Skip to main content
Revy's Tech Journey, powered by Revtek
Back to Study
A+ Core 2 · CompTIA 220-1202 V15 · Objective C2-2.9

Compare and contrast common data destruction and disposal methods

Drill flashcardsFocused quizBrowse all objectives (sidebar view)

Objective 2.9: Compare and contrast common data destruction and disposal methods

Cert: CompTIA A+ Core 2 (220-1202) V15 Domain: 2.0 Security Weight: Part of the 28% Security domain Depth: Compare and contrast. The candidate must pick the right destruction method for the data sensitivity level and recognize the regulatory/environmental dimensions.

What this objective tests

You should know the physical destruction methods, the software-based erasure methods, the difference between standard format and low-level format, and the role of third-party certified destruction.

Key facts

Drilling:

  • Drill holes through the drive platters (HDDs) or NAND chips (SSDs).
  • Quick, low-cost physical destruction. Acceptable for moderate-sensitivity data.

Shredding (drive shredding):

  • Industrial shredder cuts the drive into small fragments.
  • High security; data is unrecoverable. Common in regulated industries.

Degaussing:

  • Strong magnetic field erases data on magnetic media (HDDs, tape).
  • Does NOT work on SSDs (no magnetic storage). Common mistake on the exam.
  • Effective on HDDs and renders the drive unusable.

Incineration:

  • Burns the drive completely.
  • Strongest physical destruction; requires specialized facility for safe disposal of fumes and residue.
  • Common for the most sensitive data; certified incineration services exist.

Erasing / wiping:

  • Software-based overwrite of all sectors with random data or zeros.
  • DoD 5220.22-M (multi-pass) is the historically cited standard. Modern guidance (NIST SP 800-88) accepts single-pass overwrite on modern drives.
  • Tools: DBAN (legacy), Microsoft's built-in cipher /w, Blancco (commercial), drive vendor tools (Secure Erase command for SSDs).
  • Effective on HDDs. SSDs require the drive's own Secure Erase command (overwriting doesn't reliably hit all NAND cells).

Low-level formatting:

  • Historically: physical formatting at the factory that lays down sector boundaries.
  • In modern usage often refers to a thorough vendor-tool wipe that approaches the drive at a deeper level than file-system formatting.
  • Modern drives can't really be "low-level formatted" by end users in the original sense.

Standard formatting:

  • Filesystem-level format (NTFS, exFAT, etc.). Resets the filesystem structures.
  • Quick format: writes a new filesystem header only; data still recoverable until overwritten.
  • Full format: writes zeros across the partition (Windows since Vista) and checks for bad sectors. Adequate for moderate sensitivity, but professional recovery may still pull data fragments.
  • NOT equivalent to a secure wipe. Use a real erase tool for sensitive data.

Recycling / repurposing best practices:

  • After secure wipe (or physical destruction for high sensitivity), drives can be repurposed within the organization or recycled externally.
  • Document the disposition: which drive, which device, which method, who performed, when.

Third-party vendor (outsourced destruction):

  • Specialized services provide pickup, on-site or off-site destruction, and a certificate of destruction.
  • Examples: Iron Mountain, Shred-it (data destruction services).

Certification of destruction / recycling:

  • Formal document from the destruction vendor confirming what was destroyed, how, when.
  • Required by many compliance frameworks for audit evidence.

Regulatory and environmental requirements:

  • Regulations may dictate destruction methods (e.g., HIPAA requires media containing PHI to be rendered unusable and indecipherable).
  • Environmental requirements: e-waste recycling rules; some jurisdictions ban landfill disposal of electronics.
  • Lithium batteries in modern drives/devices have specific disposal requirements (fire risk in standard waste streams).

Common gotchas

  • Degaussing an SSD. Doesn't work. SSDs use NAND flash, not magnetic media. The drive looks degaussed but the data persists.
  • Quick format treated as secure. Quick format leaves data recoverable. For sensitive data, full format minimum, real erase tool better.
  • Wiping an SSD via random-write tool. Wear leveling means some NAND cells may not get overwritten. Use the SSD's Secure Erase command (vendor tool or hdparm on Linux) instead.
  • Drives donated without wiping. Common breach scenario. Old drives end up on eBay with company data intact.
  • No certificate of destruction kept. Audit comes through, no evidence that drives were destroyed properly.
  • Drilling SSDs is less reliable than HDDs. Drilling an HDD destroys the platters; drilling an SSD might miss NAND chips. Shred or crush SSDs for higher confidence.

Real-world context

Destruction method by data sensitivity:

  • Public/low sensitivity (marketing files, old test data): standard format, donate or recycle.
  • Internal/moderate sensitivity (employee documents, project files): software wipe (NIST 800-88 single pass) or full format then recycle.
  • Confidential/sensitive (financial records, customer PII): software wipe via vendor tool OR physical destruction (drilling). Document.
  • Restricted/high sensitivity (PHI, classified, financial wire details): physical destruction (shredding, incineration) with certificate. Don't reuse the drives.

Process for an MSP retiring client equipment:

  1. Inventory the device serial + drive serial.
  2. Pick destruction method based on sensitivity.
  3. Execute (in-house or via certified vendor).
  4. Receive/produce certificate of destruction.
  5. Document in asset management system.
  6. Recycle the chassis/non-data components through e-waste channel.

For SSD-specific notes:

  • Use vendor's Secure Erase utility (Samsung Magician, Crucial Storage Executive, etc.) which issues the ATA Secure Erase command.
  • Or use the nvme format command for NVMe drives (Linux/Windows with appropriate tooling).
  • Physical destruction (shredding) is more certain than software-only erase for highest-sensitivity SSDs.

Sources

  • [CompTIA A+ 220-1202 Exam Objectives Version 4.0, Section 2.9](../../../../../../30-RevyTechJourney/CompTIA%20A%2B%20220-1202%20Exam%20Objectives%20%284.0%29.pdf)
  • [NIST SP 800-88: Guidelines for Media Sanitization](https://csrc.nist.gov/pubs/sp/800/88/r1/final)
  • [HHS: HIPAA Disposal of PHI](https://www.hhs.gov/hipaa/for-professionals/faq/disposal-of-protected-health-information/index.html)
  • [EPA: Electronics Donation and Recycling](https://www.epa.gov/recycle/electronics-donation-and-recycling)