Digital computers, mass digital data storage subsystems and the like typically include disk storage units to provide for relatively long-term storage of digital data. It is often necessary to remove a disk storage unit from a computer, mass storage subsystem, etc., in which it formed component. This may occur, for example, if it is necessary to remove the disk storage unit for repair, if it is necessary to replace the disk storage unit, if the computer, mass storage subsystem, etc., is to be discarded, or for other reasons that will be apparent to those skilled in the art.
Data stored in a disk storage unit is often confidential to the organization that maintains the computer, mass storage subsystem, etc., in which the disk storage unit forms a component. Several problems can arise in connection with maintaining the confidentiality of the data that is stored in a disk storage unit. For example, disk storage units store data, organized into files, in magnetic form. Typically, when a file is deleted, the data is not erased from the disk storage unit, but instead information detailing the locations of the data comprising the respective file is deleted from tables that are maintained therefor by the computer, mass storage subsystem, etc. Accordingly, merely erasing files from a disk storage unit will not serve to erase the data contained in the files. The data can be recovered using any of a number of conventional data recovery techniques.
Even if efforts are made to sanitize a disk storage unit, that is, to erase the data stored in a disk storage unit, to over-write the data with other data, or to perform other sanitizing operations that will be apparent to those skilled in the art, it is often still possible to recover the erased or over-written data, since it is not unusual for residual magnetic fields to remain after the erasure or overwriting that can be detected sufficiently for the data represented thereby to be reconstructed. In addition, since the data storage capacity of disk storage units is quite large and growing, the time required to over-write the data stored on a typical disk storage unit even once is prohibitive, and typically data is not considered “wiped” until it has been over-written at least several times, generally with predetermined data patterns.
Moreover, during wiping, a “Trojan horse” program can cause data to be copied from the storage locations in which it is currently stored to spare storage locations on the disk storage unit that may be provided to accommodate the possibility that some of the “regular” storage locations may go bad. If a regular storage location does go bad, the disk storage unit automatically stores the data that is to be stored on the bad regular storage location on a spare storage location that has been allocated therefor. Thereafter, when the data is to be retrieved from a “regular” storage location for which a spare storage location has been allocated, the disk storage unit will automatically retrieve the data from the spare storage location and provide the data to the device that requested the data. Generally, the spare storage locations will be known to the disk storage unit, and not to the device, that is, the computer or the like that stores data in, and retrieves data from the disk storage unit, and so the wiping will be in connection with the regular storage locations and not the spare storage locations. In that case, the data will still be available in the spare storage locations.
Instead of overwriting or wiping a disk storage unit, the contents of a disk storage unit can be erased in a “bulk erasure” operation by bringing the disk storage unit in close proximity to a strong magnetic field to “de-gauss” the disk storage unit. However, de-gaussing a disk storage unit, in addition to erasing the data stored thereon, will also erase formatting information that identifies the storage locations, making the disk storage unit thereafter unusable.