DATA SANITIZATION METHODS
BS-1493 Hybrid Technology

Disinfection of data involves permanent deletion of data from the devices where it is stored to ensure that it cannot be restored. Digital data sanitation allows media to be cleaned so that there is no residual information on the devices. This would impede the possibility of data recovery, even if hardware and software tools are used to recover destroyed information. There are four main methods of data disinfection: Data masking; Random encryption crytical information; Data destruction; The data storages physical destruction. File Destroyer Manager (FDM) uses both standard and hybrid (such as BS-1493 M) technology solutions for data sanitation.

DATA DESTRUCTION
NIST PROJECT Special Publication 800-90C

This technique uses software to record a set of random bytes for each free sector of the disk which is used to store critical information.

This process ensures that the possibility of recovering the deleted data using specialized software or hardware means will be avoided.

This is a very reliable form of sanitation because it confirms that 100% of the data has been replaced, at the byte level. It is also possible to generate system reports that prove that the data have been successfully disinfected.

The advantage of this method compared to physical destruction is that it does not destroy the device and allows it to be sold or reused.

The downside of data deletion, however, is that it is a time-consuming process and difficult to do without restricting access to the device.

SECURE HASH FUNCTIONS
Secure hash standard (SHS) - FIPS 180-4

Any change in files or databases, with a very high probability, will lead to changes not only in the content but also in their hash functions, which are used as a basic control element.

This property is useful in generating and verifying digital signatures, files, critical data, authentication, and in generating random numbers or bits. Any algorithm using this method involves two main stages: Preprocessing; Calculation of the hash function. Algorithms differ in the strength of the security they guarantee. Other significant differences are the size of the blocks and the resulting final result. The calculation of the hash function for each of the files to be destoed is an essential element of the information destryction process. This issue is discussed in detail in the technical documentation of the application.

KEY DEVIATION FUNCTIONS (KDF)
NIST SP 800-108

Кey derivation function (KDF) is a cryptographic algorithm that derives one or more secret keys from a secret value such as a master key, a password, or a passphrase using a pseudorandom function (which typically uses a cryptographic hash function or block cipher).

KDF's can be used to stretch keys into longer keys or to obtain keys of a required format. The original use for a KDF is key derivation, the generation of keys from secret passwords or passphrases.

Variations on this theme include:

• In conjunction with non-secret parameters to derive one or more keys from a common secret value (which is sometimes also referred to as "key diversification"). Such use may prevent an attacker who obtains a derived key from learning useful information about either the input secret value or any of the other derived keys. A KDF may also be used to ensure that derived keys have other desirable properties, such as avoiding "weak keys" in some specific encryption systems.


• As components of multiparty key-agreement protocols. Examples of such key derivation functions include KDF1, defined in IEEE Std 1363-2000, and similar functions in ANSI X9.42.


• To derive keys from secret passwords or passphrases (a password-based KDF).


• To derive keys of different length from the ones provided: one example of KDFs designed for this purpose is HKDF.

Note: In FDM, all functions related to the generation of crypto-attack-resistant secret keys are fully automated and in many cases invisible to the user.

DATA RANDOM ENCRYPTION
BS-2247 hybrid technology

BS-2247 is A hybrid cryptographic method that uses a random configuration of base crypto primitives.

The secret key is generated based on a randomly selected KDF function and is destroyed after the process is completed.

Random encryption is a fast and effective way to hybrid sanitize storage devices. It is best suited for removable or mobile storage devices, or those that contain highly sensitive information.

File Destroyer Manager (FDM) uses specialized encryption technology that is independent of the hardware and operating system used.

All processes are fully automated and exclude human intervention, which practically reduces the probability of error to a minimum.

Files and Folders Destruction Manager
FDM II