrets, may want to perform a greater number of passes.
Several different “patterns” have been developed to perform overwrite sanitization. A pattern is the sequence of bits (ones and zeros) that will be written to every bit on the drive. Using a multiple pass overwrite, different patterns may be used for each pass. For example, the first pass may use the pattern, the second pass uses the pattern's complement, and the third pass used random data.
Sanitization is typically performed at the granularity of the entire storage medium. Usually, when a hard drive or other magnetic medium is being retired or removed from use, the entire drive is sanitized to protect the data. In other instances, though, it may be desirable to sanitize only a portion of the drive. For example, storage users that are subject to government regulations regarding the retention of data may want to delete and sanitize only the files that the users are permitted to delete. The regulations may require that the user retain the other files.
A file may be sanitized as soon as it is deleted. Sanitizing a file as soon as it is deleted typically requires performing multiple overwrite sanitization before the operating system receives confirmation that the file has been deleted. However, this is extremely resource intensive, since the hard drive or other storage medium is typically required to write over the same blocks several times before the file is considered sanitized.