Media is the material carrying data, such as paper or electronic storage devices. Media sanitization is a process of removing data from media so that it cannot be retrieved or reconstructed. It is a key step in assuring data confidentiality.
When data is no longer needed it should be sanitized from the media that it was on. Some examples of when media sanitization should be employed may include:
- A device is transferring ownership,
- A device is at the end of its useful life and will be retired or surplused, or
- Data retention is no longer allowed by contract or regulation and must be destroyed.
There are multiple ways that media can be sanitized. The method used should be based on the sensitivity of the data; however, available methods can vary depending on the media type and its manufacturer. The most restrictive method available should be used when possible. This guidance document can be used to help the Vanderbilt community practice appropriate measures for keeping VU data safe.
Once you have determined that media needs to be sanitized, use the decision flow to help guide which sanitization method to use.
This table helps describe each method on common types of media.
Media Type | Example | Clear | Purge | Destroy |
Applying software or hardware products to overwrite target data with non-sensitive data or using a menu option to reset to the factory state. It cannot be used on damaged media or if the media is not rewritable. | Applying software or hardware products to overwrite target data with non-sensitive data or using a menu option to reset to the factory state. It cannot be used on damaged media or if the media is not rewritable. | Applying physically destructive techniques to render data recovery infeasible and subsequently the makes the media unusable. Destroying also clears and purges. | ||
Magnetic Media | Magnetic disks and tapes, ATA/SCSI Hard Disk Drives | Overwrite using at least 1 pass of a random, fixed value (e.g., all zeros) or non-sensitive signals | Degauss, Secure erase unit, or Sanitize with overwrite or cryptographic erase | Incinerate or Shred |
Flash Based Storage | Solid State Drives, memory cards | Overwrite using at least 1 pass of a random, fixed value (e.g., all zeros) or non-sensitive signals | Sanitize with block erase or cryptographic erase | Shred, Disintegrate, Pulverize, or Incinerate |
Locally Attached Hard Drives | USB, Firewire | Overwrite using at least 1 pass of a random, fixed value (e.g., all zeros) or non-sensitive signals | Not always available, refer to the manufacturer | Shred, Disintegrate, Pulverize, or Incinerate |
Optical Media | CD/DVD, Blu-ray disk | N/A | N/A | Optical disk grinding, Incinerate, Shred |
Network Device | Router, switch | Perform full manufacturer's reset | Not always available, refer to the manufacturer | Shred, Disintegrate, Pulverize, or Incinerate |
Office Equipment | Printer, fax, etc. | Perform full manufacturer's reset | N/A | Shred, Disintegrate, Pulverize, or Incinerate |
Paper | Paper, microform | N/A | N/A | Cross cut shred, Disintegrate, Pulverize, or Incinerate to white ash |
Here are some commercially available tools that can be used for Clearing:
Software Application | License / Cost Type | Windows | MacOS | Linux | Description |
Darik’s Boot and Nuke (DBAN) | Shareware | Yes | Yes | Yes | Data erasure for full volumes or partitions. Terminal interface. |
Disk Utility | Freeware | Panther or later | Data erasure for full volumes or partitions. Application with a graphical user interface. | ||
Disk Wipe | Freeware | XP or later | Data erasure for full volumes or partitions. Application with a graphical user interface. | ||
Eraser | Freeware | Windows 7 or later | Data erasure for full volumes, partitions, and single files. Application with a graphical user interface. | ||
KillDisk | Free and Professional | Windows | MacOS | Linux | Data erasure for full volumes or partitions. Application with a graphical user and command- line interfaces. Provides completion certificate. |
dd | Freeware | Panther or later | Kernel 2.0 or later | Data erasure for full volumes, partitions, and single files. Command-line tool. | |
Shred | Freeware | Panther or later | Kernel 2.0 or later | Built-in dd, wipe and shred tools. | |
sDelete | Freeware | Vista / 2008 or later | Data erasure for full volumes, partitions, and single files. Command-line tool. | ||
Secure rm | Freeware | Vista or later | Kernel 2.0 or later | Data erasure for full volumes, partitions, and single files. Command-line tool. | |
Wipe | Freeware | Kernel 2.0 or later | Data erasure for full volumes, partitions, and single d-line tool. |
Here's how to accomplish media sanitization at VU:
Clear
- Contact your IT administrator (e.g., for VUIT-managed electronic devices submit a ticket). Alternatively, see the table of Example Clearing Software for potential clearing tools.
Purge
- Contact your IT administrator (e.g., for VUIT-managed electronic devices submit a ticket).
Destroy
- Paper: Use Shred-It containers.
- Electronic devices in the VUIT Data Center: Submit a ticket to VUIT's Network Operations Center.
- All other electronic devices: Submit a ticket to the FutureVU Sustainability office (i.e., Campus Recycling Program, Computer and Electronics Waste).
General FAQs
Not sure how to start?
Get in touch if you don’t know where to begin, you can’t find the guidance needed on the website, or if you just want to learn more. The Office of Cybersecurity has subject matter expertise and is here for Vanderbilt community to discuss security questions or concerns.