We use cookies on this website. By using this site, you agree that we may store and access cookies on your device Read More Got it!
logo
  • Home
  • Products
    • Secure Drive Wiping SoftwareSecurely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software Erase & Diagnose iOS® & Android® Simultaneously
    • File Eraser SoftwarePermanently wipe files and folders, and erase traces of apps & Internet activity.
  • Solutions
    • Enterprise & SMBWipe hard drives, laptops, desktops, Mac® devices, mobile phones & rackmount storage.
    • Managed Service Provider & SIGlobally trusted data wiping & diagnostic solutions to augment your managed services competences
    • Government Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.
    • ITAD & Refurbisher Bulk erase loose drives, laptops, desktops, Mac devices, rackmount storage & mobile devices with centralized control.
    • Individual & Home User Safeguard invasion of privacy at the time of disposing old PC, laptop & mobile phone
  • Resources
    • CertificationsBitRaser - Tested & certified by multiple International Bodies
    • Reports & Certficates Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure StandardsGlobal erasure standards that help you comply to international laws & regulations
    • Technical Articles Series of articles to help understand data erasure & diagnostics
    • Product FactsheetExplore in-depth details of the features, benefits..
    • Deployment Get instructions on using BitRaser for wiping PC..
    • Case Studies Read Our Customer Case Studies Illustrating The Real-World Usage In Diverse Business Scenarios.
    • Frequently Asked Questions (FAQs) Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog Gain Latest Insights Into Data Erasure, Data Protection, Privacy And Regulations.
  • Partners
  • Products

    CASE STUDIES

    The best way to know about our solution is to read our customer case studies illustrating the real-world usage in diverse business scenarios.

    Read All Case Studies

    • Secure Drive Wiping Software
      Securely Erase Data From HDDs & SSDs in PC, Mac & Server
    • Bulk Drive Erasure Over Network
      Erase Loose Drives, PC, Laptop & Servers Over A Network
    • Mobile Wiping & Diagnostics Software
      Erase & Diagnose iOS® & Android® Simultaneously
    • File Erasure Software
      Permanently Wipe Files & Folders, Erase Traces Of Apps & Internet Activity
  • Solutions

    BITRASER® DATA ERASURE SOFTWARE

    Efficient, Easy & Permanent Wiping Of Sensitive Data Across Storage Devices. Guaranteed Data Privacy.

    Learn More

    • Enterprise & SMB
      Wipe Hard Drives, Laptops, Desktops, Mac® Devices, Mobile Phones & Rackmount Storage.
    • Managed Service Provider & SI
      Globally Trusted Data Wiping & Diagnostic Solutions To Augment Your Managed Service Competences.
    • Government

      Attain Compliance by Securely Erasing Data on HDDs & SSDs in PC, Mac, Laptops, Servers & Mobile Devices.

    • ITAD & Refurbisher
      Bulk Erase Loose Drives, Laptops, Desktops, Mac Devices, Rackmount Storage & Mobile Devices.
    • Individual & Home User
      Safeguard Invasion Of Privacy At The Time Of Disposing Old PC, Laptop & Mobile Phone.
  • Resources
    • Product Certifications
      BitRaser - Tested & certified by multiple International Bodies
    • Sample Reports & Certificates
      Tamper proof erasure reports & certificates to help meet audit trails
    • Data Erasure Standards
      Global erasure standards that help you comply to international laws & regulations
    • Technical Articles
      Series of articles to help understand data erasure & diagnostics
    • Product Factsheets
      Explore in-depth details of the features, benefits and specifications of our variants.
    • Deployment
      Get Instructions On using BitRaser for wiping PC, Mac, hard drives, mobile devices & files.
    • Case Studies
      Read our customer case studies illustrating the real-world usage in diverse business scenarios.
    • Frequently Asked Questions (FAQs)
      Our Top FAQs That Will Help You Get Answers To Your Questions.
    • Blog
      Gain latest insights into data erasure, data protection, privacy and regulations.
  • Partners
  • +1-844-775-0101
  • Submit Enquiry

Are Multiple Passes Necessary For Permanent Data Erasure?

  • author image

    Written By Namrata Sengupta linkdin

  • calender

    Updated on Sept 17, 2021

  • clock

    Min Reading 3 Min

Exponential growth of data and rising cases of data breach incidents have necessitated organizations to not overlook data security concerns at the end-of-life of IT assets. Businesses need to do realign their approach on how they deal with end-of-life equipment. The safest way to deal with devices at their disposal stage is to ensure they are permanently wiped and erased to ensure that data cannot be recovered even by laboratory techniques. Performing Data Erasure on storage devices that can be re-used is the  most environment-friendly and cost effective approach to data destruction. Data erasure generally involves overwriting the data stored in media with single or multiple over writing cycles or Passes which may range from 1 pass (zeroes) to 35 passes (Peter Gutmann).

So, the question that arises is why do we need multiple passes for data destruction?
Is performing more overwriting passes better than just performing lesser or even one?
Why does different global data erasure standards propose different overwriting passes?
Or which standard is suitable for a business or individual need to perform permanent data erasure?

In this article, we will provide answers to all above questions and help you understand the mechanism of overwriting using different passes for Hard Drives and SSDs.

How Many Passes Are Necessary For Permanently Wiping Hard Drives?

The answer to the number of passes to securely overwrite a hard drive permanently is not straightforward as it would involve several considerations including the technology, latest research findings, evolution of data erasure techniques and recommended methods by governments and international agencies. Before we arrive at a conclusion, we would first need to understand the basics of hard drive erasure, the emergence of data erasure standards and the evolution of faster and more complex flash-based storage media including the solid state drives.

Hard Disk Drives- Permanent Data Erasure

Deleting a file from your hard disk drive or formatting the entire hard drive does free up space on your hard disk but does not destroy the data making it easier to be recovered by freely available data recovery tools. Deleting simply removes the pointers to the file, making it invisible and allowing free space for further storage.

However, when a hard disk drive is overwritten with a stream of zeros, ones or pseudo-random pattern on all sectors of a hard drive (all user-addressable locations including logical file storage locations), it leads to permanent erasure of data or media sanitization beyond any scope of recovery.

Emergence of Data Erasure Standards- Specifying Differing number of Passes

Data Erasure has been guided by various industry specific and government prescribed standard for data destruction, typically specifying the numbers of overwriting passes to be used for securely and permanently erasing data. NISPOM (National Industrial Security Program) manual introduced in the year 1995 by US Department of Defense specified DoD 3 Pass standard (DoD 5220.22-M) as data erasure technique by overwriting all addressable locations with a character, its complement and a pseudo-random character. However, in 2001, it was removed from the NISPOM manual and was not permitted for Top Secret Media.

Peter Gutmann, computer scientist in Department of computer science, university of Auckland, New Zealand, proposed a 35 pass erasure method to prevent data recovery using sophisticated tools such as magnetic force microscopes. However with the arrival of newer HDDs, that used PRML coding techniques instead of older MFM/RLL technique used in early HDD, made Gutmann method obsolete. Gutmann’s contemporary, Bruce Schneier, a security expert, also proposed a 7 pass overwriting method to erase data.A German information security agency, BSI, in the early 2000 devised a 7 pass method (VSITR) which became popular in Europe. Another standard published by Britain’s National Cyber Security Center, HMG Infosec Standard 5, proposed Baseline method with 1 pass and Enhanced method with three passes. Click here to learn more about 24 global data erasure standards.

NIST 800-88: Globally Adhered Media Sanitization Standard

NIST 800-88 with one write pass is the most preferred standard by the US federal government today. NIST (National Institute of Standards and Technology, U.S.) guidelines for media sanitization, first published in 2006 and revised in 2014,  is now one among the most prevalent media sanitization guidelines in the world today. It specifies ‘Clear’ and ‘Purge’ as methods of media sanitization to attain data destruction through overwriting. The guidelines state that “for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media.” Also, the revised guidelines in 2014 stated that “For storage devices containing magnetic media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data.” NIST purge technique can also be executed with a single pass, although it also offers an inverted 3 pass method. NIST also recommends that hidden areas of the drive should also be addressed, before overwriting.

SSD Erasure- NIST Recommends 1 Pass with Specialized Commands

SSDs do not contain magnetic coatings. Instead they rely on embedded processor & flash memory chips that retain data. Flash storage allows data to be written and erased from a given location for a fixed number of times (typically 10,000) in their lifecycle and this can exhaust the overall lifetime of SSD, making sanitization of SSDs complex. NIST recommends erasure of SSDs with one overwriting pass combined with specialized commands. It proposes “Secure Erase, Block Erase or Cryptographic Erasure” if supported by the SSD, as a standard erasure procedure.

Conclusion: Benefits of Single Overwriting Pass Outweighs the Multiple Passes

With NIST guidelines of 2014, the fear of recovery after just one cycle of overwriting has been put to rest. NIST clearly states that one write pass is sufficient to erase data from drives beyond recovery. In recent years with innovations around the hard drive technology, such as the high data density on disk platters, makes data recovery impossible after single overwriting pass followed by verification of the overwrite.

Overwriting by multiple passes can be considered, however, organizations will have to consider the time and cost involved on each processed IT asset being overwritten multiple times. Also, global government bodies (NIST 800-88, NCSC, BSI etc.) and agencies advocate 1 write pass as the standard method for overwriting, but it is mandated to follow the overwriting process with actual verification of the overwrite, ensuring that every addressable storage locations has been overwritten.

NIST SP 800-88 guidelines, however does not offer one size fits all formula for erasing hard drives and it shall be an organizational prerogative to ensure which method is more suitable for them and how many overwriting pass is needed given the security categorization and sensitivity of data to be erased. You can read more about the different erasure standards and learn how a NIST Tested & Approved data erasure software offers a solution that can help you securely and permanently erase data on all storage drives including HDDs, SSDs across PC, Mac and servers here.

FAQs

Is 1 pass erase enough?
Yes, a single overwriting pass followed by verification of the erasure process is enough to wipe data beyond recovery securely.
How many passes does it take to erase an SSD?
NIST recommends erasing SSDs with one overwriting pass combined with specialized commands. It proposes “Secure Erase, Block Erase, or Cryptographic Erasure,” if supported by the SSD, as a standard erasure procedure.
Can you permanently erase SSD?
Yes, certified data erasure software like BitRaser ensures that SSDs are permanently erased without any scope of data recovery.
Does removing the hard drive remove all personal data?
Removing a hard drive from a computer or other device does not necessarily remove all personal data from the drive. A hard drive contains various storage areas where data can be stored; physically removing the drive does not erase the data stored on the drive. Permanent data erasure requires securely erasing the data.
Why do we need multiple passes for data destruction?
Multiple passes of Overwriting can be considered; however, organizations must consider the time and cost involved in each processed IT asset being overwritten multiple times. Global government bodies (NIST 800-88, NCSC, BSI, etc.) and other agencies advocate 1 write pass as the standard method for overwriting, but it is mandated to follow the overwriting process with actual verification of the overwrite, ensuring that every addressable storage locations have been overwritten.

BitRaser is NIST Certified

See All Certifications

Related Articles

What Is The Right To Erasure: An Insight

Jan 07, 2022

NIST 800-53 Data Sanitization Recommendations

August 25, 2022

Use Of NIST 800-88 Standard For Drive Erasure

Jan 15, 2020


REACH US

Stellar Data Recovery Inc.

48 Bridge Street Metuchen, New Jersey 08840, United States

Call Us

+1-844-775-0101

Email Us

sales@bitraser.com

Follow Us

linkedin youtube

Useful Links

  • About Us
  • Legal Policy
  • Privacy Policy
  • Cookies Policy
  • Sitemap

NEWS AND EVENTS

  • News & Press Release
  • Events

PARTNERS

  • Our Partnership Models
  • Reseller
  • Distributor
  • OEM
  • ITAD

RESOURCES

  • Knowledge Series
  • Technical Articles
  • Knowledge Base
  • Blogs
  • Reports & Certificates
  • Download Brochure
  • Deployment
  • Product FactSheets
  • Case Studies
  • Our Clients
  • Residual Data Study

BitRaser® & Stellar Data Recovery are Registered Trademarks of Stellar Information Technology Pvt. Ltd. © Copyright 2023 Stellar Information Technology Pvt. Ltd. All Trademarks Acknowledged.

ISO Certified
NAID VENDOR
ERN VENDOR

Submit Enquiry

Submit Enquiry

Usage*:     Business   Personal
5nYwK

I understand that the above information is protected by Stellar's Privacy Policy.

ulSAF

I understand that the above information is protected by Stellar's Privacy Policy.

Modal body..
24 Internationally Recognized Erasure Standards
NIST Clear
NIST-ATA Purge
US Department of Defense, DoD 5220.22-M (3 passes)
US Department of Defense, DoD 5200.22-M (ECE) (7 passes)
US Department of Defense, DoD 5200.28-STD (7 passes)
Russian Standard – GOST-R-50739-95 (2 passes)
B.Schneier’s algorithm (7 passes)
German Standard VSITR (7 passes)
Peter Gutmann (35 passes)
US Army AR 380-19 (3 passes)
North Atlantic Treaty Organization-NATO Standard (7 passes)
US Air Force AFSSI 5020 (3 passes)
Pfitzner algorithm (33 passes)
Canadian RCMP TSSIT OPS-II (4 passes)
British HMG IS5 (3 passes)
Zeroes
Pseudo-random
Pseudo-random & Zeroes (2 passes)
Random Random Zero (6 passes)
British HMG IS5 Baseline standard 
NAVSO P-5239-26 (3 passes) 
NCSG-TG-025 (3 passes)  
5 Customized Algorithms & more

Listening...