A desktop personal computer with an ATA hard drive used by an engineer in the R&D department is going to be retired. According to the media marking policy, the hard drive with confidential data shall be purged so as not to be recovered. Which of the following sanitization operation can not meet the requirement?
A. Use the block erase method
B. Write zeros in all bytes of logical sectors
C. Overwrite the internal media with a constant value
D. Change the internal encryption keys that are used for user data
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Write zeros in all bytes of logical sectors.
Sanitization is a process to make data on the media inaccessible. However, sanitization doesn’t guarantee absolute inaccessibility to data on the media. Data on sanitized media may still be recovered.
There are three categories of sanitization:
- Clear: can be recoverable
- Purge: infeasible using state of the art laboratory techniques.
- Destroy: both destroy and purge the media
ATA sanitization commands are designed to purge data; they apply media-specific techniques to bypass the abstraction inherent in typical read and write commands. The following are ATA sanitization I/O commands:
- CRYPTO SCRAMBLE EXT (D. Change the internal encryption keys that are used for user data)
- OVERWRITE EXT (C. Overwrite the internal media with a constant value)
- BLOCK ERASE EXT (A. Use the block erase method)
ZERO EXT (B. Write zeros in all bytes of logical sectors) does not belong to ATA sanitization operations.
- NIST SP 800-88 R1
- Working Draft ATA Command Set – 4 (ACS-4)