CompTIA A+ Exam 220-902 sub-objective 3.6 – Given a scenario, use appropriate data destruction and disposal methods

Back to the main 902 ExamNotes page

Detailed (and official) description of CompTIA A+ sub-objective 3.6

3.6 Given a scenario, use appropriate data destruction and disposal methods.

Physical destruction
Shredder
Drill / Hammer
Electromagnetic (Degaussing)
Incineration
Certificate of destruction

Recycling or repurposing best practices
Low level format vs. standard format
Overwrite
Drive wipe

Welcome to Exam Notes by CertBlaster! Here we will examine the 220 902 objective 3.6 regarding the proper disposal of data and the media types that data is stored on. This will be pretty quick, but important so pay attention. Let’s dig in.

When we discussed data security in earlier posts the lion’s share of the discussion centered on protecting live or active data. Equally important is data that has been moved or is no longer in use stored on various types of storage media. Here is a look at complete PC component destruction using an industrial shredder.

photo of several Shredded PC's in a mound
Shredded PC’s

Physical destruction

Your sensitive data can be stored indefinitely on hard drives, solid state media and tapes. Unless the data is destroyed it is recoverable by any subsequent party. When choosing a destruction method you need to understand how the data is stored on the device. For example a solid state drive stores data electronically and is not erased in the same way a hard disk or DLT tape would be. Optical media on ROM disks always need to be physically destroyed.

Shredder

A shredder as the name implies reduces the drive to small pieces. There are specific industrial grade shredders designed for hard drives. Note that some digital data destruction software is also referred to as shredding. The software will leave the drive useless for general use. Digital shredding is less dramatic than the physical option.

photo of a Destroyed Hard Drive
Destroyed Hard Drive

Drill / Hammer

It is recommended in the absence of a shredder that hard drives be destroyed by drilling several holes through them or smashing them with a hammer. When drilling be sure to drill all the way through the cover, platters and circuit board. The goal is to render the drive unreadable or unspinnable. A hammer will bend the platters out of their surgical alignment, a hammer and nails will also prohibit spinning and the drill will introduce holes in the plates that will destroy the read/write heads on the drive.

Electromagnetic (Degaussing)

In the cases of hard drives and tapes you, another method of ensuring that your data is obliterated is to wash them electromagnetically. A process called degaussing engulfs the storage device in a very high intensity magnetic field that fluctuates between the poles, leaving the object magnetically neutral. Since the data stored on these devices is magnetic the information is wiped out. Also the low level format placed on the drive at the factory is  eradicated making the drive useless. Be advised that using this method on CD-ROMs and SD cards will have no effect.

Incineration

This is a viable option when performed by professionals. Be advised that incinerating devices can generate toxic fumes such as PCBs and be quite hazardous to your health. We are not recommending that you throw these devices in the fireplace or your barbeque grill! The incineration should be performed by professionals with industrial incinerators. Companies that perform data destruction are also authorized to issue legal documentation of the destruction.

Certificate of destruction

When a storage device is destroyed by a professional service they will issue a certificate indicating their compliance with the required privacy and data security regulations. These regulations could include but are not limited to those issued by the DoD (Department of Defense), NIST (National Institute of Standards and Technology) and HIPAA (Health Insurance Portability and Accountability Act). This document provides a high level of confidence that any sensitive information is destroyed while insulating your organization from any legal repercussions surrounding the stored information. Some companies provide the opportunity to witness the destruction.

photo of a Sample Certificate of Destruction and Recycling
Sample Certificate of Destruction and Recycling

Recycling or repurposing best practices

The treatment of unused storage devices (e-waste) is an increasing problem as our devices last longer than their relevance. For reasons of speed or storage capacity you will find a fair amount of magnetic drives and even SSD drives that have outgrown their value to the owner. So the issue you face is repurpose vs destruction. For both disk types if the objective is to repurpose the drive you will want to guarantee that all of your data is wiped from the device.

Low level format vs. standard format

Low level formats are performed on hard drives at the factory and contain only the information necessary to interact with a file system. There are utilities that will perform this function but it is imperative that you are absolutely sure that you are formatting the correct drive as it is irreversible. This is essentially only the track and sector information necessary for a standard (high level) format which writes the MFT and The MBR to the disk in preparation for storage. So simply put without the low level format the disk is unusable. Remember that performing a low level format comes with the risk of unintentionally destroying data. Here we see one example of a low level format tool.

screenshot of hdd low level format tool
HDD low level format tool

Overwrite and Drive wipe

A drive wipe utility freely available from the drive manufacturer or other online sources can completely overwrite the drive with zeroes with a new low level format eradicating the contents of all sectors (hard drive). Also available is are secure erase utilities which essentially dump the electrons stored in each block of an SSD device returning it to its factory specs. Again here be sure you have the right target.

Here is a look at a potentially confusing PC configuration in the Disk Management Console. If you are attempting a low level format it is highly recommended that you reduce the computer configuration to a removable boot device e.g. a USB or optical boot device to load the chosen formatting tool and only the target drive to prohibit any mistakes.

Screenshot of a Disk management console
Disk management

That’s all for 220-902 objective 3.6. You are close to the end of Main Domain 3.0 – Good luck on the test!
Back to the main 902 ExamNotes page

2 thoughts on “CompTIA A+ Exam 220-902 sub-objective 3.6 data destruction & disposal methods

    1. Thanks for your feedback Craig. For the A+ 220-901 we have a post for every sub-objective and many cover power supplies, the complete table of content is here: http://may68radio.com/?certs=exam-notes-comptia-a-exam-220-901/ For the A+ 220-902 TOC (under development but a bit over 70% complete) see here: http://may68radio.com/?certs=comptia-aplus-exam-notes-exam-220-902/
      If you know which A+ sub-objective you want to study, just go to any of the two pages, select the CompTIA Main Domain your topic falls under, click it and in that sub-TOC select the post you need. There is one post for each CompTIA A+ exam sub-objective. Good luck on the exam!

      PS. If you know the number of the sub-objective you want to study, then let us know and we’ll send you the link.

Leave a Reply

Your email address will not be published. Required fields are marked *

On Facebook

Share This
Real Time Web Analytics