Data Shredding DOD Style

Main.DataShreddingDODStyle History

Show minor edits - Show changes to output

Changed lines 122-127 from:
7) Verify the deletion.
to:
7) Verify the deletion.

When booting the machine from a LiveCD again, and looking at the partitions,
it should report that "No operating system can be found".
Strictly speaking, this isnt proof of complete data removal either, but together with scrub's own verification,
it fulfills the requirements
.
Added lines 1-122:
======= Data removal in accordance with Datatilsynets requirements =======

This guide describes how to delete data permanently,

following, as recommended in http://www.datatilsynet.dk/offentlig/sikkerhed/sletning-af-datamedier/ ,
the specification DOD 5220.22-M,

http://www.usaid.gov/policy/ads/500/d522022m.pdf


====== Intro / Background ======


When giving hardware away, IT University has to follow the
danish Datatilsynets guideline for the deletion of data,

http://www.datatilsynet.dk/offentlig/sikkerhed/sletning-af-datamedier/

related page in english: http://www.datatilsynet.dk/english/processing-of-sensitive-personal-data-in-a-cloud-solution/

====== scrub ======


A software tool compliant with the DOD 5220.22-M specification is

scrub

http://sourceforge.net/projects/diskscrub/

http://linux.die.net/man/1/scrub



It is also available as a binary in Ubuntu repos for versions 10 and 11,
and contained in security tool collections like Backtrack.

Here, we will be using Backtrack 4 Live CD,

http://www.backtrack-linux.org/


====== Time estimate ======



The time needed for this procedure depends on size of systems,

however a reasonable estimate is

15 mns for preparation and boot of machine,
and half and some hours for the actual deletion process,

//Since the process runs unattended for several hours, we suggest that the task is performed on a "one laptop per day" basis ("start in the morning, let it run, finish when leaving") - not as a dedicated task.//


====== Step-by-step Guide ======


1) Use bootable dvd or USB with backtrack 4 -



2) Insert dvd drive (if not in place already) and boot from dvd

Alternatively, boot backtrack from USB stick - if the BIOS supports this.


3) start backtrack in default mode, then boot into GUI by typing

# startx

3a) If relevant, go to Control Panel and change keyboard settings for easier use.
The default keyboard is "US".


4) From the menu, open Backtrack > Digital Forensics > Anti-Forensics > scrub

or just open a console.


5) On the opening console, type

# fdisk -l

or use

# gparted

to identify the partitions you would like to shred.

Output of fdisk command might look like this:

Device Boot Start End Blocks Id System
/dev/sda1 * 1 7708 61907816 7 HPFS/NTFS
/dev/sda2 7709 16218 68356575 83 Linux
/dev/sda3 16219 16704 3903795 82 Linux swap / Solaris
/dev/sda4 16705 19457 22113472+ b W95 FAT32


6) Shred the partition with


# scrub -p dod <dev>

In doubt check the manpage at

http://linux.die.net/man/1/scrub

Example: to shred the Windows HPFS/NTFS partition on system above,
type

# scrub -p dod /dev/sda1

During the process, you will see output like

scrub: 0x00
scrub: 0xff
scrub: random

scrub in dod mode will take 7 rounds total while the default mode (NNSA Policy Letter NAP-14.x) takes 3 rounds.

7) Verify the deletion.