This KB outlines a professional technique to perform cryptographic erasure on SSDs using BitRaser Drive Eraser software. The tool implements the Cryptographic Erase (CE) technique to sanitize all types of self-encrypting drives, and it generates tamper-proof certificates & reports for the cryptographically erased SSDs.
Cryptographic erasure is a media sanitization technique based on erasing or replacing the Media Encryption Key (MEK) of a Self-Encrypting Drive (SED), including modern SSDs that store data in an encrypted form. SEDs have “always-on” encryption, and therefore, performing cryptographic erasure (or crypto erase) on such SSDs renders the target data unrecoverable — in the form of ciphertext.
Notably, the crypto-erase technique can sanitize all addressable memory locations on an SSD except unencrypted areas such as those storing pre-boot applications. Also, the effectiveness of cryptographic erasure depends upon the encryption algorithm’s robustness.
Scope of Cryptographic Erasure using BitRaser
Using the software, you can perform cryptographic erasure on the following types of solid-state drives:
- Serial Advanced Technology Attachment (SATA)
- Parallel Advanced Technology Attachment (PATA)
- Non-Volatile Memory Express (NVMe) M.2
- Peripheral Component Interconnect (PCI)
- Small Computer System Interface (SCSI)
- Serial Attached SCSI (SAS)
- Integrated Drive Electronics (IDE)
- Universal Serial Bus (USB) SSD
- Fibre Channel (FC)
- FireWire (IEEE 1394)
Steps to Perform Cryptographic Erasure on SSDs
BitRaser Drive Eraser performs cryptographic erasure on SSDs within 15 minutes based on the following steps and requirements.
Requirements:
- A blank USB flash drive (min. 2 GB capacity): to create a bootable wiping media
- Internet connectivity: Ethernet or Wi-Fi
- Windows PC or Mac: to execute the cryptographic erasure procedure
- SSDs: the encrypted drives you need to erase
Stage 1: Download BitRaser Drive Eraser ISO file [Duration: 5 minutes]
In this step, you download the software ISO file from your BitRaser cloud account after purchasing the licenses.
1. Log into BitRaser Cloud using your registered email and password.
2. Download the BitRaser ISO file by clicking the “Download BitRaser Drive Eraser ISO” link in the dropdown menu on the top right corner. Save the ISO file on your local computer.
Stage 2: Create BitRaser bootable USB media [Duration: 5 minutes]
In this stage, you burn the BitRaser ISO file on a USB flash drive to create a bootable wiping media for executing SSD cryptographic erasure in Stage 3. Here are the steps:
For Windows PC users
- Visit https://rufus.ie/en/ to download Rufus — an open-source program for creating bootable USB
- Install the Rufus app on your Windows desktop or laptop and then plug the blank USB into the system
- Launch Rufus and follow the instructions as per the below image.
4. Click 'START' to proceed with bootable media creation.
5. Click 'YES' to confirm and start the process.
For Mac users
- Visit https://www.balena.io/etcher/ and download balenaEtcher— an open-source application for creating bootable USB media on Mac systems.
- Install balenaEtcher on your Mac and plug the blank USB
- Launch the application and double-click the balenaEtcher icon
- Next, select BitRaser ISO image, select the blank USB drive, and click Flash to burn the ISO onthe USB. After completing this process, you will have the bootable USB media to perform cryptographic erasure on SSDs.
Stage 3: Start the cryptographic erasure process on SSDs using the bootable USB [Duration: 5 minutes]
Once you have the bootable USB ready, follow these steps to perform crypto erase:
- Connect the USB media to the host machine (Windows PC or Mac).
- Also, connect the SSD you want to erase. BitRaser can perform crypto-erasure on the system’s internal SSD and externally connected SSDs.
- Power ON the machine and press the Function keys to enter the boot menu.
- Select the SSD and press Enter— the system with reboot and display the BitRaser Dual Boot menu.
- Select BitRaser and press Enter to initialize BitRaser Drive Eraser.
- The software screen will appear, showing the SSD(s) for cryptographic erasure.
- Select the SSD and then click the Erasure Method dropdown menu.
- Select NIST 800-88 Purge from the dropdown listing. The algorithm performs cryptographic erasure on SSDs. You may also choose BitRaser Secure & SSD erase standard which also supports cryptographic erase.
- Click the Settings icon on the top right corner to acquire licenses for erasure.
- Next, refer to the BitRaser deployment guide and follow the instructions from STEP 5 onwards in STAGE 3.
Using the method described in the KB, you will be able to perform cryptographic erasure on solid-state drives as per the NIST 800-88 Purge standard or BitRaser SSD & Secure Erase Standard. After erasing the drives, the software will generate digitally signed reports & certificates of erasure and upload them to your BitRaser Cloud account.
