Magnetic Storage Media Information Destruction

The reasons as to why you would want to destroy information stored on magnetic information storage media permanently and irrecoverably are many and include:

• Asset Decommissioning - Information and information storage systems exceeding their use by date, that is to say they are no longer cost effective to maintain and keep in service.
• Redundant Information - The information itself is no longer required or deemed to be of inconsequential importance to such a degree that it is no longer viable/economically feasible to store it. All storage systems occupy space and any information of no value to an organization will be taking up valuable storage space that the storage of information with more pressing concerns so desperately needs.
• Integrity Failures - The information is incorrect, inaccurate or has become corrupted to the extent that it is no longer trustworthy and therefore of little if any use
• By Decree - For example in the case of Personally Identifiable Information (PII) the person the information pertains to has the right to request its removal and destruction

The recommended practice for irrecoverable erasure and degaussing of magnetic media is as part of a three-phase process. Each phase consists of a write procedure followed by a degauss procedure as follows:

• Phase One: In the first phase, you overwrite the media with a randomized pattern of ones and zeros three times. Then you degauss the media.
• Phase Two: During the second phase, we use irrelevant but real data to overwrite the media three times. This data could be a set of MP3 or WAV files, followed by document files (PDF, word docs, text files) and then another set of files such as streaming media, jpeg or mpeg files (pictures movies etc.). Some companies will use a set of images of extreme resolution in an uncompressed format. This has the effect of writing data to more than 90% of the discs magnetic domains. Now you repeat your degaussing procedure using a different degaussing device or method (DC instead of AC or permanent magnet).
• Phase Three: Finally, the last cycle will overwrite the disc another three times with randomized data. Then comes the final degaussing cycle after which the media is ready for permanent physical destruction.

Going to Extremes

"Why go to such extremes?" you may ask. Well, the answer lies with the toxic composition of information technology systems and media. Today you will find that there are regulatory requirements concerning the appropriate disposal and probable recycling of the materials used to make your storage media. Thus, you need to be very sure that there is no hope in hell that anything is recoverable from your waste after it leaves your control.

Always bear in mind that you are responsible for the ultimate nondisclosure of all Personally Identifiable Information (PII), company secrets or your own secrets. This includes the implementation of the appropriate measures to ensure complete destruction of said information whenever and wherever appropriate. If they get out, you will be wearing the consequences. By using the above procedure, you do not need to worry about the actions or irregular practices of others.

To illustrate further I recently brought a dozen hard drives on eBay. In every case, their entire contents were readable. Their previous owners had merely deleted the files prior to selling them. When the operating system deletes a file it only changes the flag marking that location on the drive as being available for writing new data. It does not overwrite or securely delete the old data. All you need to do to gain access to the information is to use another operating system to view the discs. So insert the drives into an external USB hard disc drive enclosure and hey presto all is revealed. Even when the information is in an encrypted format, you still have complete access to the information since it is physically in your possession. All you need do is crack the encryption key and if so inclined you have the rest of your life in which to do it.

Another very good reason for implementing a complete and thorough data sanitization procedure upon second-hand and reusable storage media is that you most definitely do not want any nasty surprises such as malware invading your systems from devices whose sanctity and sterility you cannot possibly guarantee.