In the era of formalized data privacy, governed by data regulation laws like GDPR and CCPA, organizations realize the need to adopt specialized tools for guaranteed media sanitization in line with the data protection laws. For the modern IT asset manager, the era brings upon a significant onus of attaining failsafe data destruction, i.e., eradicating data from the storage media, leaving no possibilities of retrieval, breach, or leakage. In this context, the exceptional NIST-tested professional data erasure tools set the “ Gold Standard ” for attaining failsafe and compliant data destruction. The following sections explore the growing relevance and need for NIST-approved data erasure tools.
Advent of the Certified Data Erasure Software
Rise of the data destruction industry and media sanitization standards like NIST 800-88 is a testimony to the growing commercial need for certified data erasure software that can guarantee data privacy and compliance. As a result, companies tend to qualify the existing generation of data erasure software tools on their ability to deliver “proven results,” i.e., whether the software confirms to international erasure standards such as NIST SP 800-88 in order to perform fail-safe erasure and meet the audit requirements. In other words, certified proof of erasure is a crucial need for organizations to meet compliance in the emergent data privacy regime.
But, a question looms concerning the criteria for picking the right tool to meet the privacy and compliance goals that can prevent growing instances of data breach.
How Do You Trust A Data Wiping Tool?
Despite the established software tools claiming to implement certifiable data erasure techniques, there remains a gap in their ability to deliver “Failsafe Compliance” from the forensic validation standpoint. Professional data erasure tools generate reports and certificates to prove their wiping efficacy in terms of adhering to International erasure standard.
However, there is no intrinsic mechanism to empirically validate this claim vis-à-vis the steps defined in the originating media sanitization standard. For instance, how does an organization or auditor ascertain that a given data erasure software indeed wipes the hard drive or SSD as per NIST SP 800-88 standard? Indeed, the erasure reports and certificates generated by the software do provide proof. But do they serve as definitive and “empirical evidence” to support the tool’s claim of implementing the NIST data erasure technique? Perhaps, to a limited extent, unless the wiping technique’s implementation is validated or accredited by a competent authority.
The fact is that only a specialized forensic test, designed by a recognized lab, can genuinely verify the tool’s backend implementation of an erasure method. The forensic testing of BitRaser Drive Eraser by the National Institute of Standards and Technology (NIST) illustrates this viewpoint in the following section.
NIST-Led Forensic Testing of BitRaser Drive Eraser
NIST examined the data wiping (overwriting) capability of BitRaser Drive Eraser software based on the NIST 800-88 Purge Secure Erase Standard in a specially designed test environment. The test was performed using the Computer Forensics Tool Testing (CFTT) Test Suite, a proprietary tool collaboratively developed as part of NIST’s CFTT Program for evaluating forensic media preparation tools. The test’s purpose was to ascertain BitRaser’s data wiping effectiveness as per NIST guidelines to meet the prevalent computer forensics investigations standards.
NIST Test Environment for Data Erasure Software
BitRaser Drive Eraser v3.0 was tested in CFTT’s Federated Testing Forensic Tool Testing Environment. The test environment comprised a desktop PC connected with two SATA hard drives, including a hard disk drive and solid-state drive, supporting Native Command Queuing (NCQ) to allow a uniform testing mechanism. The hard drives had different storage capacities, and one of the drives consisted of hidden sectors.
Results Attained with NIST-Tested Data Erasure Software
BitRaser performed overwriting using NIST 800-88 purge wiping standard guidelines on approx. 976 Million sectors on the hard disk drive and 250 Million sectors on the solid-state drive. The CFTT Test Suite validated that BitRaser performed secure overwriting on all the sectors, including the hidden areas, without any scope for retrieval.
You can Download the test report from here. The Report is also available on the :
Conclusion
Organizations today shoulder an unparalleled responsibility of handling sensitive data in a secure and compliant manner. The enactment of strong data protection laws obligates organizations to follow stringent protocols when destroying sensitive data. In this context, certified data erasure tools help organizations meet compliance by providing documented audit trails.
Having a certified data erasure software with credible validation from a competent authority responsible for defining erasure standards globally will help organizations revalidate media wiping efficacy of the tool. The NIST-led computer forensic tool testing of BitRaser Drive Eraser illustrates the significance of in-lab validation of the software’s capability in drive wiping, thereby reaffirming its reliability as data erasure tool that can wipe the hard drive or SSD as per NIST SP 800-88 standard.
