Page 328 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 328
magnetic fields and remove data remanence. However, they are only
effective on magnetic media.
In contrast, SSDs use integrated circuitry instead of magnetic flux on
spinning platters. Because of this, degaussing SSDs won’t remove data.
However, even when using other methods to remove data from SSDs,
data remnants often remain. In a research paper titled “Reliably
Erasing Data from Flash-Based Solid State Drives” (available at
www.usenix.org/legacy/event/fast11/tech/full_papers/Wei.pdf), the
authors found that none of the traditional methods of sanitizing
individual files was effective.
Some SSDs include built-in erase commands to sanitize the entire
disk, but unfortunately, these weren’t effective on some SSDs from
different manufacturers. Due to these risks, the best method of
sanitizing SSDs is destruction. The U.S. National Security Agency
(NSA) requires the destruction of SSDs using an approved
disintegrator. Approved disintegrators shred the SSDs to a size of 2
millimeters (mm) or smaller. Many organizations sell multiple
information destruction and sanitization solutions used by
government agencies and organizations in the private sector that the
NSA has approved.
Another method of protecting SSDs is to ensure that all stored data is
encrypted. If a sanitization method fails to remove all the data
remnants, the remaining data would be unreadable.
Be careful when performing any type of clearing, purging,
or sanitization process. The human operator or the tool involved in
the activity may not properly perform the task of completely
removing data from the media. Software can be flawed, magnets
can be faulty, and either can be used improperly. Always verify that
the desired result is achieved after performing any sanitization
process.
The following list includes some of the common terms associated with
destroying data:
