With the use of increasingly sophisticated encryption systems, an attacker wishing to gain access to sensitive data is forced to look elsewhere for information. One avenue of attack is the recovery of supposedly erased data from magnetic media or random-access memory.[1]

It's been 25 years since the publication of Dr. Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" [1]. His seminal article brought attention to the fact that after a hard drive is overwritten, remnants of the data could be retrieved using sophisticated laboratory equipment.

Gutmann proposed a general overwrite algorithm with 35 different patterns to consider the many different hard drive technologies available at the time. You still sometimes see a "35-pass overwrite" method in data erasure software, though at the time even the US Department of Defense decided seven passes was enough.

These days disk manufacturers use sophisticated encoding methods, and higher capacity means the data is densely packed, making it much harder to read and interpret the data using lab techniques. Low-level retrieval of overwritten data on modern drives is incredibly difficult, and in some cases, built-in hardware encryption makes it impossible.

"One overwrite pass is enough to make a hard drive safe to be reused in all but the most security-sensitive cases."

However, you must make sure the data is erased! Many used disks sold on eBay have user data on them[2]. Standard operating system delete or format commands are not good enough: the data is still easily read from the disk.

Ziperase software uses the "NIST Purge or Clear" method as its default erasure algorithm. NIST 800-88-r1 is the state-of-the-art in official guidelines for data sanitization, matching the most appropriate, modern techniques to the type of media being erased [3].

    • If Purge is supported by the disk, Ziperase software runs specialist disk commands to securely erase data from all of those hard-to-reach areas. 
    • Otherwise, we use Clear: a single overwrite pass designed to remove all user-accessible data.

    Ziperase then proceeds with additional verification steps to make sure things went as expected. Most importantly, Ziperase software is tested by ADISA using the NIST method, which certifies that no data can be found using invasive recovery techniques.

    Entrust your data erasure needs to Ziperase to ensure all confidential information is securely deleted.


    [1]Secure Deletion of Data from Magnetic and Solid-State Memory”, Peter Gutmann, Proceedings of the 6th Usenix Security Symposium, July 1996.

    [2] "Remembrance of Data Passed: A Study of Disk Sanitization Practices", Simson Garfinkel and Abhi Shelat, IEEE Privacy, and Security, February 2003.

    [3] "Guidelines for Media Sanitization", Richard Kissel, Andrew Regenscheid, Matthew Scholl, and Kevin Stine, NIST Special Publication 800-88 Revision 1, December 2014.