Updated: Sep 03, 2019

Certifications

WipeDrive Enterprise has active certifications by Common Criteria, NATO, HIPAA Compliancy Group, ADISA and NCSC that the data sanitization process meets all government regulations and can be deployed to meet any OEM data erasure requirement. Multiple data erasure methods are supported including:

  • Single Pass – Full device scan and data overwrite all data tracks.
  • Multiple Pass - Supports US DoD 5220.22-M, 3-pass Data Erase Wipe and others.
  • Secure Erase & Sanitize Disk ATA command overwrites as now approved by the NIST and NSA agencies:
    • NIST Special Publication 800-88r-1 – Guidelines for Media Sanitization
    • NSA Overwrite Standards using Secure Erase

The NIST standard has become the industry overwrite pattern of choice. This overwrite pattern correctly addresses flash memory in SSD', NVMe and other drives. WipeDrive meets the NIST standard as stated in the NIST documentation:

“An overwrite technology using firmware-based process to overwrite a hard drive. It is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure. It was added to the ATA specification in part at CMRR request. For ATA drives manufactured after 2001 (Over 15 GB) have the Secure Erase command and successfully pass secure erase validation testing at CMRR. A standardized internal secure erase command also exists for SCSI drives, but it is optional and not currently implemented in SCSI drives tested by CMRR. SCSI drives are a small percentage of the world's hard disk drives and the command will be implemented when users demand it.”

WipeDrive is real world tested and examined on hard drives and SSDs daily because of ITAD certification and compliancy requirements. This ongoing testing by 3rd party forensic firms provides confidence to

SECURITY REQUISITES

WipeDrive is a disk sanitizing tool that permanently erases hard drive data, operating systems, program
files, and all other file data from a system. WipeDrive also provides users with the ability to permanently
delete all partitions and drive formats previously configured. WipeDrive provides 20 disk wipe functions:

  • Standard Overwrite
  • US DoD 5220.22-M 3-pass
  • US DoD 5220.22-M 7-pass
  • GB HMG Infosec Standard #5 Baseline
  • GB HMG Infosec Standard #5 Enhanced
  • Canadian RCMP TSSIT OPS-II Standard Wipe
  • US Army AR380-19
  • US Air Force System Security Instruction 5020
  • German VSITR
  • US Navy Staff Office Publication P-5329-26
  • US National Computer Security Center TG-025
  • CIS GOST P50739-95 version 2
  • Australian Defense Signals Directorate ACSI-33 (X0-PD)
  • SecureErase + 1 overwrite with verify or NNSA NAP 14.1-C
  • Canadian CSEC ITSG-06
  • US Air Force System Security Instruction 8580
  • BSI-2011-VS
  • SSD Smart wipe
  • NIST 800-88r1
  • Custom overwrite pattern

All wipe functions overwrite disk storage, or use special erasure commands native to the drives, to ensure no residual data remains. After the sanitization process has been completed, an audit log is created which compiles verifications that the information contained on the hard drive was in fact erased.

WipeDrive:

  • Is a Linux based OS booted from a LiveCD, which resides in memory during runtime.
  • Is a data protection and erasure tool that permanently wipes data from ATA, SCSI, USB, eMMC, SD, and NVMe-block devices. This includes traditional platter drives as well as SSDs.
  • Allows users to create an audit log to capture verifications of the success or failure of hard drive erasure events.
  • Has the ability to wholly erase Operating Systems, program files, and all file data.
  • Utilizes user interfaces to allow administrators to graphically see the progress of probing, scanning, and erasure events.
  • Enables administrators to view sector data.

The WipeDrive application serves as a single executable file that is primarily responsible for:

  • Scanning the system for devices that can be erasure targets
  • Probing the discovered devices for capabilities
  • Erasing the devices, and performing related operations (such as removing ATA HPA, DCO areas, or Accessible Max Address settings)
  • Producing progress event messages for consumption by a UI for display to the user
  • Producing result messages for consumption by UI
  • Performs audit logging after the erasure of the media has completed

Note: Only a single WipeDrive application will be able to run on any single host at any one time. The Log Storage component is responsible for the storage of audit information. Log Storage refers to any external device with a file system that the WIPEDRIVE can access. Examples of these are a USB drive or a separate hard disk or partition upon the local machine being wiped.

The Log Storage component supports several formats:

  • Regular – a plain-text synopsis (free-form) of what activities were attempted and their result; can optionally include a brief system inventory.
  • Comma Separated Values (CSV) – a plain-text file, delimited by commas, of what activities were attempted and results in a tabular format.
  • XML – an XML file that contains both the activities that were attempted and their result as well as a brief system inventory harvested via invoking the lshw Linux utility.
  • PDF – a PDF file that contains both the activities that were attempted and their result; can optionally include a brief system inventory.
  • HTML – an HTML file that contains both the activities that were attempted and their result; can optionally include a brief system inventory.
  • SQL – a SQL query that inserts log data into a target database.
  • Bootable Report – a report that is written directly to the target drive in a way that when a system attempts to boot from the drive, the report is displayed.

The software generates and captures audit data which is used to provide further verification that an erasure event has occurred. Audit logs containing verification data (either denoting a success or failure) are stored internally to the WipeDrive application. The resulting output of a wipe operation is displayed in an easily interpretable manner. All audit operations can be associated with the administrator who performed that event.

Security is provided with XML and SQL logging, which is a way of determining if the log has been modified in a non-authorized way.

WipeDrive is equipped to operate via various interfaces which are made available to administrators. The administrators of WipeDrive utilize these interfaces to perform the management functions listed above. The primary purposes of these interfaces are to:

  1. Allow commands defined by the WipeDrive to be invoked on the attached WipeDrive application;
  2. Visually display the status of the attached WipeDrive application by interpreting the responses and notifications received; and
  3. Create audit logs according to the user's preferences. The logs can be stored on any form of media that the user desires (e.g. a thumb drive or on an FTP server).

WipeDrive is primarily operated via the GUI interface. The GUI is also run on the same host as the back-end. This will be the default interface for x86 machines that framebuffer can be accessed.

WipeDrive is able to perform three distinct operations for disk erasure – scanning of devices, probing of devices, and the erasure of the devices. Scanning and probing are both performed during the initialization of WipeDrive while the probe operation is run each time a device is discovered. Administrators can execute commands via the GUI to wipe drives. The wipe command applies the administrator definable wipe pattern to each selected disk instance, which performs the overwrite operations directly on the disk.

WipeDrive provides for the erasure of residual information. This erasure is initiated at the user-facing interfaces and requires communication with the information repository (disk). No residual information will reside in the RAM subsequent to a wipe event.

The WipeDrive ISO supports Secure Boot. If the computer's BIOS supports it, Secure Boot will check the signature of important OS files at boot time to make sure that they haven't been modified. Since the Linux OS files are included with the WipeDrive program, this helps ensure that the OS and kernel that the WipeDrive application and UI are running on top of wasn't altered before being booted.

WipeDrive erases data present by overwriting it with a particular pattern of data, thus eradicating the previous contents of the disk. Each wipe pattern adheres to a specific approved standard, including official government and military standards in use today. Specific patterns such as all “ones” and all “zeros” are used in various wipe standards as defined below. The implementation of the wipe functions utilized is vendor-asserted.

Some wipes are designed to use random data, or to include full verification of each character written. The following list details the 20 types of disk sanitization methods made available to administrators of WipeDrive:

  • Standard Overwrite

    • A 1-pass overwriting algorithm that overwrites all data with a fixed value (0x00). If a firmware-based erase is supported by the drive (like Sanitize Device or Secure Erase), then the pattern will use one of those commands instead of overwriting with a fixed value.

  • US DoD 5220.22-M 3-pass

    • A 3-pass overwriting algorithm where the first pass overwrites with zeros (or a firmwarebased erase is done, if supported by the drive), the next pass with ones, and the last writing pass with random bytes. A verify is then performed.

  • US DoD 5220.22-M 7-pass

    • A 7-pass overwriting algorithm where the first pass overwrites with zeros (or, if supported, a firmware-based erase), the second pass overwrites with ones, the third pass overwrites with pseudo-random data, the fourth pass overwrites with zeroes (or, if supported, a firmware-based erase), the fifth pass overwrites with zeros (or, if supported, a firmware-based erase), the six pass overwrites with ones, and the seventh pass overwrites with pseudo-random data.

  • GB HMG Infosec Standard #5 Baseline

    • A 1-pass overwriting algorithm where data is overwritten using zeros, and then verified.

  • GB HMG Infosec Standard #5 Enhanced

    • A 3-pass overwriting algorithm where the first pass uses zeros (or a firmware-based erase), the second uses ones, and the last pass uses pseudo-random bytes. The final pass of pseudo-random bytes is verified.

  • Canadian RCMP TSSIT OPS-II Standard Wipe

    • A 7-pass overwriting algorithm featuring three alternating passes of zeros (or a firmware-based erase) and ones, with the last pass using pseudo-random characters. The last pass is verified.

  • US Army AR380-19

    • A 3-pass overwriting algorithm where the first pass is pseudo-random characters, the second pass is user defined, and the third pass is the inverse of that user definition.

  • US Air Force System Security Instruction 5020

    • A 3-pass algorithm that first overwrites the target data with zeros (or does a firmware-based erase, if supported), then does another overwrite with all ones, and finally overwrite with a user-defined character.

  • German VSITR

    • A 7-pass algorithm. First write all ones, second write zeros (and verifies), then ones, zeros (or firmware-based erase), then ones, then zeros (or firmware-based erase), then writes 0xAA.

  • US Navy Staff Office Publication P-5329-26

    • A 3-pass overwriting algorithm where the first pass overwrites with zeros, the next pass with ones, and the last pass with random bytes. Verify the final pass.

  • US National Computer Security Center TG-025

    • An overwriting algorithm which performs 3 overwrites where the first pass overwrites with zeros, the next pass with ones, and the last pass with random bytes.

  • CIS GOST P50739-95 version 2

    • A 1-pass algorithm which overwrites with pseudo-random characters.

  • Australian Defense Signals Directorate ACSI-33 (X0-PD)

    • A 3-pass algorithm. Write with zeros and verify, write with all ones and verify, write with pseudo-random data.

  • SecureErase + 1 overwrite with verify or NNSA NAP 14.1-C

    • This algorithm changes depending on whether the drive supports a firmware-based erase. If the drive supports a firmware-based erase, it will do a 2-pass algorithm: the firmware-based erase, and then all ones with verification. If the drive doesn't support a firmware-based erase (or if the firmware-based erase fails), then do a 3-pass algorithm: two passes of pseudo-random characters, followed by a pass of all ones. The final pass is verified.

  • Canadian CSEC ITSG-06

    • A 3-pass overwriting algorithm. The first pass is all zeros (or a firmware-based erase), the second pass is all ones, and the final pass is writing pseudo-random characters. The last pass is verified.

  • US Air Force System Security Instruction 8580

    • An 18-pass algorithm. It repeats the following sequence six times: first pass is zeros (or a firmware-based erase if supported), second pass is 0xAC, and the third pass is all ones. At the end, the 18th pass is verified.

  • BSI-2011-VS

    • A 2-pass overwrite: first pass is overwriting with the BSI pattern (then verified), and the second pass is overwriting with zeros and then doing a quick verification (10%) of that pass.

  • SSD Smart wipe

    • A proprietary wipe sequence designed specifically for SSDs. It involves a 3-pass overwrite: first pass is all zeros (or, if supported, a firmware-based erase), second pass is a special proprietary overwrite with random data, and the third pass writes all zeros.

  • NIST 800-88r1

    • Attempts to achieve the “Purge” level of erasure on a drive by following the guidance outlined in the NIST SP 800-88 Rev1 document. This may include using firmware-based commands (like Sanitize Device or Secure Erase functionality), as well as writing data to the drive. If a drive doesn't support the proper firmware-based commands, then this pattern will attempt to achieve the “Clear” level of erasure by writing over the drive.

  • Custom overwrite pattern

    • A user can create their own wiping sequence.

In order to wipe a target, a wipe pattern must be selected from an administrator defined list. A wipe pattern consists of disk operations. The following disk operations are supported:

Performed Prior:

  • ATA REMOVE HPA
  • ATA REMOVE DCO
  • ATA REMOVE ACCESSIBLE MAX ADDRESS

Performed In Conjunction:

  • Write value
  • Verify value
  • Write random
  • Verify random
  • Firmware-based commands (e.g. Enhanced Secure Erase, Sanitize Device) WipeDrive users have the ability to perform three distinct operations when using WipeDrive - scanning a drive, probing a drive, and performing the erasure.

Drive Scanning

The steps necessary to scan a drive are listed below:

  1. At boot, the OS will run a shell script to launch the UI and the backend (WipeDrive).
  2. The UI is loaded with parameters from an initial configuration file.
  3. WipeDrive is started.
  4. Once loaded, WipeDrive executes a series of commands reserved for its startup sequence as defined in the configuration file, including drive scanning.

Drive Probing

The steps necessary to probe a drive are listed below:

  1. For each item in /sys/block, the following sequence is performed:
  2. First, it attempts to instantiate an NVMe device object, and gather data for a drive of that type. If this fails, the drive cannot be accessed through the NVMe interface.
  3. Next, it attempts to instantiate an ATA device object. If this fails, it cannot be accessed through the ATA command set.
  4. Next, it attempts to instantiate a SCSI device object whose constructor performs a SCSI inquiry. This gathers the following data:
    a. Drive model information d. Serial Number
    b. Manufacturer e. Drive Capacity
    c. Model name

  5. If this fails, the process terminates.
  6. Once basic data about the device is gathered, additional SCSI inquiries are run to determine additional information about the device. When the process completes for each device, the data is cached for use in the GUI.

Drive Erasure

The steps necessary to wipe a drive that is a candidate for erasure are listed below:

  1. Boot and Display the target device.
  2. In order to wipe a target, a wipe pattern must be selected from a pre-defined list. A wipe pattern consists of disk operations. The following disk operations are supported:

    Performed Prior:

    • ATA REMOVE HPA
    • ATA REMOVE DCO
    • ATA REMOVE ACCESSIBLE
    • MAX ADDRESS

    Performed In Conjuction

    • Write value
    • Verify value
    • Write random
    • Verify random
    • Firmware-based commands (e.g. Enhanced Secure Erase, Sanitize Device)

  3. The administrator definable wipe pattern inserts operations as necessary to identify a valid license is present and decrement the number of licenses remaining.
  4. The wipe pattern sequence is executed against each target device in order.
  5. During the execution of the wipe pattern sequence, progress is displayed to the UI.
  6. Once all drives are wiped, if audit logging was configured, put the logging data in the appropriate log.

WipeDrive certifies that when a success is reached on a wipe, all data on the SSD, NVMe and hard drives has been eradicated.

Conclusion

The commands, architecture and processes that WipeDrive implements allows the eradication of data on platter-based, solid-state, and NVMe drives. These functions require sophisticated communication between the hardware components. This communication would not be possible without advanced compatibility with all hardware manufacturers. WipeDrive's competitive advantage is it's longevity in the data erasure industry and the ability to perform properly on all drives it encounters. Not only is WipeDrive compatible with more hardware systems than anyone else, it has been evaluated and certified for implementation by government, military, corporate and personal use.

WipeDrive Enterprise provides clients with the freedom to manage their audit reports and customize their builds. With global certifications and a proven data sanitization solution by many of the largest corporations in the world, WipeDrive provides trust that all data is securely expunge on platter-based, flash-based and NVMe drives and USB sticks. Find out why more corporations and organizations use WipeDrive than any other data tool, contact our Sales Team at 801.224.8900.