kenpat/comptia-a-plus-core2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
comptia-a-plus-core2/notes/SEC-9-data-destruction.md

260 lines
6.2 KiB
Markdown
Raw Blame History

# SEC-9: Data Destruction
Status: not started
Domain:
- 2.0 Security
Objective alignment:
- 2.9 Data destruction
## What You Need To Know
Data destruction means making stored data unrecoverable before a device is reused, recycled, sold, returned, or thrown away.
The exam wants you to match the method to the situation:
- Reuse the drive: securely wipe it.
- Dispose of the drive: physically destroy it.
- Magnetic hard drive: degaussing can work.
- SSD or flash storage: degaussing does not work.
- Legal or regulated data: keep a certificate of destruction.
## Memory Trick
Use **W-D-S-C**:
- **W**ipe if you want to reuse it
- **D**estroy if you want it gone forever
- **S**SDs do not degauss
- **C**ertificate proves destruction
Shortcut:
- **Reuse = wipe. Retire = destroy. Regulated = certificate.**
## Deleting Is Not Destruction
Normal delete:
- Removes the file entry from normal view.
- The data may still exist on the storage device.
- Recovery tools may be able to bring it back.
Recycle Bin or Trash:
- Even less final than deletion.
- The user can often restore the file.
Exam clue:
- If the question asks for secure removal, normal delete is not enough.
## Formatting
Quick format:
- Rebuilds the file system structure.
- Usually does not overwrite all old data.
- Data recovery may still be possible.
Regular format:
- Overwrites sectors on modern Windows versions.
- Takes longer than quick format.
- Better for data removal than quick format.
Low-level format:
- Factory-level process.
- Not a normal user or technician procedure on modern drives.
- Usually not the right exam answer for everyday data destruction.
## Secure Erasing and Wiping
File-level overwrite:
- Overwrites a specific file.
- Useful when only one file must be removed.
- Does not wipe the rest of the drive.
Whole-drive wipe:
- Overwrites the entire drive.
- Useful before reusing or repurposing a drive.
- Takes longer but covers all data.
Examples:
- Windows Sysinternals `sdelete` can securely delete files or clean free space.
- DBAN can wipe traditional hard drives.
SSD caution:
- SSDs use wear leveling, so old data may not be overwritten the same way as a spinning hard drive.
- Use manufacturer secure erase tools, OS reset options designed for SSDs, or cryptographic erase when available.
Cryptographic erase:
- Destroys the encryption key instead of overwriting all storage blocks.
- Fast when the device was already fully encrypted.
- Without the key, encrypted data is not practically readable.
## Physical Destruction
Physical destruction makes the drive unusable.
Common methods:
- Drill or hammer through platters/chips
- Shredding
- Incineration
- Degaussing for magnetic media
Use physical destruction when:
- The drive will not be reused.
- The data is highly sensitive.
- Regulations or company policy require destruction.
- You cannot trust a software wipe.
## Degaussing
Degaussing uses a strong magnetic field to destroy data on magnetic media.
Works for:
- Magnetic hard drives
- Some magnetic tapes
Does not work for:
- SSDs
- USB flash drives
- SD cards
- Other flash storage
Exam clue:
- If the device is SSD or flash, do not choose degaussing.
## Certificate of Destruction
A certificate of destruction is proof that a drive or batch of drives was destroyed.
It may include:
- Date
- Serial numbers or asset tags
- Method used
- Vendor name
- Chain-of-custody details
- Signature or confirmation
Use it when:
- A third party destroys the drives.
- Data is regulated.
- The organization needs an audit trail.
## Choosing The Best Method
Scenario shortcuts:
- Old company laptop will be reused: whole-drive wipe or secure erase.
- Failed hard drive with patient records: physical destruction plus certificate.
- Magnetic hard drive disposal: shred, drill, incinerate, or degauss.
- SSD disposal: shred or use SSD secure erase/crypto erase; do not degauss.
- One file must be removed but the drive stays in use: file-level secure delete.
- Drive is encrypted and being retired: crypto erase may be appropriate if policy allows it.
## Commands To Enter
Only run these against disposable test files. Do not run wipe commands against real drives in this course unless you intentionally want to destroy data.
Windows PowerShell:
```powershell
New-Item -ItemType Directory -Path "$env:USERPROFILE\AplusDataDestructionLab"
```
What it does:
- Creates a safe lab folder in your user profile.
```powershell
"Practice data" | Set-Content "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
```
What it does:
- Creates a small test file for the lab.
```powershell
Remove-Item "$env:USERPROFILE\AplusDataDestructionLab\test.txt"
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```powershell
Get-Volume
```
What it does:
- Lists mounted volumes and file systems.
- Use it for inspection only in this section.
Linux:
```bash
mkdir -p ~/aplus-data-destruction-lab
```
What it does:
- Creates a safe lab folder in your home directory.
```bash
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Creates a small test file.
```bash
rm ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```bash
lsblk -f
```
What it does:
- Lists block devices and file systems.
- Use it to identify storage types for inspection only.
macOS:
```bash
mkdir -p ~/aplus-data-destruction-lab
```
What it does:
- Creates a safe lab folder on the Mac.
```bash
printf "Practice data\n" > ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Creates a small test file.
```bash
rm ~/aplus-data-destruction-lab/test.txt
```
What it does:
- Deletes the test file.
- This is normal deletion, not secure destruction.
```bash
diskutil list
```
What it does:
- Lists disks and partitions.
- Use it for inspection only.
## Quick Checks
You should be able to answer:
- Why is normal delete not secure destruction?
- What is the difference between quick format and regular format?
- When should you use whole-drive wiping?
- Why does degaussing not work on SSDs?
- When is a certificate of destruction needed?
- What method would you choose for a drive that must be reused?
- What method would you choose for regulated data on a retired drive?
Reference in a new issue View git blame Copy permalink