Sanitisation Process

From Glitchdata
Jump to navigation Jump to search


  • Planning
    • Classification of the Asset? Value of Asset?
      • Each sanitisation takes time and cost, so managing scope is important.
    • Does it have valuable information?
    • Public-accessible machines may not need sanitisation
    • Should data be destroyed? - Consider other legislative requirements? (e.g. Archive)
  • Making sure there are 2 people (one as a witness)
  • Risk during Sanitisation Process
    • Chain-of-Custody Certificate
    • Assets need to have an identity and description. Used for destruction certificates.
  • Items
    • Harddrives
    • Memory
    • Bluetooth Headsets might have data stored (e.g. keys)
    • Monitor (burn-in)
    • EPROMs, CMOS
  • Assessment of issues in equipment
    • SSD self-encryption
  • Destruction Certificate
    • Destruction Method
      • Sledge hammer
      • Mini Furnace
      • Media Overwrite (DBAN)
  • Validation Assessment?