Disk Overwrite or Wipeout Best Practice

An online search shows majority of tools available for wiping out data on a disk points to a practice of 7 wipes. They believe that it is a US DoD requirement. Some of them support the Gutmann method of 35 wipes.

However, I could not find any documentation on US government website that indicates seven wipes. The US DoD 5220.22-M, “National Industrial Security Program Operating Manual that most online tools refers to does not have any requirements of number of wipe passes. However, I found a wiki page on Data Remanence that has enough citation and it contains the following –

“As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing  or physical destruction is acceptable for the latter.[4]

On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): “Studies have shown that most of today’s media can be effectively cleared by one overwrite” and “for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged.”[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes “has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. “[5]

I also found a good reference in the IT Security Guidance document at  Canadian RCMP website. Section 2.3.2 in it says –

Overwriting as a Stand-Alone Method. For magnetic storage media such as hard disks and tape, etc, triple overwrite is recognized as a stand-alone method for destruction of data at the level of Protected B and below, and may be deemed suitable for Confidential as well.

Overwriting in Combination with Other Destructive Methods . For magnetic storage media that contains Protected C or Classified information higher than Confidential, triple overwrite is not suitable as a standalone data destruction method. However, in combination with other incomplete destruction procedures such as disintegration or shredding, a triple overwrite may provide additional assurance that information is destroyed beyond reasonable hope of recovery.

From the research above, I believe if you want to wipeout a disk that contains non-sensitive information, then one pass is more than enough. However if you are dealing with information that is sensitive, you may need at least 3 passes coupled with other sanitization techniques. Overwriting or wipeout is writing the whole drive with a pattern of characters, whereas sanitization is complete destruction of information and probably the media too. Sensitivity of information depends on the information classification of each organization.