The Need for Proper Media Sanitization

Quote, NIST Computer Security 800-88r1: “Media sanitization is one key element in assuring confidentiality. Confidentiality is defined as “preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information…” Additionally, “a loss of confidentiality is the unauthorized disclosure of information.” Protect your clients’ data through standardized wiping that you can trust that can also be implemented how you need it to be.
Destroy renders target data recovery (using state-of-the-art laboratory techniques) infeasible and results in the subsequent inability to use the media for storage of data.

Data sanitization is a specific way in which a data destruction program or file shredder overwrites the data on a hard drive or other storage device. Data sanitization methods are also often referred to as data erasure methods, data wipe methods, wipe algorithms, and data wipe standards.

ADISA Certified Disk Wipe Process

Softthinks’ data sanitization module got ADISA certified in 2015 and 2019 (level 2)

ADISA Product Claims Testing Certificate

Wipe protocols supported

We support the 18 most popular wiping protocols which can be chained and dynamically replaced if not supported.

Standard Wipe Passes Description Last Pass Result
Basic 0 1 Pass
A single pass wipe that writes zeros to every sector, to overwrite data. This is the simplest and fastest form of wiping. This is has been ADISA certified 100% free of recoverable data.
All Zeros on drive
Basic Random Character 1 or 2 Passes
This wipe process overwrites data with a random, instead of static, pattern. Each sector of the drive will contain different data.
Drive will contain random characters
NIST 800-88 1 Pass
We offer 4 variations to this Sanitization process that adhere to this standard that include NIST800-88 Sanitize, Secure erase, Enhanced Secure Erase and Clear with 0. The Sanitize NIST 800-88, Secure Erase and Enhanced Secure Erase use firmware commands to trigger a Purge on the Drive. NIST800-88 Sanitize, Secure Erase and Enhanced Secure Eraser put less strain on SSD Drives during wiping and on average take 30-60 seconds to perform.
Clear 0 writes all zeros whereas other methods write a specific data set per HD MFG specifications
U.S. Standard, DoD 5220.22-M 3 Passes
The US Department of Defense Wipe Method is a 3-pass system that writes zeros, then writes ones and finally writes random characters. Each pass gets a write verification. This is the most common method used for wiping and referenced.
Drive will contain random characters
U.S. Standard, DoD 5220.22-M € 3 Passes
This wipe process is a variation of the U.S. Standard, DoD 5220.22-M that uses a fixed value to overwrite on its first pass, then uses a complimentary value of the first run, and finally using random characters to overwrite on the last pass.
Drive will contain random characters
U.S. Standard, DoD 5220.22-M (ECE) 7 Passes
This wipe process is an extended 7-pass version of the DoD 5220.22-M. It runs the DoD 5220.22-M, then (DoD 5220.22-M Standard) and then DoD 5220.22 –M again.
Drive will contain random characters
US Army AR380-19 3 Passes
This 3 pass standard does several passes of alternating zeros and ones and then finishes with random characters.
Drive will contain random characters
Peter Gutmann 35 Passes
This 35 step wipe process, designed by computer scientist, Peter Gutmann, consists of a lead-in of four random write patterns, followed by patterns 5 to 31, executed in a random order, and a lead-out of four more random patterns.
Drive will contain random characters
Bruce Schneier 7 Passes
This 7-step wipe process, designed by security technologist Bruce Schneier, that overwrites data using 1’s, 0’s and a long strings of random characters.
Drive will contain random characters
German VSITR 7 Passes
This 7-step wipe process, that overwrites data using 1’s, 0’s and then overwrites with a random character. It is a standard designed by the Verschlusssache IT Richtlinien (VSITR), roughly translated as (Classified IT Policies), was originally defined by Bundesamt für Sicherheit in der Informationstechnik (BSI), the German Federal Office for Information Security.
Drive will contain random characters
Russian GOST P50739-95 1 or 2 Passes
Is a sanitation process that is implemented in usually 2 different ways, 2-pass process that first write zeros and then writes random characters. It can also be implemented by just writing random characters.
Drive will contain random characters
NAVSO P-5239-26 RLL & MFM 3 Passes
Published by the US Navy, this 3-pass system uses a specified character and its complement in addition to random characters in an overwriting pattern. It is followed by a verification of the write of the random characters.
Drive will contain random characters
Canadian RCMP TSSIT OPS-II 7 Passes
The Royal Canadian Mounted Police erasure method uses writing zeros, secure erase and random characters in a 7-part erasure process that includes verification of the write.
Drive will contain random characters
US Air Force 5020 3 Passes
Originally defined by the United States Air Force includes writing zeros, writing ones and then writing random characters that includes a final verification of the write.
Drive will contain random characters
U.S. Standard, DOE M205.1-2 3 Passes
The Department of Energy eraser method is a 3-part erasure process uses writing random characters on multiple passes and one final writing of zeros with verification of the write.
All Zeros on drive


We can provide all the features you would need.

Device Configuration Overlay (DCO)

A Device Configuration Overlay (DCO) is an area on a drive that is used by manufacturers for configuring drives of varying capacities to exhibit the exact same storage volume from the perspective of the OS. This is most commonly done to shrink the larger capacities to match smaller ones when distributing various models across a product series. Softthinks offers the ability to delete the DCO and as a result resetting the drive back to the Hard Drive Manufacturer original capacity.

Host Protected Area (HPA)

A HPA is an area of memory on drives that normally are not readily visible to a computer’s operating system. Most of the time, clients don’t use this memory for storing customer information because it is not easily modified, changed, or accessed by the user, BIOS, or the OS. This is often a hidden area of the drive to protect manufacturer files but may no longer be needed if the drive is repurposed. HPA’s require special tools to access the data within. Sometimes computer owners do get into the HPA and store personal files or there have been instances of malware hiding in the protected area, making it difficult to remove. Softthinks offers the ability to either deactivate the HPA momentarily while we wipe a drive or delete the HPA entirely.


Softthinks offers the ability to load a hexadecimal thumbprint on drives after they have been wiped of data. These can include company information, wipe protocol, data and time stamps and other custom information. It is most commonly store on the first sector of the drive and is only visible with a specialized Hex viewing software. It is often used when a company wants forensic results that data was wiped on the drive with very little capacity impacted.

Bootloader Report

Softthinks also offers the ability to have a bootloader report placed on the drive right after a wipe is performed that includes date wiped, pc hardware of the machine the hard drive was wiped in, wipe protocol and result, rounds of eraser, and more. This shows on the screen anytime a hard drive is booted until the drive until the drive is repurposed e like loading an operating system. This featured is often used for auditing the wipe process within their own quality assurance processes.

Rounds of Eraser

Softthinks offers the ability to implement multiple eraser rounds during a data destruction wipe. An example would be when a client wants a U.S. Standard, DoD 5220.22-M € that results with random characters, but also wants the drives to have zeros written afterwards for auditing. Each step is recorded and reported if eraser rounds feature is used.

Force Secure/Enhanced Secure Erase

Softthinks also offers the Secure Erase or Enhanced Secure erase with rollback to a chosen wipe protocol (example: U.S. Standard, DoD 5220.22-M €), if the drive doesn't support either of the purge methods.

Secure Erase for Storage over Network (SAN) Support

A storage area network (SAN) is a dedicated, high-speed network made up of multiple storage devices that provides access to block-level storage. Softthinks provides support in our wiping software, when requested, to wipe drives from these networks.

SMART Drive and Customized Wipe Reporting

Softthinks has the ability to provide detailed wipe certificates that can include multiple drive destruction, drive type, interface, system properties, SMART diagnostics results that are drive MFG dependent, System diagnostics, customer asset references, etc.