Data Shredding DOD Style

Main.DataShreddingDODStyle History

Hide minor edits - Show changes to markup

Changed lines 122-127 from:

7) Verify the deletion.

to:

7) Verify the deletion.

When booting the machine from a LiveCD again, and looking at the partitions, it should report that "No operating system can be found". Strictly speaking, this isnt proof of complete data removal either, but together with scrub's own verification, it fulfills the requirements.

Added lines 1-122:

======= Data removal in accordance with Datatilsynets requirements =======

This guide describes how to delete data permanently,

following, as recommended in http://www.datatilsynet.dk/offentlig/sikkerhed/sletning-af-datamedier/ , the specification DOD 5220.22-M,

http://www.usaid.gov/policy/ads/500/d522022m.pdf

====== Intro / Background ======

When giving hardware away, IT University has to follow the danish Datatilsynets guideline for the deletion of data,

http://www.datatilsynet.dk/offentlig/sikkerhed/sletning-af-datamedier/

related page in english: http://www.datatilsynet.dk/english/processing-of-sensitive-personal-data-in-a-cloud-solution/

====== scrub ======

A software tool compliant with the DOD 5220.22-M specification is

scrub

http://sourceforge.net/projects/diskscrub/

http://linux.die.net/man/1/scrub

It is also available as a binary in Ubuntu repos for versions 10 and 11, and contained in security tool collections like Backtrack.

Here, we will be using Backtrack 4 Live CD,

http://www.backtrack-linux.org/

====== Time estimate ======

The time needed for this procedure depends on size of systems,

however a reasonable estimate is

15 mns for preparation and boot of machine, and half and some hours for the actual deletion process,

//Since the process runs unattended for several hours, we suggest that the task is performed on a "one laptop per day" basis ("start in the morning, let it run, finish when leaving") - not as a dedicated task.//

====== Step-by-step Guide ======

1) Use bootable dvd or USB with backtrack 4 -

2) Insert dvd drive (if not in place already) and boot from dvd

Alternatively, boot backtrack from USB stick - if the BIOS supports this.

3) start backtrack in default mode, then boot into GUI by typing

   # startx

3a) If relevant, go to Control Panel and change keyboard settings for easier use. The default keyboard is "US".

4) From the menu, open Backtrack > Digital Forensics > Anti-Forensics > scrub

or just open a console.

5) On the opening console, type

   # fdisk -l

or use

   # gparted

to identify the partitions you would like to shred.

Output of fdisk command might look like this:

   Device Boot      Start         End      Blocks   Id  System
   /dev/sda1   *           1        7708    61907816    7  HPFS/NTFS
   /dev/sda2            7709       16218    68356575   83  Linux
   /dev/sda3           16219       16704     3903795   82  Linux swap / Solaris
   /dev/sda4           16705       19457    22113472+   b  W95 FAT32

6) Shred the partition with

   # scrub -p dod <dev>

In doubt check the manpage at

http://linux.die.net/man/1/scrub

Example: to shred the Windows HPFS/NTFS partition on system above, type

   # scrub -p dod /dev/sda1

During the process, you will see output like

   scrub: 0x00
   scrub: 0xff
   scrub: random

scrub in dod mode will take 7 rounds total while the default mode (NNSA Policy Letter NAP-14.x) takes 3 rounds.

7) Verify the deletion.